June 12, 2014 Leave a comment
A client of ours recently had issues configuring their Livecycle ES4 server to use SSL for an IMAP email endpoint. Turns out it wasn’t as straightforward as the Adobe documentation makes out. In particular, it doesn’t specify where the cacerts file was in their distribution. So I thought I would run through the process in a bit more detail here.
cacerts is a truststore file that is found in the Java distribution that is used by the Livecycle application server. It contains certificate references for well-known certifying authorities such as VeriSign™. A trust store is used by the Java Virtual Machine (JVM) to authenticate peers during secure communications over a network connection.
Usually finding the cacerts file is not a problem, unless you install the Turnkey edition of Livecycle. And especially if you have upgraded from ES4 to SP1. I just searched my local Livecycle ES4 SP1 distribution and it contained 5 different cacerts files! So how do you find which one you need?
In Windows, just open the System Properties > Advanced Tab > Environment Variables and look for Adobe_JAVA_HOME variable under the System Variables list. If you double-click to open it up, it will point to a JDK version (e.g. C:\Adobe LiveCycle ES4\Java\jdk1.7.0_25). From there, just look under /jre/lib/security and you should see the caerts file.
Mail server certificate file
Once you locate the cacerts file, you then need your client certificate to import into the trust store file. If it is a local certificate (for example, from your internal corporate network), you can use the following method to extract the CER file required. (Note: most corporate email servers will have a Web Mail client that you can browse to over HTTPS)
1. Connect to your Corporate Web Mail portal and view the certificate details (I’m using Gmail as an example here)
2. Click View certificates > Details Tab > Copy To file
3. Now Save the file somewhere as a Base-64 encoded X.509 CER file
Now just follow the steps as outlined in the Adobe help page: http://help.adobe.com/en_US/livecycle/11.0/AdminHelp/WS92d06802c76abadb-5145d5d12905ce07e7-7edc.2.html
However, for step #3 use something similar to the following example for Livecycle ES4 SP1 Turnkey (assumes ES4 is installed in C:\Adobe) and once it is imported, you should be good to go (i.e. no restart required)
C:\Adobe\Adobe LiveCycle ES4\Java\jdk1.7.0_25\bin\keytool –import –file C:\Adobe\MyCert.cer -keystore C:\Adobe\Adobe LiveCycle ES4\Java\jdk1.7.0_25\jre\lib\security\cacerts