Installing and Configuring Credentials for ADS 
Adobe Document Services (ADS) require access to a credential (private key) in the SAP Application Server to assign usage rights to PDF forms. This is typically the Adobe Reader Rights credential. If you require additional credentials for certification or digital signatures, you can obtain them from a Certificate Authority (CA).
Note
Only DER-encoded X.509 certificates are supported.
In any of these cases, you must install and configure the credentials in the ADS. For ease of use throughout the SAP system, the credential is identified by an alias. The alias is a unique text name, that represents the credential. If you need to install more than one credential on your system, use the default alias for the default credential and any other alias for additional credentials.
SAP applications certifying a PDF form must specify the name of the credential. Otherwise the default credential is used. The table below gives you an overview of the credentials (and their aliases) according to their use.
Use of the Credential |
Default Alias of the Credential |
|---|---|
Reader Rights |
ReaderRights |
Certification |
DocumentCertification |
Digital Signatures |
ServerSignature |
Procedure
If you require additional Certification or Digital Signatures credentials, obtain them from a Certificate Authority (CA).
Install and handle each credential according to the credential's file type:
A PKCS #12 credential may be delivered as a Public Key Cryptography Standards (PKCS) #12 file, with a .pfx filename extension, on a disk or over the Web. This file is password-protected as it represents the identity of the owner. In the SAP NetWeaver Administrator, PKCS #12 credentials are also called P12 Records.
More information: Installing a PKCS #12 Credential
An MSCAPI credential is stored in the certificate storage database on your Microsoft Windows system. The Certificate Authority that provides credentials can recommend which credentials should be stored in the MSCAPI certificate storage database.
More information: Installing an MSCAPI Credential
An HSM credential is delivered as a hardware device – a Hardware Security Module (HSM) – that must be connected to the system. This credential is much more secure than a PKCS #12 credential, because once inserted into the device, it cannot be copied from the device. For installations where security is a priority, it is advantageous to copy any PKCS #12 credentials into a HSM where they are more secure. Access to the HSM is password-protected.
More information: Installing an HSM Credential
Configure the attributes of the credentials used by ADS.
More information: Configuring Credential Attributes used by ADS
ADS log messages that warn, if a credential is about to expire. You can set the number of days that the server begins logging daily warning messages before the credential expires. The ADS check the credentials daily to calculate, which credentials it should log messages for. You can configure the time of day that the expiry dates are calculated.
More information: Configuring Credential Expiry Logging
To be able to use the certification and digital signatures features, you need to install Trusted Anchors to enable the server to verify the certification or signature of a form and Certificate Revocation Lists (CRLs) to identify credentials that can no longer be trusted.
More information: Installing Trusted Anchors and Certificate Revocation Lists