These forums are now Read Only. If you have an Acrobat question, ask questions and get help from one of our experts.

Digital signature verification error

Forum Index > Security > Digital signature verification error
2007-10-19 08:46:09
DSager
Registered: Oct 19 2007
Posts: 2

Acrobat Professional 8 using an external digital signature ( Verisign, Thawte, Entrust, etc.)

When viewing a digitally signed PDF, a question mark icon is displayed. The error is a CRL download error. The error message is “No LDAP server is specified in the preferences”. Without this LDAP directory no CRL checking can be done. How does one specify the LDAP server where the CRL is located?

The Security Settings -- Directory Servers specification does not seem to be the solution. I have added the LDAP server here, with no different results.

Top
2007-10-22 10:06:57
#1
lkassuba
ExpertTeam
Registered: Jun 28 2007
Posts: 3636
Check under Edit -->Preferences under the Security panel. On the Security panel click Advanced Preferences. You can set your digital signature preference here.To add LDAP search directories go to Advanced --> Manage Trusted Identities. You can add contacts and certificate search directories here.

Lori Kassuba is an AUC Expert and Community Manager for AcrobatUsers.com.

Top
2007-11-07 15:04:04
#2
rrelph
Registered: Nov 7 2007
Posts: 5
Normally, the addresses to do CRL or OCSP certification validation checks are in the certificate itself. Certainly Verisign certs have the necessary information in them to do validation without having to configure an LDAP server. So I guess the question is, which certificate provider are you using and why aren't they putting the CRL and/or OCSP revocation check information in the certificate?
Top
2007-12-17 08:30:22
#3
jbharris
Expert
Registered: Dec 17 2007
Posts: 18
The question mark you are seeing is do to a lack of 'trust' in the certificate. You will need to configure trust for this certificate, in the Managed Trusted Identities dialog. You can also get more information on this in the Digital Signature Guide posted at: http://www.adobe.com/go/acrobat_security .

Note that ONLY Certified Document Services (CDS) certificates from Verisign and other companies ( http://www.adobe.com/security/partners_cds.php ) automatically include the OCSP and timestamp identifiers built into the certificates. Others may choose to, but are not required.

-John B Harris, Adobe

Top