Verification error - An error occurred during signature verificati

[GT]

I'm running MOSS2007 SP2 with Forms Services enabled. The problem is with
digital signatures of InfoPath forms. In InfoPath the signatures are
validated ok but when the same form is viewed in a browser as html rendered
by Forms Services the same signature is displayed as invalid due to its
verification error.

I've installed the root and intermediate certificates to appropriate folders
on the MOSS server (Certificates (Local computer)). I've monitored the
transmissions between Forms Server and CA server (third party) while
rendering the form. FS just asks for the current CRL and it gets the correct
file.

Any ideas what else might be the cause of Forms Services not rendering
signatures correctly? Is there any way to debug the issue? There is nothing
logged in the vent log on the server?

 

[GT]

Since nobody knew or bothered to help I had to find the solution by myself.
Here it is:
It is NOT enough for the end-user certificate to be displayed as valid in a
standard certificate properties window (together with all CA certs in its
chain).

Forms Services will render the signature as valid only if the following test
passes:
- copy the end-user certificate to your FS server (without the private key)
- open cmd and type: certutil -verify <end-user-cert>.cer
- check dwErrorStatus fields for all certificates in the chain - if all are
0 then FS should render the signature as valid. If any of the dwErrorStatus
fileds is different than 0 the signature will be rendered as invalid.

In my case the problem was with CRLs.

You can read here: http://support.microsoft.com/kb/969414/ that there is a
hotfix that allows you to turn CRL verification off. Well.... I applied the
hotfix without any errors but still cannot turn the CRL verification off.