Configuring secure email endpoints in Livecycle

LC LogoA client of ours recently had issues configuring their Livecycle ES4 server to use SSL for an IMAP email endpoint. Turns out it wasn’t as straightforward as the Adobe documentation makes out. In particular, it doesn’t specify where the cacerts file was in their distribution. So I thought I would run through the process in a bit more detail here.


cacerts is a truststore file that is found in the Java distribution that is used by the Livecycle application server. It contains certificate references for well-known certifying authorities such as VeriSign™.  A trust store is used by the Java Virtual Machine (JVM) to authenticate peers during secure communications over a network connection.

Usually finding the cacerts file is not a problem, unless you install the Turnkey edition of Livecycle. And especially if you have upgraded from ES4 to SP1. I just searched my local Livecycle ES4 SP1 distribution and it contained 5 different cacerts files! So how do you find which one you need?

In Windows, just open the System Properties > Advanced Tab > Environment Variables and look for Adobe_JAVA_HOME variable under the System Variables list. If you double-click to open it up, it will point to a JDK version (e.g. C:\Adobe LiveCycle ES4\Java\jdk1.7.0_25). From there, just look under /jre/lib/security and you should see the caerts file.

System Properties (Click for bigger image)

Mail server certificate file

Once you locate the cacerts file, you then need your client certificate to import into the trust store file. If it is a local certificate (for example, from your internal corporate network), you can use the following method to extract the CER file required. (Note: most corporate email servers will have a Web Mail client that you can browse to over HTTPS)

1. Connect to your Corporate Web Mail portal and view the certificate details (I’m using Gmail as an example here)

Cert_1 (Click for bigger image)

2. Click View certificates > Details Tab > Copy To file

Cert_2 (Click for bigger image)

3. Now Save the file somewhere as a Base-64 encoded X.509 CER file

Cert_3 (Click for bigger image)

Cert_4 (Click for bigger image)

Cert_5 (Click for bigger image)

Cert_6 (Click for bigger image)

Finish off

Now just follow the steps as outlined in the Adobe help page:

However, for step #3 use something similar to the following example for Livecycle ES4 SP1 Turnkey (assumes ES4 is installed in C:\Adobe) and once it is imported, you should be good to go (i.e. no restart required)

C:\Adobe\Adobe LiveCycle ES4\Java\jdk1.7.0_25\bin\keytool –import –file C:\Adobe\MyCert.cer -keystore C:\Adobe\Adobe LiveCycle ES4\Java\jdk1.7.0_25\jre\lib\security\cacerts

Everything AEM aka CQ5 based on my experience listed here.

Adobe AEM The Right Way

Best practices, tips, and tricks for your Adobe AEM project


A WCM journey with Day/Adobe CQ

Technoracle (a.k.a. "Duane's World")

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

Adobe LiveCycle Blog

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.


A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

Code Monkey

Ramblings of a Developer