On February 8th at 14:33:51 (CET) the Adobe preflight signature has expired. That’s why it is no longer possible to embed the preflight audit trail after a preflight with Acrobat Pro in a PDF:
After embedding the preflight results the PDF is usually “sealed” with this generic signature. This allows to recognize immediately if the PDF has been altered after the embedding of the preflight audit trail which may make the results obsolete. Thanks to the signature it is even possible to undo these changes.
Unfortunately the Adobe preflight signature is only valid for 5 years. Therefore the signature has to be renewed during the life cycle of an Acrobat version. Last time the signature expired on 22.11.2012. I remember that day very well. At that time I was responsible for the prepress support at Novartis Pharma and I received the error reports from all over the world. Since embedding the preflight audit trail is mandatory for PDFs for packaging files for Novartis Pharma I had to find a solution urgently. I did found out that replacing the invalid preflight signature of Acrobat 9 and X by the newer signature of Acrobat XI solved the problem.
It took Adobe quite a while to do the same. In January 2013 updates of Acrobat 9 and X containing the Acrobat XI signature were released. This signature was valid until 8.2.2016. It was also delivered with the first versions of Acrobat DC.
But this time Adobe has reacted on time (I have pushed them a little bit). With the January update of Acrobat DC and the 11.0.14 update of Acrobat XI a new preflight signature is installed. Users of these applications only have to perform the free update. Afterwards embedding the preflight audit trail is working properly again. At least until 6.11.2020. Then the signature will expire again…
Since Adobe does not offer updates for Acrobat 9 and X anymore, users of these applications must help themselves.
Exchange of the preflight signature
First you must get your hand on the new signature. Either from a user of the latest update of Acrobat XI or DC or from an installation of the free trial version of Acrobat DC. But be aware: the installer of the trial version also deletes older Acrobat versions! However since recently there is an option during installation to prevent this (see screenshot).
The signature is in the file Preflight.p12 which is stored in the following directories:
- MacOS X (* Show Package Contents with a right mouse click)
- Acrobat DC: … > Applications > Adobe Acrobat DC/2015 > Adobe Acrobat.app* > Contents > Plugins > Preflight.acroplugin > Contents > Resources
- Acrobat XI Pro: … > Applications > Adobe Acrobat XI Pro > Adobe Acrobat Pro.app* > Contents > Built-in > Preflight.acroplugin > Resources
- Acrobat X Pro: … > Applications > Adobe Acrobat X Pro > Adobe Acrobat Pro.app* > Contents > Built-in > Preflight.acroplugin > Resources
- Acrobat 9 Pro: … > Applications > Adobe Acrobat 9 Pro > Adobe Acrobat Pro.app* > Contents > Plug-ins > Preflight.acroplugin > Resources
- 32bit: c:\Program Files\Adobe\Acrobat <version>\Acrobat\plug_ins\Preflight\
- 64bit: c:\Program Files (x86)\Adobe\Acrobat <version>\Acrobat\plug_ins\Preflight\
Maybe admin credentials are required to access these folders in your installation.
The old file Preflight.p12 (created in 2013) in Acrobat 9 and X must be replaced by the new file Preflight.p12 (created in 2015) from Acrobat XI or DC. After a restart of Acrobat the problem is gone.
Validation of new signatur
Sometimes the new signature is not sucessfully validated when an PDF with an embedded preflight audit trail is opened. In this case the new signature must first be added to the trusted certificates in Acrobat (or in Reader) once:
- Open a PDF with a preflight audit trail using the new signature
- Open the Signature Panel (using the button in the blue bar on top right)
- Select the signature entry and Show Signature Properties… (with a right mouse click)
- Show Certificate… (Acrobat 9/X) or Show Signer’s Certificate… (Acrobat XI/DC)
- Tab Trust
- Add to Trusted Identities… or Add to Trusted Certificates + OK
- Option Use this certificate as trusted root + OK
- (Close all signature windows)
This procedure would not be necessary if Adobe would add their own preflight signature to the Adobe Approved Trust List (AATL) which is offered for download on a regular basis:
Users of Callas pdfToolbox will get into the same situation very soon. On 17.3.2016 the preflight signature of Callas will also be invalid. Hopefully there will be an update in time…
Users of Enfocus PitStop have a little more time. The preflight signature of Enfocus Certified PDF expires only on 27.8.2037! 🙂