Posts in Category "Digital Signatures"

LiveCycle ES3: CertificateException: Terminating SSL connection – The server is not trusted

Issue

If you are using LiveCycle ES3 Digital Signatures to apply signatures to PDF documents using a timestamp (TSP) server you may encounter the following exception:

WARN  [com.adobe.livecycle.signatures.pki.client.PKIException] (http-0.0.0.0-8080-7) Exception from transport package   (in the operation : internalSendReceive)

Caused By: java.security.cert.CertificateException: Terminating SSL connection – The server is not trusted(Alerts.java174)

Caused By: Terminating SSL connection – The server is not trusted(PKISocketFactory.java255)

Reason

This exception will occur if the TSP server is configured to use SSL, i.e. with a HTTPS URL, and the relevant certificate from the TSP server is not found in the LiveCycle Trust Store.  In this case the connection to the TSP server is ignored by LiveCycle as it is not configured correctly, and the signature on the PDF will be applied using the local time from the LiveCycle server machine.

Solution

You will need to import the certificate from the TSP server into the LiveCycle Trust Store (AdminUI > Settings > Trust Store Management > Certificates > Import).

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 0.0/10 (0 votes cast)

LiveCycle ES3: PKIException: ALC-DSS-310-033 Invalid timestamp mime type

Issue

If you are using LiveCycle ES3 Digital Signatures to sign PDF files using a timestamp server (TSP) you may encounter the following exception:

2012-06-22 06:48:31,608 WARN  [com.adobe.livecycle.signatures.pki.client.PKIException] (http-0.0.0.0-8080-7) ALC-DSS-310-033 Invalid timestamp mime type. (in the operation : createTimestamp)

Reason

This exception occurs when the TSP server does not return a response with the expected mime-type.  LiveCycle assumes that the TSP servers conform to the standards defined in RFC-3161 (http://www.ietf.org/rfc/rfc3161.txt).  According to this RFC the mime-types for communicating with TSP servers should be

application/timestamp-query
application/timestamp-reply

Solution

You should use a TSP server that conforms to RFC-3161 when integrating with LiveCycle Digital Signatures.

VN:F [1.9.22_1171]
Was this helpful? Please rate the content.
Rating: 7.0/10 (3 votes cast)