Verifying a file signed with an expired certificate (timestamped or not) causes Adobe Reader to raise strange CRL parsing error:
Note:
- the CRL is currently valid
- the errors "propagates" also on the OCSP responses
- the file is timestamped before the certificate revocation.
- the error is reproducible everytime and with different signature/CAs: personally I've tried with Frenc, Italian and Spanish signed evidences.
Below the exceprt from the CertificateViewer-->ErrorInformation window
CRL processing error
Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
This update: 20120123110005Z
Next update: 20120124110005Z
CRL has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
This update: 20120123110005Z
Next update: 20120124110005Z
CRL has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
This update: 20120123110005Z
Next update: 20120124110005Z
CRL has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
This update: 20120123110005Z
Next update: 20120124110005Z
CRL has expired or is not yet valid____________________________________________________________
OCSP response has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
This update: 20120123110005Z
Next update: 20120124110005Z
CRL has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: serialNumber=4, cn=Certigna ID, ou=0002 481463081, o=Dhimyotis, c=FR
This update: 20120123110005Z
Next update: 20120124110005Z
CRL has expired or is not yet valid____________________________________________________________
or, for example
CRL processing error
Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
This update: 20120305161509Z
Next update: 20120305172400Z
CRL has expired or is not yet valid____________________________________________________________
OCSP response has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
This update: 20120305161509Z
Next update: 20120305172400Z
CRL has expired or is not yet valid____________________________________________________________
CRL processing error
Issuer: cn=InfoCert Firma Qualificata, ou=Certificatore Accreditato, serialNumber=07945211006, o=INFOCERT SPA, c=IT
This update: 20120305161509Z
Next update: 20120305172400Z
CRL has expired or is not yet valid