Felmeddelande om certifikat i Adobe

För att Adobe ska kunna verifiera signaturens certifikat så måste den läsa mot den så kallade EUTL (European Trusted List), efter uppdateringar och annat kan det hända att Adobe bara läser mot sin egen lista (AATL) och då kan den inte verifiera certifikatet. Det kan se ut så här. På rad 3 ser man att Adobe bara validerat mot AATL.

Då ska det fungera igen och det framgår tydligt att Adobe validerar både mot EUTL och AATL.

Ytterligare en lösning som rapporterats fungera av en användare.

https://helpx.adobe.com/acrobat/kb/certificates-corrupted-after-updating-trust-store.html

Problem description

In Acrobat or Acrobat Reader Trusted Certificate Store, the certificates containing hexadecimal sequence “FE FF” in their X.509 data get corrupted after updating AATL (Adobe Approved Trust List) or EUTL (European Union Trust List).

Corruption occurs when the Trusted Certificate Store is rewritten or optimized, for example when updating AATL/EUTL or when manually importing a certificate into the Trusted Certificate Store.

As a result:

• • • Any signature whose trust anchor is one of the corrupted certificates is reported as invalid upon signature validation.

    • Updating AATL/EUTL repetitively, the signature may appear as valid and invalid alternatively.

    • On multiple updates of AATL/EUTL, duplicated corrupt certificates get added to the user’s trust list.

AFFECTED PLATFORMS

Windows, OS X (macOS)

AFFECTED PRODUCTS

Solution

Update to the latest version of Acrobat and Reader, and then update AATL and EUTL so that corrupt certificates are replaced with correct certificates in the Trusted Certificate Store.

• • • Update to the latest version: In Acrobat or Reader, go to Help > Check for Updates, and then the follow onscreen instructions.

    • Update AATL/EUTL: In Acrobat or Reader, go to Edit > Preferences and then do the following:

      • For AATL: Under Categories, select Trust Manager and then select the Load trusted certificates from an Adobe AATL server check box and click Update Now.

      • For EUTL: Under Categories, select Trust Manager and then select the Load trusted certificates from an Adobe EUTL server check box and click Update Now.

If you manually trusted a certificate outside AATL or EUTL, and are seeing signatures being reported as invalid for the manually trusted certificate, do the following:

• • 1. Update to the latest version: In Acrobat or Reader, go to Help > Check for Updates, and then the follow onscreen instructions.

    2. Close Acrobat or Reader if it's running.

    3. Delete the trust list by deleting the following file:

    4. C:\Users\[UserName]\AppData\Roaming\Acrobat\<product version, for example, DC, 2015, or 2017>\Security\addressbook.acrodata

    5. Re-create trust list file (addressbook.acrodata) by updating AATL, EUTL as described above - step 2 in the previous procedure.

    6. Manually add the certificate that you want to trust to the Trust Identities.

    7. To add a certificate manually to the Trusted Identities:

    8. 1. Go to Edit > Preferences.

    9. 2. Under Categories, select Signatures.

    10. 3. For Identities & Trusted Certificates, click More.

    11. 4. Select Digital IDs on the left.

    12. 5. To import an ID, click the Add ID button, and then follow the onscreen instructions.

Additional information

The problem is fixed in the following builds/versions of Acrobat/Reader:

• • • DC Continuous / Subscription version: 18.011.20038.267465

    • DC Classic 2015 version: 15.006.30417.267543

    • Acrobat 2017 / Acrobat Reader 2017 version: 17.011.30079.267470

Aktivera specifikt certifikat (mindre säkert alternativ)

Ibland så validerar Adobe både mot AATL och EUTL men säger ändå att signeringen är ogiltig.

Kontrollera då följande:

Öppna Adobe gå till Inställningar - Kategorier skrolla ner till Signaturer - Till höger går du till "Identiteter & pålitliga certifikat" - klicka på Mer.

På nästa vy klicka på Pålitliga certifikat i vänstra kolumnen. Till höger kan du nu skrolla bland de certifikat som finns på datorn.

Leta rätt på detta: I.CA Qualified 2 CA/RSA 02/2016

- Markera den och klicka på "Redigera Pålitliga" bocka i rutan för "Använd det här certifikatet som ett pålitligt rotcertifikat"

- Klicka på OK.

Nu skall det fungera. Men du kanske måste starta om Adobe.