2 Replies Latest reply: Feb 15, 2012 8:13 AM by fergrgr RSS

    Cannot submit web filing form using acroread version 9.4.2 02/11/2011

    anonym0u5

      Hello there.

      I am running Fedora14 fully updated.

       

      If I complete the interactive pdf form supplied by  Companies House in the United Kingdom I get the following error message.

       

      "

      SSL Error!!!. Please install the CA certificate(s) for SSL communication.
      If certificate resides on local disk, try "acroread -installCertificate [-PEM|
      -DER] [pathname]" on tyhe command line.
      If certificate resides on the server, try "acroread -installCertificate ewf.companieshouse.gov.uk 443" on command line.
      "

       

      So checked I the firewall settings.

       

      Chain INPUT (policy ACCEPT)
      target     prot opt source               destination        
      ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
      ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
      ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
      ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
      ACCEPT     icmp --  anywhere             anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ssh
      ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:http
      ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:https
      ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ipp
      ACCEPT     udp  --  anywhere             224.0.0.251         state NEW udp dpt:mdns
      ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:ipp
      ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:ipp
      ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpts:6881:6889
      ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpts:6881:6889
      ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:56849
      ACCEPT     tcp  --  anywhere             anywhere            state NEW tcp dpt:56849
      ACCEPT     udp  --  anywhere             anywhere            state NEW udp dpt:snmp
      REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

       

      Chain FORWARD (policy ACCEPT)
      target     prot opt source               destination        
      ACCEPT     all  --  anywhere             192.168.122.0/24    state RELATED,ESTABLISHED
      ACCEPT     all  --  192.168.122.0/24     anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
      REJECT     all  --  anywhere             anywhere            reject-with icmp-port-unreachable
      ACCEPT     all  --  anywhere             anywhere            PHYSDEV match --physdev-is-bridged
      ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
      ACCEPT     icmp --  anywhere             anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      ACCEPT     all  --  anywhere             anywhere           
      REJECT     all  --  anywhere             anywhere            reject-with icmp-host-prohibited

       

      Chain OUTPUT (policy ACCEPT)
      target     prot opt source               destination

       

      Which looks ok to me.

       

      [user@k8 tv]$ acroread -installCertificate ewf.companieshouse.gov.uk 443
      Fetching certificate from website....
      depth=2 C = US, ST = UT, L = Salt Lake City, O = The USERTRUST Network, OU = http://www.usertrust.com, CN = UTN-USERFirst-Hardware
      verify return:1
      depth=1 C = IE, ST = Dublin, L = Dublin, O = Digi-Sign Limited, OU = Terms and Conditions of use: http://www.digi-sign.com/repository, CN = Digi-Sign CA Digi-SSL Xp
      verify return:1
      depth=0 C = GB, ST = Wales, L = Cardiff, O = Companies House, OU = Web Filing, OU = Provided by Digi-Sign Limited, OU = Digi-SSL Xp, CN = ewf.companieshouse.gov.uk
      verify return:1
      DONE
      Processing ....
      The website presented the following Certificate

       

      Certificate:
          Data:
              Version: 3 (0x2)
              Serial Number:
                  07:a4:23:f4:cc:ef:4e:e9:d5:89:76:b4:ee:2f:4c:4b
              Signature Algorithm: sha1WithRSAEncryption
              Issuer: C=IE, ST=Dublin, L=Dublin, O=Digi-Sign Limited, OU=Terms and Conditions of use: http://www.digi-sign.com/reposi
      tory, CN=Digi-Sign CA Digi-SSL Xp
              Validity
                  Not Before: Jul 26 00:00:00 2009 GMT
                  Not After : Jul 26 23:59:59 2011 GMT
              Subject: C=GB, ST=Wales, L=Cardiff, O=Companies House, OU=Web Filing, OU=Provided by Digi-Sign Limited, OU=Digi-SSL Xp,
      CN=ewf.companieshouse.gov.uk
              Subject Public Key Info:
                  Public Key Algorithm: rsaEncryption
                      Public-Key: (1024 bit)
                      Modulus:
                          00:e8:68:c9:f7:4f:c5:98:18:5f:d6:34:d0:2a:3d:
                          53:f8:40:6f:4b:0a:ad:7b:d1:5c:99:85:8a:dd:19:
                          70:9d:9a:03:95:20:1d:a1:c3:9d:a9:cf:4f:10:97:
                          dc:5e:1e:c8:c0:d7:50:09:7c:e3:a5:df:48:3d:4e:
                          09:06:49:1b:ad:dc:b9:f4:42:35:ea:fd:14:e6:c9:
                          7d:2a:ef:1e:80:3f:26:cd:8e:2f:56:be:13:3c:3e:
                          f0:62:47:e2:ca:53:f8:8d:57:e7:5d:17:81:b6:1a:
                          f1:fd:1b:4a:e6:43:83:05:8a:02:92:a4:2d:57:07:
                          b8:f8:7c:8c:93:a1:09:ad:6f                                                                                 
                      Exponent: 65537 (0x10001)                                                                                      
              X509v3 extensions:                                                                                                     
                  X509v3 Authority Key Identifier:                                                                                   
                      keyid:33:5A:0B:4E:35:DA:B8:8E:87:05:64:5F:D8:EC:7D:25:98:DA:BA:3F                                              
                                                                                                                                     
                  X509v3 Subject Key Identifier:                                                                                     
                      24:CB:12:A4:AA:53:7E:96:83:80:ED:48:FB:D1:6D:CD:B8:3C:1B:BA                                                    
                  X509v3 Key Usage: critical                                                                                         
                      Digital Signature, Key Encipherment                                                                           
                  X509v3 Basic Constraints: critical                                                                                
                      CA:FALSE                                                                                                       
                  X509v3 Extended Key Usage:                                                                                         
                      TLS Web Server Authentication, TLS Web Client Authentication                                                  
                  X509v3 Certificate Policies:                                                                                       
                      Policy: 1.3.6.1.4.1.6449.1.2.2.9                                                                               
                        CPS: http://www.digi-sign.com/repository                                                                    
                                                                                                                                     
                  X509v3 CRL Distribution Points:                                                                                    
                                                                                                                                     
                      Full Name:                                                                                                     
                        URI:http://crl.digi-sign.com/DigiSignCADigiSSLXp.crl                                                        
                                                                                                                                     
                      Full Name:
                        URI:http://crl2.digi-sign.com/DigiSignCADigiSSLXp.crl

       

                  X509v3 Subject Alternative Name:
                      DNS:ewf.companieshouse.gov.uk, DNS:www.ewf.companieshouse.gov.uk
          Signature Algorithm: sha1WithRSAEncryption
              65:4d:83:e7:fa:42:f4:b2:fa:c9:bb:bb:68:56:63:39:f1:14:
              98:a8:cb:35:42:32:40:a8:4e:54:95:cd:c9:6c:31:f3:f8:74:
              00:df:80:4f:b5:61:65:06:7e:fc:a5:30:36:da:55:10:58:21:
              c6:82:ba:f0:11:42:37:5a:6e:82:16:29:be:09:d3:a6:b9:11:
              fb:f3:24:1a:ea:bb:73:ea:79:59:67:d7:bb:c8:48:51:bd:70:
              01:6e:f2:11:bd:b7:86:13:9a:e9:22:9e:3b:c1:a6:a0:78:fc:
              eb:e0:a7:2b:48:2c:26:b3:f9:f4:5b:bd:54:2f:56:83:1f:0a:
              ee:2f:50:40:7f:c7:1a:e9:07:da:cd:23:18:14:c8:46:f5:f4:
              c3:26:fa:af:12:8e:d8:ac:7a:b7:03:5c:8e:6e:23:9c:1b:ce:
              53:03:1a:8e:74:98:47:c9:c5:3a:fa:7f:d3:f6:ca:dd:a4:0b:
              50:02:40:64:cf:77:1d:72:3e:9b:4f:f9:c5:df:50:2e:90:a3:
              3d:76:62:d8:ef:99:6e:be:1a:b4:89:5e:93:89:fd:0e:f5:47:
              0b:2a:a6:08:c5:e5:6f:15:e9:82:42:ba:6a:0b:31:76:dc:d8:
              77:70:3f:0a:87:2b:b3:21:0d:4e:09:62:9f:53:14:11:b3:ec:
              0f:fb:4a:02
      -----BEGIN CERTIFICATE-----
      MIIFEjCCA/qgAwIBAgIQB6Qj9MzvTunViXa07i9MSzANBgkqhkiG9w0BAQUFADCB
      uTELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjEPMA0GA1UEBxMGRHVibGlu
      MRowGAYDVQQKExFEaWdpLVNpZ24gTGltaXRlZDFJMEcGA1UECxNAVGVybXMgYW5k
      IENvbmRpdGlvbnMgb2YgdXNlOiBodHRwOi8vd3d3LmRpZ2ktc2lnbi5jb20vcmVw
      b3NpdG9yeTEhMB8GA1UEAxMYRGlnaS1TaWduIENBIERpZ2ktU1NMIFhwMB4XDTA5
      MDcyNjAwMDAwMFoXDTExMDcyNjIzNTk1OVowgcAxCzAJBgNVBAYTAkdCMQ4wDAYD
      VQQIEwVXYWxlczEQMA4GA1UEBxMHQ2FyZGlmZjEYMBYGA1UEChMPQ29tcGFuaWVz
      IEhvdXNlMRMwEQYDVQQLEwpXZWIgRmlsaW5nMSYwJAYDVQQLEx1Qcm92aWRlZCBi
      eSBEaWdpLVNpZ24gTGltaXRlZDEUMBIGA1UECxMLRGlnaS1TU0wgWHAxIjAgBgNV
      BAMTGWV3Zi5jb21wYW5pZXNob3VzZS5nb3YudWswgZ8wDQYJKoZIhvcNAQEBBQAD
      gY0AMIGJAoGBAOhoyfdPxZgYX9Y00Co9U/hAb0sKrXvRXJmFit0ZcJ2aA5UgHaHD
      nanPTxCX3F4eyMDXUAl846XfSD1OCQZJG63cufRCNer9FObJfSrvHoA/Js2OL1a+
      Ezw+8GJH4spT+I1X510XgbYa8f0bSuZDgwWKApKkLVcHuPh8jJOhCa1vAgMBAAGj
      ggGPMIIBizAfBgNVHSMEGDAWgBQzWgtONdq4jocFZF/Y7H0lmNq6PzAdBgNVHQ4E
      FgQUJMsSpKpTfpaDgO1I+9Ftzbg8G7owDgYDVR0PAQH/BAQDAgWgMAwGA1UdEwEB
      /wQCMAAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMEsGA1UdIAREMEIw
      QAYLKwYBBAGyMQECAgkwMTAvBggrBgEFBQcCARYjaHR0cDovL3d3dy5kaWdpLXNp
      Z24uY29tL3JlcG9zaXRvcnkwegYDVR0fBHMwcTA2oDSgMoYwaHR0cDovL2NybC5k
      aWdpLXNpZ24uY29tL0RpZ2lTaWduQ0FEaWdpU1NMWHAuY3JsMDegNaAzhjFodHRw
      Oi8vY3JsMi5kaWdpLXNpZ24uY29tL0RpZ2lTaWduQ0FEaWdpU1NMWHAuY3JsMEMG
      A1UdEQQ8MDqCGWV3Zi5jb21wYW5pZXNob3VzZS5nb3YudWuCHXd3dy5ld2YuY29t
      cGFuaWVzaG91c2UuZ292LnVrMA0GCSqGSIb3DQEBBQUAA4IBAQBlTYPn+kL0svrJ
      u7toVmM58RSYqMs1QjJAqE5Ulc3JbDHz+HQA34BPtWFlBn78pTA22lUQWCHGgrrw
      EUI3Wm6CFim+CdOmuRH78yQa6rtz6nlZZ9e7yEhRvXABbvIRvbeGE5rpIp47waag
      ePzr4KcrSCwms/n0W71UL1aDHwruL1BAf8ca6QfazSMYFMhG9fTDJvqvEo7YrHq3
      A1yObiOcG85TAxqOdJhHycU6+n/T9srdpAtQAkBkz3cdcj6bT/nF31AukKM9dmLY
      75luvhq0iV6Tif0O9UcLKqYIxeVvFemCQrpqCzF23Nh3cD8KhyuzIQ1OCWKfUxQR
      s+wP+0oC
      -----END CERTIFICATE-----

       

      Do you want to accept and install it (y|n)? [n] y
      Certificate successfully installed.

       

      Which looked ok to my inexperienced glance.

       

      So I tried a resubmission.

      I got the first error dialog again, followed by a second which said:

      "

      An error occurred during the submit process. Cannot process response due to unknown content type.

      "

       

      Can anybody here help me with this at all?

      It would be a real boon to all of Britains UNIX users if anyone could suggest a way forward- as it would appear that the mandated web filing process

      is preventing all UNIX and Linux users from filing their compulsory company returns online..

       

      Thankyou.

        • 1. Re: Cannot submit web filing form using acroread version 9.4.2 02/11/2011
          danielhjames

          The solution is shown at:

           

          http://www.olamalu.com/content/fixing-adobe-acrobat-ssl-linux

           

          First, save your CT600.pdf with Ctrl+S and close acroread. Go to https://ewf.companieshouse.gov.uk/ using Firefox, click on the padlock icon in the bottom right corner, click View Certificate, then the Details tab. In the Certificate Hierarchy box, click on each of the four certificate names and click Export. You should now have four certificate files (e.g. in your Downloads directory).

           

          Open a terminal, change to the Downloads directory or wherever you put the certificates, and import each certificate in turn (as your normal user, not root):

           

          $ cd ~/Downloads

          $ acroread -installCertificate -PEM AddTrustExternalCARoot

          $ acroread -installCertificate -PEM UTN-USERFirst-Hardware

          $ acroread -installCertificate -PEM Digi-SignCADigi-SSLXp

          $ acroread -installCertificate -PEM ewf.companieshouse.gov.uk

           

          Then re-open your CT600.pdf in acroread and click the Next button to re-submit your authentication code to Companies House.

           

          Thanks to Olamalu for the tip!

          • 2. Re: Cannot submit web filing form using acroread version 9.4.2 02/11/2011
            fergrgr

            I wish to reiterate anonym0u5 concerns for this problem, but it could be a problem with Companies House.

             

            I did

             

            acroread -installCertificate -PEM ewf.companieshouse.gov.uk

            acroread -installCertificate -PEM UTN-USERFirst-Hardware

            acroread -installCertificate -PEM Digi-Sign\ CA\ Digi-SSL\ Xp

            acroread -installCertificate -PEM Builtin\ Object\ Token\:AddTrust\ External\ Root

             

            after having clicked the padlock at the top in Chrome and downloaded the certificates. Note the slight difference in file name.

             

            Screenshot at 2012-02-15 15:54:30.png

            then restarting acroread I get the above (again). So I stop it and do as it says:

            acroread -installCertificate xmlgw.companieshouse.gov.uk 443

             

            Unfortunately:

            The problem still persists. I have written to Companies House:

             

            -----

             

            Filling in my CT600 online and taking advantage of the ability to submit accounts to Companies House, I put in my company number and authentication code but then am presented by the following:

             

            Screenshot at 2012-02-15 15:54:30.png

             

            so I save the file, close Acrobat and do as it says:

            nigel@p4dx2:~/Documents/accounts/nsl/certificates$ acroread -installCertificate xmlgw.companieshouse.gov.uk443

            which eventually returns

             

            Do you want to accept and install it (y|n)? [n] y

             

            Certificate successfully installed.

             

            Then I reopen the CT600 with Acrobat. But unfortunately the same thing happens. What digital certificate is needed? Where can I find it?

             

             

            I will let this forum know of any response.