[BUG] dgn.de eIDAS certificate not verifying correctly
Certificates issued by dgn.de fail to verifiy even though they're eIDAS compliant. It seems that the certificate which is used to sign the OCSP response is not in the known list (which it should be as it is also an eIDAS certificate). For OCSP the certificate is used: dgnservice qOCSP 23:PN.
The company has also discovered the issue.
Nico
shared this idea
-
Stefan
commented
I cannot use the certificate I bought, because Adobe Reader's failure to verify correctly confuses the recipients.
-
Max
commented
Is there any update on when you plan to resolve this bug? It is quite annoying because most customers of course use Acrobat Reader, particularly as it seems to me like an easy-resolvable configuration issue at Adobe's side. A digital signature (of DGN) that cannot be validated is quite useless. At this time, March 2022, the bug still exists.
-
Stefan
commented
Same problem here. "dgnservice Root 11:PN" is in the trust store, which is the root of both, "dgnservice qCA 12:PN" and "dgnservice qOCSP 23:PN". It *should* validate, although is doesn't and raises an error: "Unterschrift der OCSP-Antwort ist ungültig" (Signature of OCSP-Response is invalid).It looks like a problem with the OCSP implementation as other tools (eg. openssl) can validate that successfully.