Embed long-term validation (LTV) information
The Pdftools SDK can be configured to embed long-term validation (LTV) information into a document during the document signing process. When the Pdftools SDK is configured to embed LTV information, it attempts to embed revocation information such as online certificate status response (OCSP - RFC2560) and certificate revocation lists (CRL - RFC3280). Revocation information is provided by a validation service at the time of signing and acts as proof that the certificate was valid at the time of signing.
Embedding revocation information is optional, but recommended when applying advanced (AES) or qualified electronic signatures (QES).
Revocation information is embedded for the signing certificate and all certificates of its trust chain. Therefore, both OCSP responses and CRLs may be present in the same message. However, embedding revocation information increases the file size (normally by around 20KB), and requires an external request to a validation service, which may delay the signing process.
Long-term validation (LTV) information cannot be embedded directly for time-stamp signatures.
Instead, after the time-stamp signature has been applied, the Process
method of the Signer
class must be invoked again to embed LTV information for each of the certificates in the document.
HTTPS connections
When retrieving certificate revocation information from a remote server using HTTPS (SSL/TLS) communication, the server certificate's trustworthiness is verified using the system's default trust store (CA certificate store).
You need to set up the HTTPS connection to communicate with the Pdftools SDK.
Proxy server
In a secured environment, the firewall must be configured to allow connection to the remote server. If you use a proxy server, the following MIME types must be supported:
application/ocsp-request
application/ocsp-response