Change in certificate validation algorithm in Adobe Reader 10.1.2

Some experiments I have done with both Adobe Reader 10.1.1 and 10.1.2 show that their implemented algorithm vor validating the certificate of a signature is different:
In all versions of Adobe Reader up to and including 10.1.1 no revocation checking is performed for a certificate marked as a trust anchor.
In Adobe Reader 10.1.2 revocation checking is performed even if a certificate is marked as a trust anchor.
Since the latter behaviour is in conflict with international standards for certificate validation (RFC 5280, section 6.1), my questions are:
Has this shift in the implementation happened intentionally?
If yes, why?
/Gregor

Hi Jagriti,
sorry, it took some time to prepare things for this answer.
I have digged a bit deeper in my real world example: It uses a qualified EE certificate isssued by a German Trust Center supervised by the German Federal Net Agency (Bundesnetzagentur) - want I want to express here: It is not some self-signed anything, but a situation that will happen with almost each qualified EE certificate issued under German law.
You can find my real world example here, a PDF signed using such a qualified EE certificate (BTW: I cannot find a way to add files to my post, is there really no such mean in Adobe's forums?).
Additionally I have put together all certificates and CRLs depicted in the following graph into a ZIP-Archive, you can find it here.
Now, there are some awkward things with the structure of that PKI:
If you try to find a revocation status for Bundesnetzagentur's OCSP Service, you may get into a loop, since the signer certificate for that OCSP Service has a AIA certificate extension pointing to - well - the Bundesnetzagentur's OCSP Service (but this is not the problem I am facing at the moment - see below).
If you try to find a revocation status for the CRL issuer of Bundesnetzagentur's indirect CRL, you may face the same problem, since the CRL-DP certificate extension of the CRL issuer's certificate points to - well - the Bundesnetzagentur's indirect CRL (but this is still not the problem I am facing at the moment ;-).
The CRL-DP certificate extension (in all certificates shown in the graph above and depicted in blue) is missing the cRLIssuer field in the DistributionPoint, which is a MUST regarding to RFC 5280 if the DistributionPoint refers to an indirect CRL. Yes, and this is my problem at the moment - see below.
My current settings in Adobe Reader 10.1.2 are the following:
The Bundesnetzagentur's root certificate 12R-CA1:PN is marked as a trust anchor.
I am using a custom certificate preference to tell Adobe Reader to accept the OCSP responder signing certificate  TC TrustCenter DIR 39:PN (cAuthorizedResponder set to 1).
Validation in my Adobe Reader 10.1.2 currently does the following:
Find a valid path for Test-Signaturdienst:PN ... fine.
Check revocation status for Test-Signaturdienst:PN ... fine (using the OCSP responder pointed to by the AIA of the certificate).
Check revocation status for TC TrustCenter DIR39:PN ... fails (using the CRL-DP pointing to the Bundesnetzagentur's indirect CRL).
My question for the moment: Is there a chance to let Adobe Reader 10.1.2 accept Bundesnetzagentur's indirect CRL although the CRL-DP in TC Trustcenter DIR 39:PN is missing the cRLIssuer field?
My question for later: Is it an issue inside Adobe to support the validation of documents signed with a qualified certificate issued under German law despite the awkward construction of Bundesnetzagentur's PKI (Germany is a market with 80 million people)?
Best regards, Gregor

Similar Messages

  • Can highlight color be changed on the free version of adobe reader?

    can the highlight color be changed on the free version of adobe reader?

    You could possibly "insert" the .eps into a MS Word file (or most desktop publishing applications) and view it that way. Other than that you would need something like Adobe Illustrator to work with the file.
    Of course another option would be to use Adobe Acrobat to create a PDF of the file...

  • Change language back to English in Adobe Reader 9

    How do I change the language back to English for Adobe Reader 9?

    Hi,
    Do you have the MUI version installed?
    You can hold the Ctrl key and start Adobe Reader and try select the language.
    If not (standard version), the easiest would be to uninstall your current Reader, then reinstall the English version.

  • Why does a digital signature with a CA certificate not validate in adobe reader

    My client has adobe reader and can not validate a digitally signed document which has a CA certificate which normally appears in the adobe root store.  it comes up that one of the signatures have problems when he signs.  when i email him a document that i sign it validates the signature.  his signature validates on my side.

    Did you find any solution for this problem?
    i'm trying to implement something similar but i don't know how.
    thanks in advance!

  • Change the launch default back to Adobe Reader 9 (from Acrobat 6)?

    I have Adobe Reader 9 and Adobe Acrobat 6 both loaded.  Until a week ago I could launch
    PDF files in a broswer without difficulty.  They would launch in Adobe Reader 9.  Now when I try to launch a PDF in a browser Adobe Acrobat 6 launches and I get a message:
    "The Adobe Acrobat / Reader that is running cannot be used to view PDF files in a web browser.  Adobe Acrobat version 8/9 is required."
    It seems that Acrobat 6 is the default now for PDF files.  How do I change the default Adobe Program that launches back to Adobe Reader 9?
    Confused,
    Simple Mind

    Hii.
    Go to any PDF file, Right click it ->Propoerties-> in open with select ADOBE READER 9 and OK...
    I hope it will work. Or innopenwith option select reader 9 and click the check box below-"Always use this....."
    Regards,
    Nikhil

  • Font style of pdf files changes when it is opened with adobe reader 10.1.2 version

    The font style of pdf files changes if opened with adobe reader 10.1.2 version.
    Plz suggest wht to do....
    Following is the screenshot from adobe reader
    view: 75 % zoom in adobe reader (issue)
    view: 75 % zoom in foxit reader (no issue)
    Thanks,
    Neha

    Hi,
    Can you please share the PDF with which you are seeing this issue.
    You can mail me the PDF to e-mail that i have specified in the private message send to you.

  • CHANGED PASSWORD AND STILL CANNOT ACCESS ADOBE READER UPDATE

    I HAVE CHANGED MY PASSWORD AND STILL CANNOT ACCESS THE ADOBE READER UPDATE

    I think I may understand. There is no password from Adobe for getting an update. So, I think this is the computer's own administrator password, which you will need when you install most software. You chose it when you turned the computer on the first time. And if you forget it you have bigger problems than Adobe Reader.

  • How do i change the default paper size in adobe reader

    need adobe reader to open a pdf in a different paper size.
    current paper size 10.51 x 11.00

    Are you sure that's what you want to do though? What exactly are you trying to accomplish? Maybe there's a different way to do it...

  • How to change the destination folder when downloading Adobe Reader 9.0?

    I have an old version of Adobe Acrobat Elements 6.0, and I recently installed Acrobat Reader 9.0 and uninstalled all old Acrobat Readers on my computer (6.0, 7.0 and 8.0). After that, when I open AAElements and try to convert a document to pdf file, a msg shows: Unable to find Adobe PDF resource files. Do you want to run the installer in repair mode? I tried to say yes, but it didnt work. I tried to uninstall and install them back a couple of times (Reader before Elements) (Reader after Elements) without luck. PLEASE HELP! Thanks in advance! :)

    How do I stop post of
    Photoshop Elements   coming
    to my computer after I deleted it?

  • Change default language in Citrix Farm for Adobe Reader

    I have a Citrix farm and wish to change the default language of Citrix Adobe Reader XI for ALL USERS. Is this something thats possible? If so, how do I go about doing it?

    Well, what if you just remove the default language EN from the email sending step. If a user triggers the workflow, which will then in turn send the email, the workflow is started in the corresponding language. If you don't have a default language set up, the email sending step might use the language in which the workflow was started (Which in your case might be correct). I am not sure this, but you might try it.
    In general I think the best approach is the one that I explained in my previous answer already. You need find out the email receivers language, and use (=make the binding from the workflow container to the email sending step language parameter) that language in the email sending step. The only "difficult" part is to how to get the receiver user's language in to the WF container. Basically the idea would be that you create for example a new step in your workflow. In this step you will what is the language of the email receiver user, and return it to the workflow container. Then just bind it to the email sending step.
    Regards,
    Karri

  • Changing language in Adobe reader

    Dear sir/Madam.
    The only free version of Adobe reader I could find came to me in Polish language. I can not get an english or Spanish version. I have 2 questions :
    1) How/ where can I get a free version of Adobe reader, acceptable by Google Chrome ?
    2) How  (what are the steps ?) can I change the language of my installed Adobe reader from Polish to english.
    Thanks for your time.

    As a first consideration, please note that the PDF files provided with Microsoft Training materials are language-agnostic from the point of view of the Adobe Reader, that is, they don't influence at all the language in which the reader displays its interface.
    So your problem must be related to the Reader itself, and not the training materials. I mention this because you posted your question in the Microsoft Training and Certification forum (and not in an Adobe support forum), so I have to infer that your problem
    is related to the PDFs in training materials.
    That said, I have installed plenty of times the Adobe Acrobat Reader from the Adobe download page (http://get.adobe.com/reader/), both in Spanish and in English versions of Windows, and it was always downloaded
    in the language that matched the Windows configuration. But anyway, if it doesn't match automatically, there is a link in the download page labelled "Do you have a different language or operating
    system?". If you click there, it will let you change the language for the Reader that will be downloaded. To change the language of your installed reader, uninstall it and then download and install the correct version.

  • Adobe Reader changes Windows default printer?

    Hello.
    Currently our customers are complaning about the anomaly, that the default printer is sometimes changed after printing *.pdf's with Adobe Reader. I have never heard of a problem like this before and am even not able, to confirm this behaviour.
    That is why I want to ask you, if you have ever heared of something similar like this. Under which circumstances does Adobe Reader print on another non-default printer automatically? Btw. I don't know how to handle this problem so far.
    Yours,
    Moeki.

    Interesting! What was the color scheme prior to launch? Does this problem happen on every launch of Reader X? What if you restore the color scheme and re-launch Reader? If possible can you stick a screenshot of the issue you just described.

  • Adobe Reader changed my desktop incons to AR logo.

    How do I change them back?

    → http://helpx.adobe.com/acrobat/kb/application-file-icons-change-acrobat.html
    [topic moved to Adobe Reader forum]

  • Adobe Reader 8.1.1 -   How to Uninstall ?

    I recently downloaded Adobe 8.1.1 and have not been able to open pdf files on other browsers. I have tried to change(repair)the download, then tried removing the download hoping that re-installing would help. However,when I hit Start, go to Settings, then Control Panel, then Add / Remove programs, and press "Change" I get the following message:
    "The patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package."
    When I press "Remove" the following message appears:
    "This patch package could not be opened. Verify that the patch package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer patch package."
    I got the free download of 8.1.1 from the adobe site, how do I "verify that the patch package exists or if it's valid" ?

    Augustine,
    Adobe Reader 8.1.1 has been "CORRUPTED"
    Adobe Reader 8.1.2 is supposed to remedy this
    I use "Google"
    Type in "WINDOWS INSTALLER CLEANUP UTILITY"
    When "results" appear-look for "support,microsoft.com" DESCRIPTION OF WINDOWS INSTALLER CLEANUP UTILITY" AND "click"
    When page opens, scroll down to "Download the Windows Installer Cleanup Utility package now. (You can read instructions or not)
    When "File Download-Security Warning" box appears "click" RUN
    After download completes--Open "Programs" on your computer and look for "WINDOWS INSTALL CLEANUP"--Click to open
    When box opens look for 8.1.1 (or) Adobe 8.1.1 and "click" (HIGHLIGHT)WARNING--DO NOT HIGHLIGHT ANY OTHER PROGRAM!!!!
    At bottom of box Click "REMOVE"
    Go back to "CONTROL PANEL" "ADD/REMOVE PROGRAMS" Adobe Reader should have been removed.
    Now download ADOBE READER 8.1.2
    Let me know how it works out
    Carl

  • I have the latest version of Adobe Reader and I still can not print adobe reader documents on my Mac Air laptop but I can print any other type of file or document?

    What settings need to be changed in order to print in Adobe Reader?

    Thank you for your kind and thoughtful input.
    My Adobe reader is the most current one that's out there per Adobe.
    Something like XII  or higher.
    As for my Outlook, it's MS Outlook 2003, and I believe it's Express Outlook.
    If I disable the Protected Mode, per your suggestion, maybe that will work.
    I'll try it.
    Thanks again, and if you have any other ideas, I would appreciate your
    thoughts.
    Thank you.
    Joel

Maybe you are looking for

  • Error copying a NavPage

    in R2 , when i try to copy a banner (NavPage), i get this error. The new page is created but only a part of the source page is copied. ORA-06512: at "PORTAL.WWSBR_STDERR", line 437 ORA-06512: at "PORTAL.WWV_THINGDB", line 1943 ORA-06502: PL/SQL: nume

  • InDesign CS6 keeps crashing when trying to export to PDF

    I never had an issue with this before, but now my InDesign is crashing every time I try to export to a PDF. The document is 22 pages long. I updated an older version that I had no problem with exporting to a PDF. Now I can't even take the older InDes

  • Sony Handycam DCR-HC40 suddenly stops working with iMovie HD

    Is it possible the FireWire (iLink) connection is busted? I've bought two brand new FireWire cable and still iMovie couldn't see the camera. Camera has full battery; plays movies fine. Computer FW socket is fine too. Please, anyone, help? This camcor

  • Unable to Purchase TV Show

    My son wanted to get an episode of the TV series "Clone Wars". I found it in the U.S. store. We have a Canadian address. When I went to purchase it iTunes wouldn't let me purchase it as it said I can only purchase items from the Canadian store. This

  • Apple TV & iPod Touch

    Hello All, I am currently using an iPod Touch, and want to get an apple TV. I have 1 question before buying: I LOVE to watch podcasts. I am wondering if will be able to SYNC both of my devices to iTunes. For example. if I have 3 episodes of CommandN