4 Replies Latest reply on Feb 7, 2012 11:40 AM by ArimosDJ

    Adobe Acrobat Digital Signatures with certificate issued by MS AD CS problem




      I have a Windows XP Pro workstation with Service Pack 3.  I'm using Adobe Acrobat 9 Standard.  Recently our company deployed AD CS (Windows 2008 R2 Standard) and deployed user certificates.  In Adobe Acrobat, I've selected the following option Edit/Preferences/Security/Advanced Preferences/Windows Integration and selected the three options: Enabled searching the Windows Certificate Store for certificates other than yours, Validating Signatures and Validating Certified Documents option under Trust ALL root certificates in the Windows Certificate Store for the following operations".


      When I click on Tools/Place Signature and drag the cross hair to create a signature box, the Sign Document window appears and selects the appropriate certificate that I received from my company's AD CS.  Once I'm done signing, I get the "At least one signature has problems" message.  I go into the Certificate Viewer, in the Revocation tab, and see the following:


      "Problem determing whether the selected certificate is valid"


      In the details section:


      "An attempt was made to determine whether the certificate is valid by checking whther it appeared in any Certificate Revocation Lists (CRLs).  Click Problems to view the problems that were encountered while performing this revocation check."


      At the bottom, it reads "The sected certifcate path is valid".


      I click on the "Problems encountered..." button and see the following message:


      CRL Download error

           Location: http://someservername/CertEnroll/something.crl

           Unable to connect to remote server


      CRL Download error

           Location: http://someservername.FQDN.com/CertEnroll/something.crl 

           Unable to connect to remote server


      I can take the Location URIs and paste it into a web browser, see that I do not receive any access denied and able to download the CRL.  I click on Start, Run, then certmgr.msc and see that my certificate location within the information store/personal/certificate container.  I'm able to open this up and see that there aren't any issues with the certificate - "This certificate is OK".  I am able to access the URIs in the CRL Distribution Points and Authority Information Access without any issues.


      How do I go about troubleshooting why Adobe Acrobat can not see the CRL defined in my certificate?  Any help or suggestions will be great.  Thank you.