Issue Description

Adobe apps require Signed Application Profiles. While obtaining the Signed Application Profiles, the Certificates required for the Signature validation are installed in the Keychain on macOS and the Certificate Store on Windows.

Adobe licensing uses X.509, standards compliant, DER certificates for licensing and entitlement. Adobe apps use the Certificates completely for software licensing purpose. These are part of the certificate trust chain, the root of which is self-signed. A self-signed certificate is an identity certificate that is signed by the same entity, which is being certified.

While installing the certificates, only a portion of the certificates in the certificate trust chain is installed. The Root Certificate is not installed and hence the certificates in the certificate trust chain show up in the Keychain & Certificate Store with the following messages:

  • Windows: Windows does not have enough information to verify this certificate
  • macOS: Certificate is not trusted

It is not a cause for concern, as the certificates are used by Adobe Applications only for licensing purposes. Removing a certificates has no adverse effect, since the certificates are reinstalled in the Keychain or Certificate Store during periodic iterations to obtain the Signed Application Profiles.

Resolution

The self-signed root certificate is available as a separate (optional) installable profile from Adobe. A concerned user can install the profile, which prompts for permission to install the self-signed root certificate system-wide and mark it as trusted. Once the self-signed root certificate is installed and marked as trusted, no more error messages are displayed for the Certificates installed.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy