Configuring the DocAssurance service

The DocAssurance service requires RSA and BouncyCastle libraries. These libraries are installed along with the AEM forms. Before configuring the DocAssurance service, Install and configure the AEM forms package.

Note:

Before installing the AEM forms add-on package, ensure that the installation path of the AEM Quickstart does not contain any spaces.

Out of the box, the DocAssurance service is not available for use. To use the DocAssurance service, bootdelegate the RSA and BouncyCastle libraries installed along with AEM forms package. Perform the following steps to bootdelegate the libraries:   

  1. Stop the AEM server.

  2. Open the sling.properties at [AEM installation]\crx-quickstart\conf\ for editing.

    Note:

    If you use [AEM_root]\crx-quickstart\bin\start.bat to start AEM, then edit the sling.properties at [AEM_root]\crx-quickstart\

  3. Add the following properties to the sling.properties file

    sling.bootdelegation.class.com.rsa.jsafe.provider.JsafeJCE=com.rsa.*
    sling.bootdelegation.class.org.bouncycastle.jce.provider.BouncyCastleProvider=org.bouncycastle.* 
  4. Save and close the file. Restart the AEM server.

Set up certificates for Reader extensions

The DocAssurance service can apply usage rights to PDF documents. To apply usage rights to PDF documents, setup certificates for Reader Extensions. Perform the following steps to setup certificates:

  1. Log in to AEM Author instance as an administrator.

  2. Go to Tools > Operations > Security > Users.  

  3. Click the name field of the user account. The Edit User Settings page opens.  

  4. On the AEM Author instance, certificates reside in a KeyStore. If you have not created a KeyStore earlier, click Create KeyStore and set a new password for the KeyStore.  If the server already contains a KeyStore, skip this step.

  5. On the Edit User Settings page, click Manage KeyStore.

  6. On KeyStore Management dialog, expand the Add Private Key from Key Store file option and provide an alias. The alias is used to perform the Reader Extensions operation.

  7. To upload the certificate file, click Select Key Store File and upload a <filename>.pfx file. 

  8. Add the Key Store Password, Private Key Password, and Private Key Alias that is associated with the certificate to the respective fields. Click Submit.

    Note:

    To determine the Private Key Alias of a certificate, you can use the Java keytool command: keytool -list -v -keystore [keystore-file] -storetype pkcs12

    Note:

    In the Key Store Password and Private Key Password fields, specify the password provided with the certificate file.  

Note:

On moving to production environment, replace your evaluation credentials with production credentials. Ensure that you delete your old Reader Extensions credentials,  before updating an expired or evaluations credential.

Note:

In case, you have a publish farm, comprised of multiple non-clustered publish instances, you need to create a reverse replication agent for each Publish instance as mentioned in Steps 1-9. For each such reverse replication agent, Title and Name should be significant and unique, so the identification of the corresponding Publish instance can be simpler. Each such replication agent has a different URI in the Transport tab pointing to a particular Publish instance. For multiple publish instances, you can also create replication agents by copying the default agent publish and then editing Name and URI in transport tab of the created agent. If you are not using the default Replication Agent, disable it, so an unnecessary replication attempt can be avoided.

Enabling AES-256 for Encryption Service

To use AES 256 encryption for PDF files, obtain and install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy files. Replace the local_policy.jar and US_export_policy.jar files in the jre/lib/security folder. For example, if you are using Sun JDK, copy the downloaded files to the [JAVA_HOME]/jre/lib/security folder.

Configuring the Assembler services

The assembler service depends on the Reader Extensions service, Signature service, Forms service, and Output service. Perform the following steps to verify that the required services are up and running:

  1. Login to URL http://[server]:[port]>/system/console/bundles as an administrator.

  2. Search the following service and ensure that the services are up and running:

    Service Name Bundle Name
    Signatures Service adobe-aemfd-signatures
    Reader Extensions Service com.adobe.aemfd.adobe-aemfd-readerextensions
    Forms Service com.adobe.livecycle.adobe-lc-forms-bedrock-connector
    Output Service com.adobe.livecycle.adobe-lc-forms-bedrock-connector

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy