In recent operating systems, Reader does not validate OCSP server automatically

Report · Oct 17, 2025

Hello.

I have been signing PDF's using an entity that generates qualified digital signatures.

Using the latest version of Reader, if I open the signed PDf's in older OS like 2012r2 or W7, Reader connects automatically to the ocsp address to check for it. From that moment onwards, the signature of either the the first signed PDF or other PDF's is considered valid. If I open them, eg, in Windows 11, it does not do that and I have to add the entitiy as a trusted certificate in order to validate successfully.

Since I send these PDF's to other people, it is somehow difficult to ask them to do this.

What can I do to solve this?

Thanks.

Report · Oct 17, 2025

Is it possible that you had installed some intermediate certificates related to your signer certificate (e.g. as part of some customized signing solution) on the computers with the older OSs but not on the computers with windows 11?

Which detailed explanation exactly does Acrobat on Windows 11 give for not validating the signature positively? (You may have to dig deep in the signature dialogs for that.)

Can you probably share an example PDF to reproduce the issue?

Report · Oct 17, 2025

Hello.

Thanks for your reply.

In terms of 2012r2 I tried it also in a VM, with the same result.

Report · Oct 18, 2025

Please ignore the document of my previous reply, use this one instead (i uploaded the wrong one yesterday).

Thanks.