Skip to main content
Mathieu_Fortin
Mathieu_Fortin
Inspiring
April 28, 2016
Question

OCSP Archive Cutoff

  • April 28, 2016
  • 1 reply
  • 972 views

Hi all

Does Acrobat supports the "Archive Cutoff" extension in an OCSP response when validating an expired signature ? Can't seem to make it work, that is Acrobat revocation validation fails with "OCSP response expired or not yet valid". The Archive cutoff does not seem to be taken into account.

Thanks for any help

    This topic has been closed for replies.

    1 reply

    I
    IsakTen-RwIoo2
    Inspiring
    May 2, 2016

    AFAIK Acrobat supports the "Archive Cutoff" extension in an OCSP response. Do you validate your signature at the signing time or at the current time? In your environment where does Acrobat get the OCSP response with the "Archive Cutoff" extension from? Is it obtained online or cached somewhere?

    Mathieu_Fortin
    Mathieu_FortinAuthor
    Inspiring
    May 3, 2016

    validation is done at signing time and its using an ocsp response embedded in the document (DSS). The response was embedded after the certificate expired. Validation fails with "OCSP response expired or not yet valid" even though an archive cutoff extension is present, with value prior to certificate expiration.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices