General information about digital certificates, and procedures to download and install them.
Adobe uses X.509 digital certificates to identify and authenticate the client and server components that make up an implementation.
When you install a server component ( Insight Server or Repeater), you must install the digital certificate that Adobe has issued for the component. If you need to migrate your Adobe application to another machine, you must obtain a new certificate from Adobe. To do so, contact Adobe Customer Care.
The common name that appears on this certificate identifies the server by a specified domain name (for example, vs001a.mycompany.com). When a server client connects to this server, the server presents this certificate as proof that it is, indeed, the server that the client requested.
Similarly, when you install a server client (for example, Insight or Report) you must install the digital certificate that authorizes a named individual (for example, Jane Smith) to use the installed client application. If you need to migrate your Adobe application to another machine or another named user, you must obtain a new certificate from Adobe. To do so, contact Adobe Customer Care.
The client application presents this digital certificate to gain access to a server component. An administrator of the server component can restrict access to server resources based on the common name or organizational unit values that appear in the client’s certificate.
The X.509 digital certificates installed with Adobe applications also enable its client and server components to exchange information over Secure Sockets Layer (SSL). SSL secures transmissions over HTTP using a public-and-private key encryption system. Adobe’s implementation of SSL supports 1024-bit RSA keys and uses a 128-bit RC4 encryption algorithm.
In addition to security, the digital certificates that you install also function as license keys that enable you to run the installed Adobe software. To function properly, a digital certificate must be node-locked and current, or the application does not start.
See String Encryption for encrypting passwords.
A node-locked certificate is a digital certificate that has been registered to the machine on which it is installed. Node locking permanently associates a certificate with a specific node identifier (a value that uniquely identifies a particular machine). To node lock your certificate, your machine must have Internet access to the Adobe License Server or to a proxy server that has access to the License Server.
If you are installing on a machine that cannot access the Internet, you must obtain and install a special pre-locked certificate as described in Using Digital Certificates on Machines Without Internet Access.
If you are installing on a machine that can access the Internet, your digital certificate is node-locked automatically the first time that you start your Adobe product. After being node-locked, the certificate cannot be used on any other machine. If you need to migrate your Adobe product to another machine, you must obtain a new, unlocked certificate from Adobe.
Besides being node-locked, a digital certificate must be current. To remain current, your certificate must be revalidated on a regular basis (generally every 30 days, but can vary depending on your agreement with Adobe). If your machine has Internet access, the revalidation process is completely transparent. Your Adobe product automatically connects to the License Server and revalidates the certificate when necessary. If your machine does not have Internet access, you need to manually install updated certificates as described in the following section.
If you are installing on a machine that cannot access the Internet, you must request a pre-locked certificate for your installation of Insight Server. A pre-locked certificate is a digital certificate that Adobe manually locks to the node identifier for the machine.
To request a pre-locked certificate, you need to send the node identifier and your certificate number to Adobe Customer Care. To obtain the node identifier for your machine, contact Adobe Customer Care to request the Adobe Node Identifier utility. You also can obtain the node identifier from the alert that the Adobe software issues when it attempts to connect to the License Server and cannot.
When you receive the pre-locked certificate, install it as described in the last two steps of Digital Certificate Installation Procedures. When the certificate needs to be revalidated, you must download a new, validated certificate from the License Server and reinstall it on your machine.
To download and install the digital certificate
Open your web browser to https://aap.adobe.com.
Your browser might prompt you to present a digital certificate at this point. If it does, simply click Cancel to dismiss the dialog box.
On the login screen, enter the Account Name and the Password that you received from Adobe, then click login.
Locate the certificate that has been issued for your Insight Server, then click the icon associated with that certificate.
Make a note of the common name that is assigned to this certificate. You use this name in a later step.
When prompted to save the certificate, click Save. (Note that the name of the file matches the common name associated with the certificate.)
Download the file to the Certificates folder in the directory where you installed Insight Server. This folder already contains a certificate file named trust_ca_cert.pem. This certificate file must always be present.
Rename the downloaded certificate file to: