Show TOC Start of Content Area

Background documentation Installing and Configuring Credentials  Locate the document in its SAP Library structure

Adobe document services require access to a credential (also called a private key) in SAP Web AS to assign usage rights to PDF documents. This is typically the Adobe Reader Rights credential.

If you require additional document security such as certification or digital signatures, you can obtain other credentials from a Certificate Authority (CA). You install and configure other credentials the same way that you install the Reader Rights certificate.

Note

Only DER-encoded X.509 certificates are supported.

Each credential is stored in a Public Key Cryptography Standards (PKCS) #12 file, a hardware device known as a Hardware Security Module (HSM), or as an MSCAPI record in the certificate database on your Microsoft Windows system. For Adobe document services, you must install and handle each credential in a special way:

      A PKCS #12 credential may be delivered simply as a PKCS #12 file, with a .pfx filename extension, on a disk, or over the Web. This file is password-protected and must be handled with care because it represents an extremely valuable resource – the identity of the owner. In the NetWeaver Administrator, PKCS #12 credentials are also called P12 Records.

      An MSCAPI credential is stored in the certificate storage database on your Microsoft Windows system. The Certificate Authority that provides credentials can recommend which credentials should be stored in the MSCAPI certificate storage database.

Caution

Do not make a duplicate copy of these credential files except for backup purposes. These backups must be stored securely. Normal system backups must never be allowed to back up a credential file.

      An HSM credential is delivered as a hardware device that must be connected to the system. This credential is much more secure than a PKCS #12 credential because once inserted into the device, it cannot be copied from the device. For installations where security is a priority, it is advantageous to copy any PKCS #12 credentials into a HSM where they are more secure. Access to the HSM is password-protected.

In any of these cases, you must install and configure the credentials in Adobe document services. For ease of use throughout the SAP system, the credential is identified by an alias. The alias is simply a text name that represents the credential.

Note

On UNIX systems make sure that you enter file names correctly as given in this document, because the corresponding check is case-sensitive.

Adobe document services log messages that warn when a credential is about to expire. You can set the number of days that the server begins logging daily warning messages before the credential expires. Adobe document services checks the credentials daily to calculate which credentials it should log messages for. You can configure the time of day that the expiry dates are calculated. See Configuring Credential Expiry Logging.

 

End of Content Area