You must configure the trust store to store credentials that LiveCycle ES uses when executing authenticated web services. You can use the LiveCycle Administration Console to configure the trust store. (See the "Managing Local Credentials" section in LiveCycle ES Trust Store Management Help.)
Successful client certificate authentication requires certificates from a common certificate authority (CA) on both the LiveCycle ES server and the server hosting the protected resource. You may need to add the CA to the server hosting LiveCycle ES and make it accessible to the LiveCycle ES Javaâ„¢ process. If LiveCycle ES cannot verify a common CA, the certificate-protected resource is not processed and an error message is logged.
LiveCycle ES supports the PKCS#12 type of certificate. LiveCycle ES Update 1 (8.2) provides a default root certificate file (ca-bundle.crt) in one of the following locations:
- (JBoss Application Server) [appserver home]/server/all/svcdata/XMLFormService/bin
- (WebLogic Server) [appserver home]/user_projects/domains/[domain name]/adobe/[server name]/XMLFormService/bin
- (WebSphere Application Server) [appserver home]/AppServer/installedApps/adobe/[server name]/XMLFormService/bin
You may want to add other root certificates that are obtained from other certificate authorities. You can also use any other CA bundle certificate by setting the environment variable CURL_CA_BUNDLE to the location of the file (for example, export CURL_CA_BUNDLE=/home/tools/ca-bundle.crt), and then restarting the application server hosting LiveCycle ES.
Note: It is recommended that you use a custom CA bundle file containing certificates only from authorities that your organization trusts.
You must ensure that the following conditions are met:
Configuring certificate authentication may require an SSL tool, such as the OpenSSL utility. You can obtain the OpenSSL utility from the following sources: