Thursday, March 13, 2008

Enable SSL for LiveCycle Rights Management for cheap

LiveCycle Rights Management ES which protects PDF documents with revokable policies, requires an SSL certificate to ensure communication between PDF and the server is secured. In the past, we typically use a self signed certificates for development purposes, until the project is ready for production. Unfortunately, most trusted CA signed SSL certificates tends to be quite expensive.

I didn't know about this until recently, but inexpensive SSL certificates ($30 USD / year) can be used. P.s. I am not affiliated with GoDaddy. If you find other cheap and trusted CA, feel free to post in the comments.

I was a bit skeptical about whether the root certificate is trusted in the browser and in various OS's. Of the machines i tried, it seems to work fine. So below is a brief end to end instructions on how to enable your Rights Management ES instance (jboss) using a trusted CA signed certificate.

Step 1: Generate java keystore

Step 2: Generate certificate request

Step 3: purchase a Standard SSL certificate
Follow instructions provided by the CA, and paste certificate signing request when requested.

Step 4: importing the various certificates into your java keystore
After successfully purchasing a certificate, you will be sent a set of certificates. A root, a chain, an intermediate, and your site certificate. Follow the instructions below to import the certificates into your keystore.

Step 5: update server.xml

First copy the .keystore into a known location. I used JBOSS_HOME\server\all\conf. Then update the server.xml located at JBOSS_HOME\server\all\deploy\jbossweb-tomcat55.sar as below.