Problem details
The CRL Distribution Point (CDP) format for certificates issued by Enterprise Certification Authorities (CAs) employs an Active Directory path. The format of the CDP URL appears as ldap:///CN=MyCA,OU=...DC=example,DC=com?certificateRevocationList.
This default format, however, lacks the hostname necessary to locate the directory server. The revocation check fails since Acrobat or Acrobat Reader does not know the hostname and fails to get to the correct endpoint for downloading CRLs from CDP.
Workaround
Perform any of the workarounds below.
Workaround 1
Acrobat also supports HTTP-based URLs in AIA, providing an alternative to LDAP-based CDP for OCSP responses.
Workaround 2
Modify the certificate template to iclude the hostname in the CDP.
For example, ldap://ds.example.com:389/dc=example, dc=com, where ds.example.com is the hostname.
Workaround 3
Publish the CRL to a webserver and use the HTTP URL in the CDP.
Workaround 4
Set the hostname via setting preference registry available in Acrobat or Acrobat Reader.
For details, see: https://www.adobe.com/devnet-docs/acrobatetk/tools/PrefRef/Windows/Security.html#idkeyname_1_23134