Mac package certificate has expired for Acrobat or Reader
Expired Mac package certificate
The certificate used to sign Acrobat or Reader Mac installers and update packages expired on February 21, 2017. Due to this expired certificate, macOS has started flagging many of Acrobat or Reader installer and patches as not signed or expired.
The following full installers and patches are impacted:
- Acrobat Continuous packages prior to 15.016.20041
- Acrobat Reader Continuous packages prior to 15.016.20039
- Acrobat 2015 packages prior to 15.006.30173
- Acrobat Reader 2015 packages prior to 15.006.30172
- Acrobat and Reader XI packages prior to 11.0.17
If you try to install any of the impacted packages, the following warning message appears:
If you try to install these packages using the command line, Mac OS blocks the installation, and the installation fails.
Solution: Download the latest version or patch
The latest full installers are not impacted by this issue. If you have an Acrobat/Reader full installer package that is showing a warning, download the latest version.
The installer packages at this location have been refreshed, and you should not have any issues installing from the latest packages.
The latest patches for all tracks do not have this issue. Adobe recommends that you install the latest updates:
- 15.023.20056 for Acrobat and Reader Continuous
- 15.006.30280 for Acrobat and Reader 2015
- 11.0.19 for Acrobat and Reader XI patches
Note that for all of these packages, you will not see any warning and they can be installed without any issues. But, if you explicitly fetch the certificate chain used to sign the package by clicking the "lock" icon, it will show that the certificate has expired, as shown here:
However, the package signature is valid and OS does not block the installation in any way, which you can verify by using the pkgutil command:
pkgutil --check-signature <path to the pkg file>
Sample terminal output for 11.0.19 Acrobat package is shown below, which states that the package is signed by a certificate, trusted by the OS: