Highlighted

Adobe fails signature verification due to CRL network error

New Here ,
Nov 19, 2020

Copy link to clipboard

Copied

Hi,

I'm running Adobe Reader DC 2020.013.20064 in an enterprise environment.
We have issued personal certificates for the purpose of signing documents through our internal Certificate Authority.

Signed documents are failing verification with the following diagnostic:
"The validity of the document is UNKNOWN. The author could not be verified."

"An attempt was made to determine whether the certificate is valid by checking whether it appeared in any Certificate Revocation Lists (CRLs)."

"An attempt was made to determine whether the certificate is valid by checking whether it appeared in any Certificate Revocation Lists (CRLs)"

"CRL Download error, Location ldap:///xxxx Cannot connect to server."

 

The CRL published by the signing certificate is valid, and can be verified with certutil -URL ldap:///xxx

showing both main and delta as OK - this results in network traffic on port 389 (LDAP).

Verifying signatures in Adobe results in no LDAP network traffic.


Am I missing a security option / registry setting which would make Adobe ignore LDAP certs?
Do I have to publish them with HTTP as well?

 

Thanks in advance,
M

TOPICS
General troubleshooting, Security digital signatures and esignatures

Views

32

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Adobe fails signature verification due to CRL network error

New Here ,
Nov 19, 2020

Copy link to clipboard

Copied

Hi,

I'm running Adobe Reader DC 2020.013.20064 in an enterprise environment.
We have issued personal certificates for the purpose of signing documents through our internal Certificate Authority.

Signed documents are failing verification with the following diagnostic:
"The validity of the document is UNKNOWN. The author could not be verified."

"An attempt was made to determine whether the certificate is valid by checking whether it appeared in any Certificate Revocation Lists (CRLs)."

"An attempt was made to determine whether the certificate is valid by checking whether it appeared in any Certificate Revocation Lists (CRLs)"

"CRL Download error, Location ldap:///xxxx Cannot connect to server."

 

The CRL published by the signing certificate is valid, and can be verified with certutil -URL ldap:///xxx

showing both main and delta as OK - this results in network traffic on port 389 (LDAP).

Verifying signatures in Adobe results in no LDAP network traffic.


Am I missing a security option / registry setting which would make Adobe ignore LDAP certs?
Do I have to publish them with HTTP as well?

 

Thanks in advance,
M

TOPICS
General troubleshooting, Security digital signatures and esignatures

Views

33

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Nov 19, 2020 0

Have something to add?

Join the conversation