Copy link to clipboard
Copied
Hi Adobe Support
I work for a fairly large organization and with the update to Adobe Acrobat Reader 2020.005.30362 (classic track) we encountered an issue with verifiying signing certificates.
Under EDIT>:Preferences>Signatures>Verification -> Click "More"
At the bottom of this window is the Windows Integration section where you can set Reader to search the Windows Store for validating signatures. ->THIS FEATURE IS NOT WORKING WHEN PROTECTED MODE IS TURNED ON!
This feature should still work with Protected Mode turned on.
We had to manually import our trusted root certificate. We have major concerns if we start asking each user to do this.
Questions:
1. I know there is a Known issue close to this but it is poorly worded on the Adobe Website . It reads :
2. Are there plans to resolve this issue in a later release of Adobe Reader 2020?
3. Was there a change in the release of 2020.005.30362 that caused this issue? ie: were you guys trying to address another security issue by making people manually import their root certificates?
4. Reader 2020 has quite a number of issues with it. Could I ask how much longer you guys intend to support Adobe Reader 2017? End of life was supposed to be in June but an update for it was released this week. Whats going on?
The windows integration settings should work as labelled. If they dont, there should be an item in the known issues section.
Thanks for your help with this....
Ted
Copy link to clipboard
Copied
I can confirm this issue is present in our enviroment as well. Root certificates from the Windows Store are not trusted with Protected Mode enabled and none of our signatures will validate form our CA. This is happening on version 20.005.30382 on both Windows 10 & 11 21H2.
I can resolve the issue by doing either of the following
- Disable Protected Mode
- Install version 20.005.30334 or earlier
Neither solution is acceptable on our end from a vulnerability & security standpoint.
Copy link to clipboard
Copied
This new version 20.005.30407 (planned updated Oct. 11) does not correct the issue either. How are users supposed to validate signatures when Reader nor Acrobat can intergrate the Widnows Certificate store for validation?
Importing certificates on 10,000+ machines is not an option we are willing to exercise when the feature within Acrobat & Reader should work as labeled "Trust ALL root certificates in the Windows Certificate Store for:" Validating Signatures
Copy link to clipboard
Copied
So I had a ticket opened with Adobe on this issue back 2 month ago. They collected logs and and sent ir off to their engineering team. This was my response for asking for a timeline
"The ETA for bug # ADC-4392895, on the other hand, is March 2023"
Well the next update has been released for the Classic Track, 20.005.30467 and this update does not fix this issue! This is starting to get frustrating from an Enterprise level with all the Digital Signatures required. This issue is not present in the Continuous Track, which we are not looking to move to for the time being.
Copy link to clipboard
Copied
Hi JWhetstone02,
Thank you for reaching out, and sorry about the trouble caused.
We have checked the bug number shared above.
I am afraid the issue is still unresolved, and the team is still working on the fix.
We will update you once the issue is resolved.
Thanks,
Meenakshi
Copy link to clipboard
Copied
This latest update released for the Classic Track, 20.005.30514, fixes the issue where root certificates from the Windows Store are not being trusted with Protected Mode enabled. Our users can now digitally sign and validate their digital signatures with Protected Mode enabled. Finally.
Copy link to clipboard
Copied
Hi JWhetstone02,
Thank you for updating us about this. Glad to know the update worked for you.
Let us know if we can be of any further help.
Thanks,
Meenakshi
Marking a reply or response “Correct” will help future users with the same issue quickly identify the correct answer.