Removing HPROF dump files

LC_bugRevisiting the topic of Livecycle consuming everything in its path, I found another issue that features in Livecycle ES4 SP1. The symptoms are the usual symptoms; lack of disk space, server crashing, etc. After hunting down all of the extra large files in your system you might find a number of very large files in the following path:



Heap dump off

To turn this feature off, do the following:

  1. Browse to the AEM system console: http://host:port/lc/system/console
  2. Locate the bundle
  3. Stop the bundle

You can then stop Livecycle, delete the HPROF files and restart Livecycle. The bundle should not restart, but its worth checking anyway.

Configuring secure email endpoints in Livecycle

LC LogoA client of ours recently had issues configuring their Livecycle ES4 server to use SSL for an IMAP email endpoint. Turns out it wasn’t as straightforward as the Adobe documentation makes out. In particular, it doesn’t specify where the cacerts file was in their distribution. So I thought I would run through the process in a bit more detail here.


cacerts is a truststore file that is found in the Java distribution that is used by the Livecycle application server. It contains certificate references for well-known certifying authorities such as VeriSign™.  A trust store is used by the Java Virtual Machine (JVM) to authenticate peers during secure communications over a network connection.

Usually finding the cacerts file is not a problem, unless you install the Turnkey edition of Livecycle. And especially if you have upgraded from ES4 to SP1. I just searched my local Livecycle ES4 SP1 distribution and it contained 5 different cacerts files! So how do you find which one you need?

In Windows, just open the System Properties > Advanced Tab > Environment Variables and look for Adobe_JAVA_HOME variable under the System Variables list. If you double-click to open it up, it will point to a JDK version (e.g. C:\Adobe LiveCycle ES4\Java\jdk1.7.0_25). From there, just look under /jre/lib/security and you should see the caerts file.

System Properties (Click for bigger image)

Mail server certificate file

Once you locate the cacerts file, you then need your client certificate to import into the trust store file. If it is a local certificate (for example, from your internal corporate network), you can use the following method to extract the CER file required. (Note: most corporate email servers will have a Web Mail client that you can browse to over HTTPS)

1. Connect to your Corporate Web Mail portal and view the certificate details (I’m using Gmail as an example here)

Cert_1 (Click for bigger image)

2. Click View certificates > Details Tab > Copy To file

Cert_2 (Click for bigger image)

3. Now Save the file somewhere as a Base-64 encoded X.509 CER file

Cert_3 (Click for bigger image)

Cert_4 (Click for bigger image)

Cert_5 (Click for bigger image)

Cert_6 (Click for bigger image)

Finish off

Now just follow the steps as outlined in the Adobe help page:

However, for step #3 use something similar to the following example for Livecycle ES4 SP1 Turnkey (assumes ES4 is installed in C:\Adobe) and once it is imported, you should be good to go (i.e. no restart required)

C:\Adobe\Adobe LiveCycle ES4\Java\jdk1.7.0_25\bin\keytool –import –file C:\Adobe\MyCert.cer -keystore C:\Adobe\Adobe LiveCycle ES4\Java\jdk1.7.0_25\jre\lib\security\cacerts

Changing default server ports in Livecycle ES4 JBoss

JBoss Livecycle ES4 JBoss (including Turnkey) changed the underlying application server to JBoss EAP 5.1.0 and later to 5.2.0 in the SP1 release. This changed the way you alter the port vales for various services. Instead of looking in various different places for the port values, they amalgamated them all into one central configuration file.

The file is located in [server]/conf/bindingservice.beans/META-INF/bindings-jboss-beans.xml

Mastertheboss has a great page about the new Jboss port configuration for JBoss EAP 5.1+ – check it out!


Automatically clean JBoss tmp directory

JBoss_by_Red_Hat I have been poking about JBoss lately trying to get messaging working and I had a look in the %JBOSS_HOME%/server/lc_turnkey/tmp directory. As you would imagine, it was chock full of temporary files (no surprise there). What I didn’t expect was how many files! So after a quick email to Adobe Support to confirm I wasn’t going to upset anything Livecycle related, I shut down JBoss and decided to clean the files out. Sometime into the delete, I got bored and lost count at 82,000 files and something like 6GB of space!

JBoss EAP 5.1.0

I had a quick Google around and it took me to a post on the JBoss Community Forum about deleting out files on a JBoss redeploy. Another user mentions that the tmp directory is never purged on restart or starting and stopping JBoss as it was in previous versions. The recommendation was to edit the run.bat file to do this every time the server is started.

The fix

The suggestion was to delete the files before JBoss starts up in the run.bat file. This example is for JBoss on Windows, but its pretty easy to adapt for Linux (just edit the file instead)

Below is the excerpt from my C:\Adobe\Adobe LiveCycle ES4\jboss\bin\run.bat

pushd %DIRNAME%..
if "x%JBOSS_HOME%" == "x" (
  set "JBOSS_HOME=%CD%"

rem Remove tmp folder on startup
set TMP_FOLDER=%JBOSS_HOME%\server\lc_turnkey\tmp
rmdir "%TMP_FOLDER%" /s /q


if "%OS%" == "Windows_NT" (
  set "PROGNAME=%~nx0%"
) else (
  set "PROGNAME=run.bat"

Enable anonymous access for testing Mobile Forms

IconSometimes it’s easier to enable anonymous unsecured access to pages, assets, etc for testing and quick demos so you don’t have to keep logging in via the SSO screen. After playing with the user security in CQ/CRX in Livecycle ES4, you soon discover that just giving the anonymous user access to your pages or assets isn’t enough to make this happen.  You have to explicitly allow access to these resources from within the OSGi configuration in the Adobe CQ Web Console.

If you want to allow anonymous access to your resources then do the following:

  1. Open OSGi console:  http://[server]:[port]/lc/system/console/configMgr
  2. Search for Apache Sling Authentication Service Bundle
  3. Click the bundle to open it
  4. Ensure Allow Anonymous Access is checked
  5. Under Authentication Requirements section, you need to add an entry that starts
    -/content/node/you/want/to/allow/anonymous/access/to” (without quotes)
  6. Click Save

    Apache Sling Authentication Service

    Apache Sling Authentication Service

  7. Open CQ5 Security:  http://[server]:[port]/lc/useradmin
  8. Double click the everyone group
  9. On the right, click the Permissions tab
  10. Browse to the content node you allowed above
  11. Add the rights you require for the anonymous user (usually its just Read)
  12. Click Save
    CQ5 Security

    CQ5 Security


Everything AEM aka CQ5 based on my experience listed here.

Adobe AEM The Right Way

Best practices, tips, and tricks for your Adobe AEM project


A WCM journey with Day/Adobe CQ

Technoracle (a.k.a. "Duane's World")

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

Adobe LiveCycle Blog

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.


A multi-purpose toolkit for the Adobe LiveCycle and AEM Forms developer.

Code Monkey

Ramblings of a Developer