Thursday, March 13, 2008

Enable SSL for LiveCycle Rights Management for cheap

LiveCycle Rights Management ES which protects PDF documents with revokable policies, requires an SSL certificate to ensure communication between PDF and the server is secured. In the past, we typically use a self signed certificates for development purposes, until the project is ready for production. Unfortunately, most trusted CA signed SSL certificates tends to be quite expensive.

I didn't know about this until recently, but inexpensive SSL certificates ($30 USD / year) can be used. P.s. I am not affiliated with GoDaddy. If you find other cheap and trusted CA, feel free to post in the comments.

I was a bit skeptical about whether the root certificate is trusted in the browser and in various OS's. Of the machines i tried, it seems to work fine. So below is a brief end to end instructions on how to enable your Rights Management ES instance (jboss) using a trusted CA signed certificate.

Step 1: Generate java keystore


Step 2: Generate certificate request


Step 3: purchase a Standard SSL certificate
Follow instructions provided by the CA, and paste certificate signing request when requested.

Step 4: importing the various certificates into your java keystore
After successfully purchasing a certificate, you will be sent a set of certificates. A root, a chain, an intermediate, and your site certificate. Follow the instructions below to import the certificates into your keystore.


Step 5: update server.xml

First copy the .keystore into a known location. I used JBOSS_HOME\server\all\conf. Then update the server.xml located at JBOSS_HOME\server\all\deploy\jbossweb-tomcat55.sar as below.

4 comments:

David said...

Just followed my own instructions, and realized that part of the last image for importing the certificates were cut off.

The entire command is:
keytool -import -alias aliasName -keystore demoensemble.keystore -trustcacerts -file certName

Replace aliasName and certName as appropriate.

David said...

Useful link i found about Godaddy wild card certs.

http://www.atomeo.com/2007/10/how-to-install-godaddy-wildcard-ssl.html

Click SSL said...
This comment has been removed by the author.
SSL Cert News said...

We are really glad to see go daddy inexpensive SSL certificate just $30 but we have already bought RapidSSL Certificate just $16 from RapidSSLonline


- Thanks for sharing an offer and informative information through your blog.