Trying to diagnose failed validation of embedded OCSP-response

Question

Hello, I am trying to diagnose a failed validation of an embedded OCSP-response.

You can find the file in question here:

And the Base64-encoded signature here:

Since the OCSP responder requires signed requests, I have to embed the response in the file.

When I look at the certificate in Adobe Reader, and check Revocation > Problems encountered, it says:

Certificate is not valid for the usage. Must sign the request.

The Revocation-section also says:

An attempt was made to determine whether the certificate is valid by doing a revocation 
check using the Online Certificate Status Protocol (OCSP).

So it seems that the embedded OCSP is skipped altogether. Any ideas what might be going wrong?

Further diagnostics

To get more details, I was trying to enable further logging. I am using Acrobat Reader DC on Mac OS.

Under Root -> DC, this is my configuration in the ~/Library/Preferences/com.adobe.Reader.plist:

https://pasteboard.co/1leCVP0vF.png

I tried different log levels (the 0xFFFFFF option described in the documentation was automatically removed by the software).

Whatever I do, I get zero output to the log file (it exists). It seems like the settings are being used though, as invalid keys are removed when i start Adobe Reader.

Tariq Ahmad · Answer

Hi prebenl46906066, Would you let us know how was the document signed? Which app and version of that were used to sign the documents? -Tariq Dar

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded