AEM uses public/private key pairs to securely communicate with Adobe I/O and other web services. This short tutorial illustrates how compatible keys and keystores can be generated using the openssl command line tool that works with both AEM and Adobe I/O.
This guide creates self-signed keys useful for development and use in lower environments. In production scenarios, keys are typically generated and managed by an organization’s IT security team.
Solved: I have a licence product of adobe acrobat installed in my pc. I want to use the feature 'save pdf as docx' from windows/linux command line. Is there - 9606461. After printing from command line, adobe will leave aleast one window open which can hang your script. Open a non related pdf or adobe window. This will keep your script running – Pete Brumm Aug 7 '12 at 12:43. AdobeExpiryCheck (v1.0.0.3) is a command-line utility for IT Admins to check whether Adobe products on a computer are using serial numbers that have expired or are expiring.
Generate the public/private key pair
The openssl command line tool’s req command can be used to generate a key pair compatible with Adobe I/O and Adobe Experience Manager.
To complete the openssl generate command, provide the certificate information when requested. Adobe I/O and AEM do not care what these values are, however they should align with, and describe your key.
Add key pair to a new keystore
Key pairs can be added to a new PKCS12 keystore. As part of openssl’s pcks12 command, the name of the keystore (via - caname), the name of the key (via -name) and the keystore’s password (via - passout) are defined.
These values are required to load the keystore and keys into AEM.
The output of this command is a keystore.p12 file.
The parameter values of my-keystore, my-key and my-password are to be replaced by your own values.
Verify the keystore contents
The Java keytool command line tool provides visibility into a keystore to ensure the keys are successfully loaded in the keystore file (keystore.p12).
Adding the keystore to AEM
AEM uses the generated private key to securely communicate with Adobe I/O and other web services. In order for the private key to be accessible to AEM, it must be installed into an AEM user’s keystore.
Navigate to AEM > Tools > Security > Users and edit the user the private key is to be associated with.
Create an AEM keystore
AEM > Tools > Security > Users > Edit user
If prompted to create a keystore, do so. This keystore will exist only in AEM and is NOT the keystore created via openssl. The password can be anything and does not have to be the same as the password used in the openssl command.
Install the private key via the keystore
User > Keystore > Add private key from keystore
In the user’s keystore console, click Add Private Key form KeyStore file and add the following information:
New Alias: the key’s alias in AEM. This can be anything and does not have to correspond with the name of the keystore created with the openssl command.
Keystore File: the output of the openssl pkcs12 command (keystore.p12)
Private Key Alias: The password set in the openssl pkcs12 command via
- passoutargument. Cacani download free.Private Key Password: The password set in the openssl pkcs12 command via
- passoutargument.
Verify the private key is loaded into the AEM keystore
User > Keystore
When the private key is successfully loaded from the provided keystore into the AEM keystore, the private key’s metadata displays in the user’s keystore console.
Adding the public key to Adobe I/O
The matching public key must be uploaded to Adobe I/O to allow the AEM service user, who has the public key’s corresponding private to securely communicate.
Create a Adobe I/O new integration
Create Adobe I/O Integration > New Integration
Creating a new integration in Adobe I/O requires uploading a public certificate. Upload the certificate.crt generated by the openssl req command.
Verify the public keys are loaded in Adobe I/O
The installed public keys and their expiry dates are listed in the Integrations console on Adobe I/O. Multiple public keys can be added via the Add a public key button.
Now AEM hold the private key and the Adobe I/O integration holds the corresponding public key, allowing AEM to securely communicate with Adobe I/O.
Adobe Command Line Options
Resources on adobe.com
ExMan Command Line Tool
Install Adobe Command Line
If you experience installation issues with Adobe Extensions, you can download and use the Extension Manager Command Line tool (ExManCmd).
For information about using this tool, see https://helpx.adobe.com/extension-manager/using/command-line.html
Download the ZIP file for your Operating System and unzip it to a folder of your choice. We’ll call it ExMan_root.
1. Use the Creative Cloud desktop application to install or uninstall any Adobe application, in order to refresh the list of installed Adobe applications in the Extension Manager database.
2. On Listing Detail Page, Click on Download/Install another way in the blue dialog box – or From MyExchange, click the Install Issues? to the right of the extension you want to install.
3. Click Install Issues? at the right of the page.
4. Click the blue download button.
5. When the download of the add-on’s ZXP package is complete, copy it to ExMan_root. Let’s call it myextension.zxp.
6. Close any Adobe applications that are compatible with the Extension.
7. In a command shell (Mac OS Terminal or Windows Command Prompt), go to the ExMan_root folder and run this command for your extension:
- In Mac OS: ./Contents/MacOS/ExManCmd ––install myextension.zxp
- In Windows: ExManCmd.exe /install myextension.zxp
Note: Currently, ExManCmd does not support encrypted extensions for enterprise use cases.
8. Check Where to Find it - Follow the instructions in the “Where to find it” section on the detail page. Some extensions may require you to carry out further steps to install.
This should install the add-on. You can verify the installation with this command:
Adobe Command Line Tools Tool
- In Mac OS: ./Contents/MacOS/ExManCmd ––list all
- In Windows: ExManCmd.exe /list all