Hi, I have problems when I tried to open a PDF document with a police of RM generated in the Laundpad, I use a self-signed ssl certificates with the common name https://127.0.0.1:8443 and the base URL in the configuration is the same. I have tried to resolve this issue during a week but i could it and I do not understand how to solve it.
If anybody can help me, please. This is the picture when I try to open a PDF file with RM policies. Thanks
Solved! Go to Solution.
Views
Replies
Total Likes
So the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this!
Views
Replies
Total Likes
Same problem.... Anybody? Adobe staff?
Views
Replies
Total Likes
The CN value defined in the certificate (CN=servername, OU=OrgUnit, O=OrgName etc...) must match the name used in the Base URL setting of the RM server. For example, if the URL to the server is "https://Server1:8443", then the CN value of the certificate must be "Server1"
Has the certificate been installed and trusted in the Windows certificate store?
If you hit the URL in a web browser (https://servername:port), does the browser display any security warning messages?
Regards
Steve
Views
Replies
Total Likes
So the CN value should be without the ":8443" addition when creating the cert file?
Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.
When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:
@ IE i get:
Thanks for looking in to this!
Views
Replies
Total Likes
The problem is due to the CN value in the certificate. It should NOT have the port number specified in it. If you checked the details on the browser errors\warnings, they would say something like "the server that this certificate was issued to does not match the server you are attempting to connect to..." This is due to the fact that the certificate CN value does not mtch the server (name) value used in the URL.
Regards
Steve
Views
Replies
Total Likes
I created a new Certificate with the following CN: https://192.168.1.35
The Base URL in Adobe RM I changed to https://192.168.1.35:8443
When accessing the adminui through SSL (https://192.168.1.35:8443/adminui) in Firefox i get the following technical details:
192.168.1.35:8443 uses an invalid security certificate.
The certificate is not trusted because it is self-signed.
The certificate is only valid for https://192.168.1.35
(Error code: sec_error_ca_cert_invalid)
Still no luck unfortunately... When I invoked the process after these changes en tried to open the PDF the messagebox with asking me to allow to connect to https://192.168.1.35:8443 popped up. I allowed acces.After that the error this al started with shows up again:
Is the CN value you set in the certificate actually "https://192.168.1.35"? If so, it should NOT include the "https://", the CN value should be 192.168.1.35.
You could also try the following (instead of using the IP address as the server name):
1) Add an entry to your Windows HOSTS file, for example "rmserver 127.0.0.1"
2) Create a new digital credential for SSL whenr the CN value is set to "rmserver"
3) Install and trust the certificate on the server and client machine
4) Set RM Base URL to "https://rmserver:8443"
5) Test the URL (https://rmserver:8443) in a web browser to ensure that no security errors\warnings are dispalyed in the web browser
Thanks
Steve
We are a university who participates in sending e-transcripts through a third party software company. Customers receive an email, with a link to download a certified pdf.
Some people are having problems once they've downloaded the pdf to their computer, and try to open it in Adobe Reader. They are getting the 'SSL Protocol' error. We try having them download the latest version of Adobe, trying it on different computers, etc. But it still happens.
In layman's terms, is there setting in a Adobe or in Windows that can easily be changed? Or is it something that the provider of the pdf would need to fix? Not really sure what the CN name mumbo jumbo is.
Views
Replies
Total Likes
In this case CN means "Common Name", which is the externally accessible name of the server running LC RM
In order to establish a secure connection between the client (Acrobat or Reader) and the server (LiveCycle RM), there has to be a trusted relationship. This is done by installing a certificate on the server that is known and trusted by the client.
If there is anything "funny" about the certificate, the client will not trust it and the secure connection cannot be made. If the CN is not perfect, then the certificate will not be accepted.
For example: If I have a server called myserver, running in the mynetwork.com domain that is running LC. I may create the certificate with a short version: CN=myserver. The problem is if I try to access it from a client with the full address http://myserver.mynetwork.com.
The client looks at the certificate and immediately says there is a problem: myserver != myserver.mynetwork.com. Then the trust relationship cannot be established. I have to make sure that the CN= myserver.mynetwork.com.
I suspect that there is something wrong with the SSL certificate itself or the RM Base URL configuration in that they don't excactly match. You can check the RM settings using the LiveCycle adminui by looking at:
Home > Services > LiveCycle Rights Management ES2 > Configuration > Server Configuration
Views
Replies
Total Likes
Establish a secure connection between the client and the server, there has to be a trusted relationship. This is done by installing a certificate on the server that is known and trusted by the client, there may be some error occur while using it, there may be Err SSL Protocol Error try to resolve it reset your network.
Views
Replies
Total Likes
Views
Likes
Replies
Views
Likes
Replies
Views
Likes
Replies