Hello,
We're trying to set up a test server to demonstrate Certificate Authentication with Rights Management 8.0.1 and Acrobat 8.1, and so far are a bit stumped. I'm using RSA 2048 at all stages of the key generation process.
I've basically used the guide linked below, but skipping the Web Server SSL key section and jumping on to creating client certs straight after creating the CA certs.
http://marc.info/?l=tomcat-user&m=106293430225790&w=2Here's a quick outline of basic steps taken:
1. Set up Active Directory domain mapping with LDAP and sync. Assign a domain user Rights Management End User role.
2. Set up Rights Management to only accept Certificate Authentication and block Acrobat 7 clients.
3. Using OpenSSL, create a root CA.
4. Upload CA public key to Certificates in Admin UI.
5. Set up certificate mapping on E->Primary email for the AD domain
6. Create client certificate and signing request matching domain user with Rights Management End User role.
7. Sign client request using CA.
8. Bundle client request into p12.
9. Import CA public key into Acrobat trusted identities and Windows trusted root CA store.
10. Import p12 into Acrobat.
11. Export .cer file for this identity from Acrobat.
12. Using Admin UI, upload client certificate to the Test Certificate Mapping, get green verification (with mapping should be okay message)
13. Attempt to add Policy Server in Acrobat, when prompted select client certificate.
At this point the whole thing falls down, and a dialog box pops up saying:
"Acrobat Security
X - Unable to connect to the service at
https://lces:443You do not have permission to perform this operation."
Now, there's probably something I've done wrong or missed at some stage, but I'm wondering if the theory is good and I've just messed up creating the certificates (several times), or there is some key concept I've misunderstood.
If there is any documentation or guides around on setting up Rights Management to use Certificate Authentication, then I've yet to find them, so if anyone knows of any please let me know.
Any feedback from people who've successfully implementated Certificate Authentication using Acrobat 8 and LCRM 8.0.1 would be greatly appreciated, and if I do solve the problem myself I'll be sure to post whatever it was I missed or did wrong to get to the error message.
If there's any other information I can provide which might help figure out where the issue lies, then please let me know.
Thanks,
Robert Hirst