Managing certificates

Search
Experience Manager 6.3 Forms User Guide

On this page

Applies to: Experience Manager 6.3 Forms

You're viewing help content for version:

Using the Trust Store Management, you can import, edit, and delete certificates that you trust on the server for validation of digital signatures and certificate authentication. You can import and export any number of certificates. After a certificate is imported, you can edit the trust settings and trust store type. Consider the following options when combining trust store types:

  • Trust for Certificate Authentication with CA: For CRL validation, also select Trust for Identity.

  • Trust for Certificate Authentication with ICA: Select only Trust for Identity. An ICA should not be trusted for Certificate Authentication. If you trust the ICA for Certificate Authentication, the ICA becomes a CA for path building. If the ICA is trusted for both Certificate Authentication and Identity, the CA vendor certificate is ignored because the ICA becomes the CA.

  • Trust for OCSP Server with HTTPs: If the OSCP respondent server resides at an HTTPs location, you must also select Trust for SSL Connections. If the OSCP respondent requires CRL validation, ensure that you also select Trust for Identity.

  • Adobe Root: Do not select SSL Connections or OCSP Server Trust Store Types. Adobe Root is not trusted for SSL Connections and OCSP Server. Adobe does not issue OCSP and SSL certificates. Adobe Root is implicitly trusted with an alias name="ADOBEROOT".

Only X509v3 certificates are supported. This certificate type can be supplied in a binary DER-encoded file (.cer file) or a text file that contains a Base64-encoded version of the same DER-encoded certificate (including X509 certificates in Privacy Enhanced Mail (PEM) format).

Certificates required to complete a signature verification must be in the same store (HSM or database).

You can also import and delete certificates using the Trust Manager API. For details, see “Importing certificates using the Trust Manager API” and “Deleting certificates using the Trust Manager API” in Programming with AEM forms.

Import a certificate

  1. In administration console, click Settings >Trust Store Management > Certificates.

  2. Click Import and, under Trust Store Type, select one of these options:

    • Trust for SSL Connections: Specifies that AEM forms can use certificates to connect to external systems over SSL.

    • Trust for Certify Signature: Specifies that certificates are trusted in document signing operations for certifying author digital signatures.

    • Trust for Signature: Specifies that certificates are trusted in document signing operations for non-author digital signatures.

    • Trust for Certificate Authentication: Specifies AEM forms uses certificates for authenticating users using certificate or smart card authentication.

    • Trust for OCSP Server: Specifies that AEM forms can use certificates to connect to external OCSP responders

    • Trust for Identity: Specifies that certificates can be used to trust information other than types specified above.

    Note:

    The trust store implicitly trusts an Adobe Root Certificate for certificate authentication, signature, certify signature, and identity.

  3. In the Alias box, type the identifier for the certificate.

  4. Click Browse to locate the certificate and then click OK.

Export a certificate

  1. In administration console, click Settings >Trust Store Management > Certificates.

  2. Click the alias name of the certificate to export. The Certificate Details page is displayed.

  3. Click Export, follow the directions to export the certificate, and then click OK.

Edit a certificate’s trust settings and trust store type

  1. In administration console, click Settings >Trust Store Management > Certificates.

  2. Click the alias name of the certificate to edit.

  3. Click Update Certificate.

  4. To change the Alias name of the certificate, type a new name in the Alias box.

  5. To update the trust store type for the certificate, select the appropriate trust store type.

  6. To update the policy restrictions, in the Certificate Policies box, type the policy information, and then click OK.

Delete a certificate

  1. In administration console, click Settings >Trust Store Management > Certificates.

  2. Select the check boxes for the certificates to delete, click Delete, and then click OK.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy

Choose your region

Selecting a region changes the language and/or content on Adobe.com.

Americas
Brasil
Canada - English
Canada - Français
Latinoamérica
México
United States
Europe, Middle East and Africa
Africa - English
België
Belgique
Belgium - English
Česká republika
Cyprus - English
Danmark
Deutschland
Eesti
España
France
Greece - English
Ireland
Israel - English
Italia
Latvija
Lietuva
Luxembourg - Deutsch
Luxembourg - English
Luxembourg - Français
Magyarország
Malta - English
Middle East and North Africa - English
Nederland
Norge
Österreich
Polska
Portugal
România
Schweiz
Slovenija
Slovensko
Suisse
Suomi
Sverige
Svizzera
Türkiye
United Kingdom
България
Россия
Україна
الشرق الأوسط وشمال أفريقيا - اللغة العربية
ישראל - עברית
Asia - Pacific
Australia
Hong Kong S.A.R. of China
India - English
New Zealand
Southeast Asia (Includes Indonesia, Malaysia, Philippines, Singapore, Thailand, and Vietnam) - English
中国
中國香港特別行政區
台灣地區
日本
한국
Commonwealth of Independent States
Includes Armenia, Azerbaijan, Belarus, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Tajikistan, Turkmenistan, Ukraine, Uzbekistan