System requirements
The following system requirements apply to Adobe Sign (formerly Adobe Document Cloud eSign services or Adobe EchoSign).
Browser
- Microsoft Windows 10 using Microsoft Edge or a current version of Firefox, or Chrome
- Microsoft Windows 8 using a current version of Firefox, or Chrome
- Mac OS X v11 or later using Safari 7 or later, or a current version of Firefox, or Chrome
The Microsoft Edge browser does not natively support 256-bit AES encryption of PDF files. If you are using the Edge browser, please ensure you are running the latest version of Adobe Reader.
Mobile app
Adobe Sign mobile apps support the most recent released versions of iOS and Android:
- Latest version and up to one version back for iOS
- Latest version and up to two versions back for Android
Language versions
US English
UK English
French
German
Spanish
Catalan
Basque
Brazilian Portuguese
Portuguese
Japanese
Chinese (Simplified)
Chinese (Traditional)
Korean
Indonesian
Malay
Thai
Vietnamese
Croatian
Czech
Polish
Romanian
Russian
Slovenian
Slovakian
Turkish
Ukrainian
Danish
Dutch
Finnish
Hungarian
Icelandic
Italian
Norwegian
Swedish
Supported document formats
- Adobe PDF (.pdf)
- Microsoft Word (.doc and .docx)
- Microsoft Excel (.xls and .xlsx)
- Microsoft PowerPoint (.ppt and .pptx)
- Text (.txt)
- Rich Text (.rtf)
- Graphics (.tif, .jpg, .jpeg, .gif, .bmp, and .png)
- Web (.htm or .html)
Software required to view a signed document
- Adobe Reader 9.0 or later for documents secured with AES 128-bit encryption or lower
- Adobe Reader 10 or later for documents secured with AES 256-bit encryption
Adobe online services are available only to users 13 and older and require agreement to additional terms and the Adobe Privacy Policy. Online services are not available in all countries or languages, may require user registration, and may be discontinued or modified in whole or in part without notice. Additional fees or subscription charges may apply.
Software required to sign a document
- Electronic signautres: Applied via any supported browser
- Cloud-based digital signatures: Applied via any supported browser
- Digital signatures via “Download and Sign with Acrobat”: Must use Adobe Acrobat or Adobe Acrobat Reader XI v11.0.7 or later
Domains to explicitly allow
Users with restrictive email security will need to explicitly permit inbound email from adobesign@adobesign.com to avoid filtering.
The out-bound email IP ranges for Adobe Sign can be found here >
Accounts with restrictive network security will need to explicitly permit Adobe required domain names. The following domains must be allowed to ensure basic functionality:
- adobesign.com
- adobesigncdn.com
- documentcloud.adobe.com (This is required for the Manage and Home pages)
- echosign.com
- echocdn.com
Accounts with very restrictive network security will need to explicitly permit the large lists below
Comprehensive domain name lists (Updated September 29th, 2021)
Core Adobe Sign
*.adobesign.com
*.adobesigncdn.com
*.echocdn.com
*.echosign.com
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
p13n.adobe.io
use.typekit.net
www.adobe.com
Document Cloud
acrobat.adobe.com
cloud.acrobat.com
files.acrobat.com
*.documents.adobe.com
acroipm2.adobe.com
adobesearch-sec-uss.adobe.io
ans.oobesaas.adobe.com
byof.adobe.io
cc-api-behance.adobe.io
cc-api-data.adobe.io
cc-collab.adobe.io
ccext.adobe.io
commerce.adobe.com
dc-api.adobecontent.io
documentcloud.adobe.com
geo.adobe.com
geo2.adobe.com
notify.adobe.io
pdfnow.adobe.io
pgc.adobe.io
prod.acp.adobeoobe.com
send.acrobat.com
server.messaging.adobe.com
ui.messaging.adobe.com
Identity and sign-in
adobeid-na1.services.adobe.com
adobeid.services.adobe.com
auth.services.adobe.com
federatedid-na1.services.adobe.com
na1e-acc.services.adobe.com
acc.adobeoobe.com
accounts.adobe.com
acp-ss-ue1.adobe.io
*.account.adobe.com
api.typekit.com
ars.oobesaas.adobe.com
assets.adobedtm.com
cdn-ffc.oobesaas.adobe.com
data.typekit.net
ffc-static-cdn.oobesaas.adobe.com
fonts.adobe.com
ims-na1.adobelogin.com
ims-prod06.adobelogin.com
ims-prod07.adobelogin.com
lcs-cops.adobe.io
lcs-entitlement.adobe.io
lcs-robs.adobe.io
lcs-ulecs.adobe.io
licensing.adobe.com
lm.licenses.adobe.com
mir-s3-cdn-cf.behance.net
*.onelogin.com
oobe.adobe.com
polka.typekit.com
prod-rel-ffc-ccm.oobesaas.adobe.com
prod.adobeccstatic.com
public.adobecc.com
scss.adobesc.com
state.typekit.net
static.adobelogin.com
wwwimages.adobe.com
wwwimages2.adobe.com
Administrative and Help pages (Admin Console and helpx)
adminconsole.adobe.com
bps-il.adobe.io
helpx.adobe.com
Acrobat Package downloads from Admin Console
s3.amazonaws.com/tron-ffc-icons-prod/
tron-prod-customized-user-packages.s3.amazonaws.com
Analytics and Tracking
*.aptrinsic.com
js-agent.newrelic.com
cdn.cookielaw.org
geolocation.onetrust.com
ec.walkme.com
sstats.adobe.com
adobe.tt.omtrdc.net
privacyportal.onetrust.com
bam-cell.nr-data.net:443
bam.nr-data.net
cdn.tt.omtrdc.net
adobemobiledev.demdex.net
api.demandbase.com
cm.everesttech.net
*.demdex.net
Integrations:
echosignforsalesforce.com
adobesignforsalesforce.com
Google Login / Drive
*.google.com
*.googleusercontent.com
*.googleapis.com
Sandbox:
*.adobesignsandbox.com
*.adobesignsandboxcdn.com
*.documentssandbox.adobe.com
*.echocdnsandbox.com
*.echosignsandbox.com
Core Adobe Sign
gps.na1.adobesign.com
gps.adobesign.com
gps.na1.echosign.com
gps.echosign.com
secure.adobesign.com
secure.na1.adobesign.com
api.na1.adobesign.com
secure.na2.adobesign.com
api.na2.adobesign.com
secure.na3.adobesign.com
api.na3.adobesign.com
secure.na4.adobesign.com
api.na4.adobesign.com
secure.eu1.adobesign.com
api.eu1.adobesign.com
secure.eu2.adobesign.com
api.eu2.adobesign.com
secure.au1.adobesign.com
api.au1.adobesign.com
secure.jp1.adobesign.com
api.jp1.adobesign.com
secure.in1.adobesign.com
api.in1.adobesign.com
secure.adobesigncdn.com
static.adobesigncdn.com
secure.na1.adobesigncdn.com
secure.na2.adobesigncdn.com
secure.na3.adobesigncdn.com
secure.na4.adobesigncdn.com
secure.eu1.adobesigncdn.com
secure.eu2.adobesigncdn.com
secure.au1.adobesigncdn.com
secure.jp1.adobesigncdn.com
secure.in1.adobesigncdn.com
secure.echocdn.com
static.echocdn.com
secure.na1.echocdn.com
secure.na2.echocdn.com
secure.na3.echocdn.com
secure.na4.echocdn.com
secure.eu1.echocdn.com
secure.eu2.echocdn.com
secure.au1.echocdn.com
secure.jp1.echocdn.com
secure.in1.echocdn.com
secure.echosign.com
secure.na1.echosign.com
api.na1.echosign.com
secure.na2.echosign.com
api.na2.echosign.com
secure.na3.echosign.com
api.na3.echosign.com
secure.na4.echosign.com
api.na4.echosign.com
secure.eu1.echosign.com
api.eu1.echosign.com
secure.eu2.echosign.com
api.eu2.echosign.com
secure.au1.echosign.com
api.au1.echosign.com
secure.jp1.echosign.com
api.jp1.echosign.com
secure.in1.echosign.com
api.in1.echosign.com
fonts.googleapis.com
fonts.gstatic.com
p.typekit.net
p13n.adobe.io
use.typekit.net
www.adobe.com
Document Cloud
acrobat.adobe.com
cloud.acrobat.com
files.acrobat.com
na1.documents.adobe.com
api.na1.documents.adobe.com
na2.documents.adobe.com
api.na2.documents.adobe.com
na3.documents.adobe.com
api.na3.documents.adobe.com
na4.documents.adobe.com
api.na4.documents.adobe.com
eu1.documents.adobe.com
api.eu1.documents.adobe.com
eu2.documents.adobe.com
api.eu2.documents.adobe.com
au1.documents.adobe.com
api.au1.documents.adobe.com
jp1.documents.adobe.com
api.jp1.documents.adobe.com
in1.documents.adobe.com
api.in1.documents.adobe.com
acroipm2.adobe.com
adobesearch-sec-uss.adobe.io
ans.oobesaas.adobe.com
byof.adobe.io
cc-api-behance.adobe.io
cc-api-data.adobe.io
cc-collab.adobe.io
ccext.adobe.io
commerce.adobe.com
dc-api.adobecontent.io
documentcloud.adobe.com
geo.adobe.com
geo2.adobe.com
notify.adobe.io
pdfnow.adobe.io
pgc.adobe.io
prod.acp.adobeoobe.com
send.acrobat.com
server.messaging.adobe.com
ui.messaging.adobe.com
Identity and sign-in
adobeid-na1.services.adobe.com
adobeid.services.adobe.com
auth.services.adobe.com
federatedid-na1.services.adobe.com
na1e-acc.services.adobe.com
acc.adobeoobe.com
accounts.adobe.com
acp-ss-ue1.adobe.io
api.account.adobe.com
ids-proxy.account.adobe.com
api.typekit.com
ars.oobesaas.adobe.com
assets.adobedtm.com
cdn.onelogin.com
cdn-ffc.oobesaas.adobe.com
data.typekit.net
ffc-static-cdn.oobesaas.adobe.com
fonts.adobe.com
ims-na1.adobelogin.com
ims-prod06.adobelogin.com
ims-prod07.adobelogin.com
lcs-cops.adobe.io
lcs-entitlement.adobe.io
lcs-robs.adobe.io
lcs-ulecs.adobe.io
licensing.adobe.com
lm.licenses.adobe.com
mir-s3-cdn-cf.behance.net
oobe.adobe.com
polka.typekit.com
portal-cdn.onelogin.com
prod-rel-ffc-ccm.oobesaas.adobe.com
prod.adobeccstatic.com
public.adobecc.com
scss.adobesc.com
state.typekit.net
static.adobelogin.com
web-login-v2-cdn.onelogin.com
www.onelogin.com
wwwimages.adobe.com
wwwimages2.adobe.com
Administrative and Help pages (Admin Console and helpx)
adminconsole.adobe.com
bps-il.adobe.io
helpx.adobe.com
Acrobat Package downloads from Admin Console
s3.amazonaws.com/tron-ffc-icons-prod/
tron-prod-customized-user-packages.s3.amazonaws.com
Analytics and Tracking
esp.aptrinsic.com
web-sdk.aptrinsic.com
app-be.aptrinsic.com
js-agent.newrelic.com
cdn.cookielaw.org
geolocation.onetrust.com
ec.walkme.com
sstats.adobe.com
adobe.tt.omtrdc.net
privacyportal.onetrust.com
bam-cell.nr-data.net:443
bam.nr-data.net
cdn.tt.omtrdc.net
adobemobiledev.demdex.net
api.demandbase.com
cm.everesttech.net
adobe.demdex.net
adobedc.demdex.net
Integrations:
echosignforsalesforce.com
adobesignforsalesforce.com
Google Login / Drive
accounts.google.com
adservice.google.com
android.clients.google.com
apis.google.com
docs.google.com
lh3.google.com
lh3.googleusercontent.com
lh4.googleusercontent.com
mtalk.google.com
play.google.com
storage.googleapis.com
update.googleapis.com
www.google.com
www.googleapis.com
www-onepick-opensocial.googleusercontent.com
Sandbox:
gps.echosignsandbox.com
gps.na1.echosignsandbox.com
gps. adobesignsandbox.com
gps.na1.adobesignsandbox.com
secure.adobesignsandbox.com
secure.echosignsandbox.com
secure.na1.adobesignsandbox.com
secure.na1.adobesignsandboxcdn.com
secure.adobesignsandboxcdn.com
api.na1.adobesignsandbox.com
secure.na1.documentssandbox.adobe.com
documentssandbox.adobe.com
na1.documentssandbox.adobe.com
api.na1.documentssandbox.adobe.com
secure.na1.echocdnsandbox.com
secure.echocdnsandbox.com
secure.na1.echosignsandbox.com
api.na1.echosignsandbox.com
If you explicitly allow IP addresses on your network, please add the below IP ranges to your firewall:
North America:
- 52.71.63.224/27
- 52.35.253.64/27
- 52.250.85.48/28
- 52.184.233.96/28 (Sandbox)
- 44.234.124.128/27
- 40.67.155.147/32
- 40.67.154.249/32
- 40.67.155.185/32
- 40.67.155.112/32
- 3.236.206.64/27
Europe:
- 51.105.221.160/27
- 52.48.127.160/27
- 52.58.63.192/27
- 52.236.2.144/28
Japan:
- 52.196.191.224/27
Australia:
- 52.65.255.192/27
Singapore:
- 40.119.212.48/28
India:
- 13.126.23.0/27
IP ranges for outbound mail relays
If your organization explicitly lists IP addresses to control connection to your inbound mail servers, add the following IP addresses to your allowed list of IP ranges:
- 40.65.170.152/30
- 40.67.157.141/32
- 40.67.154.24/32
- 40.67.158.131/32
51.105.221.64/30
- 52.205.63.172/30
- 52.41.255.236/30
- 52.149.27.228/30
- 52.208.255.252/30
- 52.236.0.204/30
- 52.59.244.0/30
- 52.197.127.252/30
- 52.65.63.248/30
- 13.126.23.32/30
SSL/TLS Requirements
Transport Layer Security (TLS) is the most widely deployed security protocol used today for Web browsers and other applications that require data to be securely exchanged over a network. Connections to Adobe Sign require use of TLS 1.2 and support for at least one of the cipher suites below. These requirements apply both to inbound traffic to Sign servers (browsers, API) and outbound traffic from Sign servers to customer servers (API callbacks used for retrieving agreement source documents, returning status, and webhooks).
For browsers: as long as you adhere to the OS/Browser requirements, you should have no browser related issues. All these OS/browsers are fully compliant with our TLS requirements.
For applications using the Sign API, these frameworks support TLS 1.2:
- Java: use Java 8 or later
- .NET: use .NET 4.6 or later
- OpenSSL: use OpenSSL 1.0.1 or later
For servers used to received callbacks or webhook requests from Sign:
- Support TLS 1.2 and at least one of the cipher suites listed below
- Have a valid TLS certificate, and include all intermediate certificates.
Customers who wish to test that their server is compliant can use a variety of free or commercial tools, including the Qualys SSLLabs Server Test, to ensure that their server accepts TLSv1.2, supports at least one of the cipher suites below and has a valid certificate.
TLS Cipher Suites Required:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
SSL Certificate Authority / Certificates
Adobe Sign updated the SSL Certificates on June 1st, 2021
There has been no change to the public key, underlying cryptographic protocols, or scheme.
SSL Certificates
Sign in to your account