Expand my Community achievements bar.

Learn about Edge Delivery Services in upcoming GEM session
Register!

Using Subjet Alternate Certifcates with RM

Avatar

Level 1
Level 1
6/6/10 5:40:16 PM

Hi

I have created a new Keystore using a certificate that we have purchased and has been signed by a third party. this certificate has subject alternate names and one of those is the livecycle RM server. the setup is a turnkey Jboss and I have changed the ports for connection to from 8080/8443 to 80/443.

the Problem i have is once i change the server.xml to point to the new keystore  with the new password my acrobat client will no longer connect to the RM server, stating the URL is incorrect there is no mention of a SSL error. however from a web browser I'm able to connect to https://server /adminui and https://server/edc.

the reason we are doing this is that external people will be view documents secured by rights management and we don't want them to have to install the self signed certificate on their computers.

if there is another way to do this or if there is a log that you know of so i can track down why the server stops responding that would be really good.

Cheers

Chris

Views

1.2K

Replies

4
Sign in to like this content

Total Likes

Translate
Translate
4 Replies

Avatar

Former Community Member
6/7/10 5:31:39 AM

Chris

I have a few questions...

When you access your server (https://server:8443/adminui or https://server:8443/edc) does the web browser show any security errors or warnings about the certificate?  If you receive warnings then the certificat is not properly trusted.

Are you using Acrobat on the same machine that you accessing the adminui with?

When you state that Acrobat cannot connect to the RM server, do you mean that you cannot get a list of the available policies, or that when you attempt to open a policy protected PDF Acrobat throws an error (or both)?

Ensure the Base URL fpr the RM server is set correctly as this is the URL that is inserted into a PDF when you apply a policy so Reader\Acrobat knows which RM server to get the policy information from.

Regards

Steve

Views

306

Replies

0

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
6/7/10 3:03:47 PM

Hi Steve

thanks for the response

when accessing the web site there is no certificate and when viewing the certificate it is using the SAN cert.

the Rights management URL is correct, the error I get with acrobat is from either the machine that has livecycle installed or another machine is when you go to security settings and attempt to add the rights management server.

the strange this is if i change back to the keystore that was setup during installation everything works providing the self signed certificate is installed in to the trust root store.

here is a screen shot of the error i receive also i have changed the secure port to 443 in the server.xml file.

Cheers

Chris

Rights Management.JPG

Views

310

Replies

0
Sign in to like this content

Total Likes

Translate
Translate

Avatar

Former Community Member
6/9/10 12:37:35 PM

Chris

I'm not sure what is going on.  I tried your URL, and I am able to connect (via a browser) and through Acrobat (although I can't connect as I don't have an user account - see screen shot)

Do you get the error before being propmpted to login, or after you supply a user name and password?

Regards

Steve

RMTest.gif
43 KB

Views

306

Replies

0

Total Likes

Translate
Translate

Avatar

Level 1
Level 1
6/9/10 3:08:46 PM

Hi Steve

thanks for the follow up

I was doing some more playing with the server.xml and figured out that i needed to add the proxyname="publicdnsname" to the HTTPS section and also had to add the godaddy intermediate cert into the cacerts store in the jre\lib folder, restarted the jboss and it started working for me.

Cheers

Chris

Views

310

Replies

0
Sign in to like this content

Total Likes

Translate
Translate