SSL protocol error. Certificate is either invalid or common name or authority are not recognized. I

Same problem.... Anybody? Adobe staff?

The CN value defined in the certificate (CN=servername, OU=OrgUnit, O=OrgName etc...) must match the name used in the Base URL setting of the RM server.  For example, if the URL to the server is "https://Server1:8443", then the CN value of the certificate must be "Server1"

Has the certificate been installed and trusted in the Windows certificate store?

If you hit the URL in a web browser (https://servername:port), does the browser display any security warning messages?

Regards

Steve

The problem is due to the CN value in the certificate. It should NOT have the port number specified in it.  If you checked the details on the browser errors\warnings, they would say something like "the server that this certificate was issued to does not match the server you are attempting to connect to..."  This is due to the fact that the certificate CN value does not mtch the server (name) value used in the URL.

Regards

Steve

I created a new Certificate with the following CN: https://192.168.1.35

The Base URL in Adobe RM I changed to https://192.168.1.35:8443

When accessing the adminui through SSL (https://192.168.1.35:8443/adminui) in Firefox i get the following technical details:

192.168.1.35:8443 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for https://192.168.1.35

(Error code: sec_error_ca_cert_invalid)

Still no luck unfortunately... When I invoked the process after these changes en tried to open the PDF the messagebox with asking me to allow to connect to https://192.168.1.35:8443 popped up. I allowed acces.After that the error this al started with shows up again:

SSL protocol error.  Certificate is either invalid or common name or authority are not recognized.

Is the CN value you set in the certificate actually "https://192.168.1.35"?  If so, it should NOT include the "https://", the CN value should be 192.168.1.35.

You could also try the following (instead of using the IP address as the server name):

1)  Add an entry to your Windows HOSTS file, for example "rmserver     127.0.0.1"

2)  Create a new digital credential for SSL whenr the CN value is set to "rmserver"

3)  Install and trust the certificate on the server and client machine

4)  Set RM Base URL to "https://rmserver:8443"

5) Test the URL (https://rmserver:8443) in a web browser to ensure that no security errors\warnings are dispalyed in the web browser

Thanks

Steve

We are a university who participates in sending e-transcripts through a third party software company. Customers receive an email, with a link to download a certified pdf.

Some people are having problems once they've downloaded the pdf to their computer, and try to open it in Adobe Reader. They are getting the 'SSL Protocol' error. We try having them download the latest version of Adobe, trying it on different computers, etc. But it still happens.

In layman's terms, is there setting in a Adobe or in Windows that can easily be changed? Or is it something that the provider of the pdf would need to fix? Not really sure what the CN name mumbo jumbo is.

In this case CN means "Common Name", which is the externally accessible name of the server running LC RM

In order to establish a secure connection between the client (Acrobat or Reader) and the server (LiveCycle RM), there has to be a trusted relationship.  This is done by installing a certificate on the server that is known and trusted by the client. 

If there is anything "funny" about the certificate, the client will not trust it and the secure connection cannot be made.  If the CN is not perfect, then the certificate will not be accepted.

For example:  If I have a server called myserver, running in the mynetwork.com domain that is running LC.  I may create the certificate with a short version:  CN=myserver.  The problem is if I try to access it from a client with the full address http://myserver.mynetwork.com.

The client looks at the certificate and immediately says there is a problem:  myserver != myserver.mynetwork.com. Then the trust relationship cannot be established.    I have to make sure that the CN= myserver.mynetwork.com.

I suspect that there is something wrong with the SSL certificate itself or the RM Base URL configuration in that they don't excactly match.  You can check the RM settings using the LiveCycle adminui by looking at:

     Home > Services > LiveCycle Rights Management ES2 > Configuration > Server Configuration

Establish a secure connection between the client and the server, there has to be a trusted relationship.  This is done by installing a certificate on the server that is known and trusted by the client, there may be some error occur while using it, there may be Err SSL Protocol Error try to resolve it reset your network.