Expand my Community achievements bar.

SOLVED

SSL protocol error. Certificate is either invalid or common name or authority are not recognized. I

Avatar

Level 2
Level 2
2/26/10 1:09:30 PM

Hi, I have problems when I tried to open a PDF document with a police of RM generated in the Laundpad, I use a self-signed ssl certificates with the common name https://127.0.0.1:8443 and the base URL in the configuration is the same. I have tried to resolve this issue during a week but i could it and I do not understand how to solve it.

If anybody can help me, please. This is the picture when I try to open a PDF file with RM policies. Thanks

acrobatReadder.jpg

Views

20.2K

Replies

9
Sign in to like this content

Total Likes

Translate
Translate
1 Accepted Solution

Avatar

Correct answer by
Level 2
Level 2
9/17/10 6:47:44 AM

ScreenShot253.jpg

ScreenShot254.jpg

ScreenShot255.jpg

So the CN  value should be without the ":8443" addition when creating the cert file?

Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.

When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:

ScreenShot256.jpg

@ IE i get:

ScreenShot257.jpg

Thanks for looking in to this!

View solution in original post

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply
9 Replies

Avatar

Level 2
Level 2
9/17/10 5:32:48 AM

Same problem.... Anybody? Adobe staff?

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
9/17/10 6:31:26 AM

The CN value defined in the certificate (CN=servername, OU=OrgUnit, O=OrgName etc...) must match the name used in the Base URL setting of the RM server.  For example, if the URL to the server is "https://Server1:8443", then the CN value of the certificate must be "Server1"

Has the certificate been installed and trusted in the Windows certificate store?

If you hit the URL in a web browser (https://servername:port), does the browser display any security warning messages?

Regards

Steve

Views

3.5K

Replies

0

Total Likes

Translate
Translate

Avatar

Correct answer by
Level 2
Level 2
9/17/10 6:47:44 AM

ScreenShot253.jpg

ScreenShot254.jpg

ScreenShot255.jpg

So the CN  value should be without the ":8443" addition when creating the cert file?

Further: Ive installed and trusted the certificate in the personal and the trusted root certifcation auth.

When opening the URL: https://192.168.1.35:8443/adminui/ in Firefox i get the following error:

ScreenShot256.jpg

@ IE i get:

ScreenShot257.jpg

Thanks for looking in to this!

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate
Jump to reply

Avatar

Former Community Member
9/17/10 7:19:44 AM

The problem is due to the CN value in the certificate. It should NOT have the port number specified in it.  If you checked the details on the browser errors\warnings, they would say something like "the server that this certificate was issued to does not match the server you are attempting to connect to..."  This is due to the fact that the certificate CN value does not mtch the server (name) value used in the URL.

Regards

Steve

Views

3.5K

Replies

0

Total Likes

Translate
Translate

Avatar

Level 2
Level 2
9/17/10 8:09:09 AM

I created a new Certificate with the following CN: https://192.168.1.35

The Base URL in Adobe RM I changed to https://192.168.1.35:8443

When accessing the adminui through SSL (https://192.168.1.35:8443/adminui) in Firefox i get the following technical details:

192.168.1.35:8443 uses an invalid security certificate.

The certificate is not trusted because it is self-signed.
The certificate is only valid for https://192.168.1.35

(Error code: sec_error_ca_cert_invalid)

Still no luck unfortunately... When I invoked the process after these changes en tried to open the PDF the messagebox with asking me to allow to connect to https://192.168.1.35:8443 popped up. I allowed acces.After that the error this al started with shows up again:

SSL protocol error.  Certificate is either invalid or common name or authority are not recognized.

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
9/17/10 9:05:49 AM

Is the CN value you set in the certificate actually "https://192.168.1.35"?  If so, it should NOT include the "https://", the CN value should be 192.168.1.35.

You could also try the following (instead of using the IP address as the server name):

1)  Add an entry to your Windows HOSTS file, for example "rmserver     127.0.0.1"

2)  Create a new digital credential for SSL whenr the CN value is set to "rmserver"

3)  Install and trust the certificate on the server and client machine

4)  Set RM Base URL to "https://rmserver:8443"

5) Test the URL (https://rmserver:8443) in a web browser to ensure that no security errors\warnings are dispalyed in the web browser

Thanks

Steve

Views

3.5K

Replies

0

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
3/8/11 3:05:46 PM

We are a university who participates in sending e-transcripts through a third party software company. Customers receive an email, with a link to download a certified pdf.

Some people are having problems once they've downloaded the pdf to their computer, and try to open it in Adobe Reader. They are getting the 'SSL Protocol' error. We try having them download the latest version of Adobe, trying it on different computers, etc. But it still happens.

In layman's terms, is there setting in a Adobe or in Windows that can easily be changed? Or is it something that the provider of the pdf would need to fix? Not really sure what the CN name mumbo jumbo is.

Views

3.5K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 8
Level 8
3/9/11 5:57:02 AM

In this case CN means "Common Name", which is the externally accessible name of the server running LC RM

In order to establish a secure connection between the client (Acrobat or Reader) and the server (LiveCycle RM), there has to be a trusted relationship.  This is done by installing a certificate on the server that is known and trusted by the client. 

If there is anything "funny" about the certificate, the client will not trust it and the secure connection cannot be made.  If the CN is not perfect, then the certificate will not be accepted.

For example:  If I have a server called myserver, running in the mynetwork.com domain that is running LC.  I may create the certificate with a short version:  CN=myserver.  The problem is if I try to access it from a client with the full address http://myserver.mynetwork.com.

The client looks at the certificate and immediately says there is a problem:  myserver != myserver.mynetwork.com. Then the trust relationship cannot be established.    I have to make sure that the CN= myserver.mynetwork.com.

I suspect that there is something wrong with the SSL certificate itself or the RM Base URL configuration in that they don't excactly match.  You can check the RM settings using the LiveCycle adminui by looking at:

     Home > Services > LiveCycle Rights Management ES2 > Configuration > Server Configuration

Views

3.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
4/4/18 9:58:24 PM

Establish a secure connection between the client and the server, there has to be a trusted relationship.  This is done by installing a certificate on the server that is known and trusted by the client, there may be some error occur while using it, there may be Err SSL Protocol Error try to resolve it reset your network.

Views

3.6K

Replies

0
Sign in to like this content

Total Likes

Translate
Translate