Hello, I am trying to diagnose a failed validation of an embedded OCSP-response.
You can find the file in question here:
And the Base64-encoded signature here:
Since the OCSP responder requires signed requests, I have to embed the response in the file.
When I look at the certificate in Adobe Reader, and check Revocation > Problems encountered, it says:
Certificate is not valid for the usage. Must sign the request. The Revocation-section also says:
An attempt was made to determine whether the certificate is valid by doing a revocation
check using the Online Certificate Status Protocol (OCSP). So it seems that the embedded OCSP is skipped altogether. Any ideas what might be going wrong?
Further diagnostics
To get more details, I was trying to enable further logging. I am using Acrobat Reader DC on Mac OS.
Under Root -> DC, this is my configuration in the ~/Library/Preferences/com.adobe.Reader.plist:
https://pasteboard.co/1leCVP0vF.png
I tried different log levels (the 0xFFFFFF option described in the documentation was automatically removed by the software).
Whatever I do, I get zero output to the log file (it exists). It seems like the settings are being used though, as invalid keys are removed when i start Adobe Reader.
Clik here to view.
