There might be times when you have to get a new certificate from Adobe. For example, when a production certificate expires, an evaluation certificate expires, or when you switch from an evaluation to a production certificate. When a certificate expires and you do not want to repackage the content that used the old certificate. You can make the License Server aware of both the old and new certificates.
Use the following procedure to update your server with the new certificates:
(Optional) When adding new entries to an existing policy update list or revocation list, be sure to sign with the new credentials, and use the old certificate to validate the signature on the existing file.
For example, use the following command line to add an entry to an existing policy update list, which was signed using a different credential:
java -jar AdobePolicyUpdateListManager.jar newList -f oldList oldSigningCert.cer -u pol 0 "" ""
Use the Java API to update the license server with the new policy update list or revocation list:
HandlerConfiguration.setRevocationList()
or:
HandlerConfiguration.setPolicyUpdateList()
In the reference implementation, the properties you use are HandlerConfiguration.RevocationList
and HandlerConfiguration.PolicyUpdateList
. Also update the certificate used to verify the signatures: RevocationList.verifySignature.X509Certificate
.
To consume content that was packaged using the old certificates, the license server requires the old and new license server credentials and transport credentials. Update the license server with the new and old certificates.
For the license server credentials:
Ensure that the current credential is passed into the LicenseHandler
constructor:
LicenseHandler.ServerCredential
property.LicenseServerCredential
element in the flashaccess-tenant.xml file.Ensure that the current and old credentials are provided to AsymmetricKeyRetrieval
LicenseHandler.ServerCredential
and AsymmetricKeyRetrieval.ServerCredential. n
properties.LicenseServerCredential
element in the flashaccess-tenant.xml file.For the transport credentials:
Ensure that the current credential is passed into the HandlerConfiguration.setServerTransportCredential()
method:
HandlerConfiguration.ServerTransportCredential
property.TransportCredential
element in the flashaccess-tenant.xml file.Ensure that the old credentials are provided to HandlerConfiguration.setAdditionalServerTransportCredentials
():
HandlerConfiguration.AdditionalServerTransportCredential. n
properties.TransportCredential
element in the flashaccess-tenant.xml file.Update packaging tools to make sure they are packaging content with the current credentials. Ensure that the latest license server certificate, transport certificate, and packager credential are used for packaging.
To update the Key Server’s License Server Certificate:
Update the credentials in the Adobe Access Key Server tenant configuration file. Include both the old and new Key Server credentials in flashaccess-keyserver-tenant.xml.
Ensure the current certificate is passed into the HandlerConfiguration.setKeyServerCertificate()
method.
HandlerConfiguration.KeyServerCertificate
property.