November 22, 2022

Expiration of Reader DC Extensions certificates and its impact

Adobe Experience Manager Forms customers with Adobe Managed Services or On-premise Enterprise Base licenses are entitled to use the Adobe Acrobat Reader DC Extensions service.

Go back to News

The Adobe Acrobat Reader DC Extensions Service enables an organization to easily share interactive PDF documents by extending the functionality of Adobe Acrobat Reader with additional usage rights. The service adds usage rights to a PDF document and activates features that are not available when a PDF document is opened using Adobe Acrobat Reader, such as adding comments to a document, filling forms, and saving the document. Third-party users do not require additional software or plug-ins to work with rights-enabled documents. PDF documents that have usage rights added are called rights-enabled documents. A user who opens a rights-enabled PDF document in Acrobat Reader can perform the operations that are enabled for that document.

Adobe leverages a public key infrastructure (PKI) to issue digital certificates for use in licensing and feature enablement. Adobe has been issuing certificates under the certificate authority “Adobe Root CA,” which is set to expire on January 7, 2023. A new certificate authority, "Adobe Root CA G2," and certificates based on the new certificate authority are now available.

Old certificates (certificates based on “Adobe Root CA”) will no longer work after January 7, 2023. Adobe recommends that you start using the new certificates — those based on “Adobe Root CA G2” — for Acrobat Reader on or before January 7, 2023, to extend your PDF documents. You can obtain new certificates from the Adobe Licensing Website or Adobe Support.

All PDF documents that were extended for Acrobat Reader before January 7, 2023, using the older certificates, including any PDF documents downloaded by your customers, will continue to work with all usage rights applied to them. They require no updates.

Frequently Asked Questions

Based on reassessment of the situation, all PDF documents extended using production certificates issued from the old "Adobe Root CA" before January 7, 2023 will continue to work without any change post January 7, 2023. If you have already updated your PDFs there will be no change in experience.

Adobe Root CA is the certificate authority from which Acrobat Reader Extensions certificates are issued. On January 7, 2023, "Adobe Root CA" and all the certificates issued from it are expiring.

You can contact Adobe Support or raise a support ticket.

All PDF documents extended using production certificates issued from the old "Adobe Root CA" before January 7, 2023, will continue to work after January 7, 2023. PDFs extended with evaluation certificates will not work after the expiration date.

The description of new Acrobat Reader Extensions certificates mentions G3-P24 as the program name. In the description of older certificates (certificates based on “Adobe Root CA”), P24 is mentioned as the program name.

For all entitled Adobe Experience Manager Forms customers (with an active M&S license), the new certficates (certificates based on "Adobe Root CA G2") can be downloaded from the Adobe Licensing Website. If you are unable to find the certificate on Adobe Licensing Website, contact Adobe Support or raise a support ticket.

Yes, all PDF documents extended using production certificates issued from the "Adobe Root CA" (the old certificate authority) before January 7, 2023, continue to work without any change after January 7, 2023. PDF documents extended with evaluation certificates cease to work past the expiration date.

Adobe Acrobat Reader 2020 or later is required to use PDF documents extended with "Adobe Root CA" (old certificate authority). It is the supported version of Acrobat Reader at the time of publishing this document. If you are using a non-supported version of Adobe Acrobat Reader, Adobe recommends that you download and install the latest version of Adobe Acrobat Reader.

Adobe Acrobat Reader 2020 or later is required to use PDF documents extended with "Adobe Root CA G2" (the new certificate authority). If you are using a non-supported version of Adobe Acrobat Reader, Adobe recommends that you download and install the latest version of Adobe Acrobat Reader.

Yes, you can delete the old Acrobat Reader Extensions certificate and add the new one with the existing alias to an Adobe Experience Manager Forms Server.

Yes, you can keep both certificates but with different aliases on an Adobe Experience Manager Forms Server. After January 7, 2023, you can only use the new Acrobat Reader Extensions certificate to extend a PDF document.

Yes, the same Acrobat Reader Extensions certificate can be used across multiple environments.

You can use the getDocumentUsageRights API to retrieve the information about the usage rights applied to a PDF document.

On Microsoft Windows, to change the certificate Password, install the certificate using the Microsoft Management Console (MMC) and select Mark the key as Exportable. Once installed, export the certificate with a Private key, and use another password for the PFX file.