Digital signature validity in Adobe Acrobat or Acrobat Reader

A digital certificate chain is made up of a list of certificates that start from a root certificate issued by a certifying authority and terminates with the End Entity (EE) certificate. For validation, your End Entity certificate (EE), Intermediate certificate Authority (ICA), or Root CA has to be part of the trusted list. Acrobat or Acrobat Reader tries to validate the signature by checking the certificate chain.

Your digital signature appears valid in Adobe Acrobat or Acrobat Reader version 21.007.20091 and later

With the September 2021 release of Acrobat or Acrobat Reader (version 2021.007.20091 and later), the digital signature status is not shown as invalid or unknown when an exception occurs during the processing of a certificate chain.

To revert to the previous behavior in which Acrobat or Acrobat Reader quits processing the remaining chains and returns the signature status as invalid or unknown, modify the bADC4326651 registry key or the plist file value and set it to in the following location:

  • Windows : HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Security\cASPKI\cASPKI
  • macOS: /Volume/Users/[USERNAME]/Library/Preferences/com.adobe.Acrobat.Pro.plist

Create a bADC4326651 registry key (Windows) or plist file (macOS) in Acrobat or Acrobat Reader version 21.007.20091 and 21.007.20048

You can create a bADC4326651 registry key on Windows or the corresponding key on a plist file on macOS, and choose if you want Acrobat or Acrobat Reader to display the warning message when an exception occurs while validating the certificate chain, or trust the certificate and display no error.

On Windows

  1. Quit Acrobat or Acrobat Reader application.

  2. Open the registry editor -  go to Run (Windows menu + R), type regedit.exe in the Open field and click OK.

  3. In the registry editor, based on your installed version of the product, go to the version-specific location listed below, and modify or create the DWORD (32-bit) key bADC4326651 at the location,

    • Location for Acrobat DC:
      HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\Security\cASPKI\cASPKI
    • Location for Acrobat Reader DC:
      HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\DC\Security\cASPKI\cASPKI
    Note:
    • If bADC4326651 value = 0, Acrobat or Acrobat Reader trusts the signature status even if an exception occurs, and no error is displayed.
    • If bADC4326651 value = 1, Acrobat or Acrobat Reader returns the signature status as invalid or unknown.
    bADC4326651 registry key

  4. Close the registry editor.

On macOS

  1. Quit Acrobat or Acrobat Reader application.

  2. Navigate to the folder /Volume/Users/[USERNAME]/Library/Preferences/.

  3. Open the com.adobe.Acrobat.Pro.plist file in any plist editor.

  4. Add or modify the ADC4326651 entry in the com.adobe.Acrobat.Pro.plist file:

    • If ADC4326651 value = 0, Acrobat or Acrobat Reader trusts the signature status even if an exception occurs, and no error is displayed.
    • If ADC4326651 value = 1, Acrobat or Acrobat Reader returns the signature status as invalid or unknown.
    plist preference

  5. Close the plist file.

Your digital signature appears invalid in Adobe Acrobat or Acrobat Reader version 21.005.20048 or earlier

When an exception occurs during the processing of a certificate chain, Acrobat or Acrobat Reader quits processing the remaining chains and returns the signature status as invalid or unknown.

Invalid certificate error

Adobe logo

Sign in to your account