Sorry to revive an old thread but we seem to be running into the exact same issue. We have a signed PDF which validates on machines with a direct connection to the internet. However at our company this same PDF does not validate using Adobe Acrobat reader version 9.x. The retrieval of the Adobe Approved Trust List (AATL) words fine as it uses the Windows proxy settings as configured in Internet Explorer.
However, it seems that the http request for checking the Certificate Revocation List (DRL) when validating the signatures from the PDF is not using these proxy settings. This results in the fact that Adobe Acrobat Reader can not check if the certificates from the PDF are revoked and Adobe Acrobat Reader can not validate the PDF.
The CRL check works fine in Adobe Acrobat Reader version 10 (X), But we plan to use certified PDF's as a public service so we need broad support for this feature, also for use within other companies that have Adobe Acrobat Reader version 9.
Could this bug be verified by Adobe and tell me if there is a fix for it.
For information : we had to open non-authentificadted access to the CRL Url in our firewalls. No response from Adobe...
For reference: Adobe has acknowledged that Adobe version 9 does not use the OS proxy settings. Below a formal reaction from Adobe. We have decided to set Adobe Reader X as requirement for our users and not walk the path of submitting a support ticket.
Acrobat has different methods implemented to access resources on the Web, some use the OS native Internet sockets (thus leveraging the OS ability to manage authenticated navigation through proxies), some are directly managed by the Acrobat code, like in case of revocation information checking.
The last patch to Acrobat/Reader X (10.1.1) which has been released a few weeks ago has added full support to this, so as the user has noticed this now works in X. I don’t think this has been ported back in version 9.x patches as well, and I don’t know how much the effort would be to port it if required by customers.
I don’t know if the case is business critical, but if so then opening a CCR would be the right path to have the fix regressed to version 9 as well.