These days, I've been testing Adobe Reader 11.0.2 signing with OCSP embedding, and the following was unclear:
1. If there is CRL file in Adobe Reader 11 CRL Cache (C:\Documents and Settings\<user>\Application Data\Adobe\Acrobat\11.0\Security\CRLCache), then OCSP is not embedded in e-signature, but CRL is embedded. How can I configure Adobe Reader 11, so that signature doesn't have embedded cached CRL, but OCSP for end-user certificate?
2. Why doesn't Adobe Reader 11 display full OCSP certificate chain? Adobe Reader 10 displays full OCSP certificate chain. You can see attached picture:
Dragan