As discussed earlier on this blog, the Adobe Approved Trust List (AATL) has been updated to remove the DigiNotar Qualified CA root certificate. Users of Adobe Reader and Acrobat X (version 10.x) will be automatically updated to this list.
To be sure your copy of Adobe Reader or Acrobat will get the update, you can force a download of the AATL. Go to Preferences->Trust Manager->Automatic Updates and click the Update Now button. Also, be sure the “Load trusted root certificates from an Adobe server” option is checked.
A future product update of Adobe Reader and Acrobat version 9.x will enable dynamic updates of the AATL. In the meantime, users of Adobe Reader and Acrobat 9 can manually remove the DigiNotar Qualified CA using instructions provided in the blog post.
Also note that the Dutch government has published a document regarding the impact of the removal on signed PDFs. That document (in Dutch and English) can be found at the links below:
Dutch version:
http://www.logius.nl/actueel/item/titel/verwijdering-diginotar-uit-adobe-reader/
English version:
http://www.logius.nl/english/news-message/titel/removal-of-diginotar-from-adobe-reader/
This posting is provided “AS IS” with no warranties and confers no rights.
[…] discussed on the Security Matters blog, the Adobe Approved Trust List (AATL) has been updated to remove the certificate authority […]