• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
1

LTV is not enabled eventhough OCSP and CRL added

New Here ,
Jul 31, 2023 Jul 31, 2023

Copy link to clipboard

Copied

Hi Adobe support team,

I have a strange situation where I used iText to digitally sign a PDF (deferred signing), after that I used LtvVerification class to add OCSP and CRL. Then I opened the file in Adobe Acrobat Reader and saw that OCSP and CRL was embedded

 

nguyn31400769n1do_0-1690795136402.png

nguyn31400769n1do_1-1690795149228.png

but LTV is still not enabled:

nguyn31400769n1do_2-1690795192229.png

I have attached my file, could you please have a look and see what's wrong?

Thank you!

TOPICS
Edit and convert PDFs , Security digital signatures and esignatures

Views

637

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Advocate ,
Aug 02, 2023 Aug 02, 2023

Copy link to clipboard

Copied

LATEST

The certificate whose revocation information are missing is the OCSP responder certificate.

When you are in the situation of viewing the revocation information of the signer certificate, please press the "Signer Details..." button. You'll see something similar to this:

MikelKlink_0-1690971210532.png

So the revocation information are missing for this certificate.

By the way, this certificate actually is fairly unusual, often OCSP responder certificates include the extension id-pkix-ocsp-nocheck which specify that an OCSP client can trust a responder for the lifetime of the responder's certificate, no additional checks needed. 

Another specialty is that the OCSP responder certificate contains an AIA entry with an OCSP entry for retrieving revocation information... But if one asks that responder, the answer is signed again by the OCSP responder certificate in question. That response onbiously is not helpful; depending on the OCSP client software, it can even result in a neverending loop of OCSP requests...

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines