Rights Management – How to Get Windows 7 to Trust a Self-Signed Server Certificate

During the proof-of-concept, development, and testing phases of a LiveCycle Rights Management project, HTTP over SSL is usually configured with self-signed server certificates.  For instructions on configuring your appserver with such a certificate, see this and this.

When you try to connect via SSL to the appserver hosting LiveCycle from a Windows client, this will trigger an untrusted certificate warning from Internet Explorer which looks like this:

You have the option to “continue” to the website. However, Adobe Reader or Adobe Acrobat will put up this message (see below) and refuse to let you proceed:

The solution is to tell Windows that you “trust” your self-signed certificate. Here’s how…

In Windows 7, you can perform the following steps:

MMC Snap-In

1) Add the “Certificates” MMC snap-in to the MMC Console. Run the following command from a command prompt:

2) Choose the menu option File->Add/Remove Snap-in

3) From the “Available Snap-ins” list on the left, choose the “Certificates” snap-in and click the Add > button and click OK.

Install Server Certificate to Windows Certificate Store

4) In Internet Explorer (9), load a page via HTTPS. Eg. https://server.adobe.com:8443/adminui

Using Mozilla Firefox won’t help here since it only lets you import the server certificate into its own certificate store, not the Windows one. Adobe Reader and Acrobat checks the Windows certificate store, not the Firefox one.

5) Click on “Continue to this website (not recommended)”

6) Click the warning button to the right of the URL field. See below:

7) Click the link ‘View Certificates’

8) Click ‘Install Certificate’

9) In the Certificate Install Wizard, do NOT choose the “automatically select the certificate store” option. Browse and choose the ‘Trusted Root Certification Authorities’.

10) Make sure that you get the message that the import was successful.  If it fails, you can try again after running Internet Explorer “as an Administrator”.


11) Wait a few minutes – this is really important.  It looks like an imported server certificate takes a few minutes to get listed and become active.

Back in the MMC Console, navigate to Console Root->Certificates – Current User->Trusted Root Certification Authorities->Certificates. Make sure that the server certificate you just imported is listed. If needed, refresh the list.

13) In Internet Explorer, load a page via HTTPS. Eg. https://server.adobe.com:8443/adminui This time, you should NOT receive an “untrusted certificate” warning.

14) Try opening a “protected PDF” that has had rights-management applied to it, This should now work in Adobe Reader or Adobe Acrobat.

This entry was posted in Adobe LiveCycle ES3, Adobe LiveCycle ES2 (9.0.x), Adobe LiveCycle ES and tagged , , , , . Bookmark the permalink.

Comments are closed.