I previously asked this in Help:
I have now tested v1.4 and can set the timestamp url. This is though not te same as the revocation check. Most comonly the signing certificate contains a URL to the OCSP server where revocation checks can be made. Adobe Reader checks this url too revocation. The same OCSP response can however be embedded in the PDF document, making it suitable for long term archiving, or off-line reading.
Are there any plans to include this feature in PDFCreator?
we will have to speak to the iText team about this. Do you know how this works technically or have access to documentation on this?
Aha iText, great. We have code for this in SignServer, using java iText.
It is in the PDFSigner.java module, see.
Look for the com.lowagie.text.pdf.OcspClientBouncyCastle.
Basically you need a URL for the OCSP server, and the signer certificate chain, then the OCSP response it added to authenticated attributes in the signature.