Adobe LIVE CYCLE 7.2 - INSTALLING AND CONFIGURING LIVECYCLE FOR JBOSS, Manual

Page 1: ...bbc Installing and Configuring LiveCycle Security Products for JBoss Adobe LiveCycle October 2006 Version 7 2 ...

Page 2: ...certain jurisdictions Red Hat and JBoss are trademarks or registered trademarks of Red Hat Inc in the United States and other countries Sun Java JavaScript and Solaris are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other countries All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International Inc Products bea...

Page 3: ...iveCycle Reader Extensions 16 Preparing trust components for LiveCycle Document Security 17 Obtaining digital certificates and CRLs 17 Configuring trust data 17 Signing and validating trust xml 18 Updated LiveCycle product information 18 Part I Turnkey Installation 2 Installing LiveCycle Products Using the Turnkey Installation 20 Installing LiveCycle Reader Extensions or LiveCycle Document Securit...

Page 4: ...onfiguring LiveCycle Products 44 Creating an endorsed directory 44 Configuring LiveCycle products for deployment 45 7 Manually Configuring JBoss 49 Starting and stopping JBoss 49 Setting up JBoss 50 Copying the JBoss configuration files 50 Configuring JBoss properties 51 Configuring the transaction time out property 51 Connecting JBoss to the database 52 Configuring a MySQL data source 52 Configur...

Page 5: ...ss 70 A Uninstalling LiveCycle Products 71 Removing the product files installed using a turnkey installation 71 Removing the product files installed using manual installation 72 B Enhancing Server Performance 73 Optimizing inline documents and impacts on JVM memory 73 Cleaning up temporary files from Global storage directory 74 C Supported Platform and Software Combinations 75 D Content and Format...

Page 6: ...ible for installing configuring administering or deploying LiveCycle security products The information is based on the assumption that anyone reading this guide is familiar with application servers Linux and Windows operating systems MySQL Oracle DB2 or SQL Server databases and web environments Conventions used in this guide This guide uses the following naming conventions for common file paths Na...

Page 7: ...e and your specification during installation The location where the LiveCycle database server for LiveCycle Policy Server is installed Name Default value Description For information about See General information about a product and how it integrates with other Adobe products Overview guides for each product The product architecture how to use the APIs and how to develop custom applications for use...

Page 8: ...ted LiveCycle product information 8 Updated LiveCycle product information Adobe Systems has posted a Knowledge Center article to communicate any updated LiveCycle product information with customers You can access the article at www adobe com support products enterprise knowledgecenter c4811 pdf ...

Page 9: ...ucts in the same LiveCycle root location This enables you to assemble the multiple LiveCycle products into one EAR file See Installing LiveCycle Products on page 33 Configuring and assembling Configuring the products modifies a variety of settings that determine how the products work Assembling the products packages all of the installed components that the products need into deployable EAR files a...

Page 10: ...cond time to initialize the database See Manual installation and deployment checklist on page 14 Deploying multiple LiveCycle products To deploy multiple LiveCycle products so that they interoperate you need to install them in the same location assemble them in multiple EAR files and then deploy the EAR files You can use the turnkey method to install and deploy each of the products and using Confi...

Page 11: ... web browsers and JDK versions that LiveCycle products support For a complete list see Supported Platform and Software Combinations on page 75 Required software Supported version Operating System Microsoft Windows Server 2003 Enterprise Edition or Standard Edition with Service Pack 1 SUSE Linux Enterprise Server 9 0 i386 32 bit LiveCycle Policy Server Red Hat Linux Advanced Server 2 1 Update 3 or ...

Page 12: ...ation IBM DB2 8 2 Version 8 1 FixPack 7 Oracle 9i Oracle 10g MS SQL Server 2000 SP 3 Note A database is only required for LiveCycle Policy Server Database driver MySQL mysql connector java 3 0 15 ga bin jar IBM DB2 db2cc jar db2cc_license_cu jar Oracle 10g ojdbc14 jar version 10 1 0 4 MS SQL Server 2000 msbase jar mssqlserver jar msutil jar MySQL 4 1 mysql connector java jar Note Database drivers ...

Page 13: ... configuration process A checklist is provided for installing and configuring when using either the turnkey method or the manual method Before starting the installation ensure that the JAR files are not associated with WinZip or any other application other than the java application launcher Turnkey installation and deployment checklist The following table includes the steps required for installing...

Page 14: ...on program with the turnkey option enabled for JBoss For LiveCycle Policy Server the product JBoss and MySQL are installed For LiveCycle Reader Extensions and LiveCycle Document Security the product and JBoss are installed Installing LiveCycle Products Using the Turnkey Installation on page 20 LiveCycle Reader Extensions Set up default users roles and login files Setting up users roles and login f...

Page 15: ...ficates are unique to each customer but can be installed on multiple systems The Rights credential is delivered as a digital certificate containing both the public key and the private key and the password used to access the credential If your organization orders an evaluation version of LiveCycle Reader Extensions you receive an evaluation Rights credential either from the sales representative thr...

Page 16: ...e product root trust directory It also configures the credential that is deployed to the application server so that the deployed product can access the credential information If your credential information changes you must re sign the trust xml file as well as reconfigure and redeploy the credential You can update the trust xml file re sign the trust xml file and redeploy the credential automatica...

Page 17: ...ed as allowed by the certificate store or the credential itself CER files holding the public key corresponding to a credential can also be exported from PFX files using either Internet Explorer or OpenSSL The CRL distribution point describes where you can download the CRL that corresponds to a particular CER or PFX file The following file types are supported Certificates DER encoded X 509 and base...

Page 18: ...the PDF Manipulation Module This file references the contents of the credentials certificates and CRL directories credentials Credentials are the private keys used to establish identity in encryption operations Credential files used with the Trust Manager Module must be stored in the credentials directory and referenced in the trust xml file certificates Certificates are the public keys that corre...

Page 19: ...tion This section of the guide describes how to complete a turnkey installation of LiveCycle products For information on the manual configuration and deployment of the products see Manual Configuration and Deployment on page 32 ...

Page 20: ...the Apache web server automatically The turnkey installation specifies localhost as the host and 8080 as the port for use by JBoss If JBoss is already installed ensure that it is not using port 8080 You cannot configure an alternative host or port for JBoss during the turnkey installation and configuration process By default the turnkey installation places the LiveCycle product and all of the rela...

Page 21: ...does not exist InstallShield creates the directory for you 11 Review the installation details and click Install A summary screen appears when the installation program finishes installing the product 12 On the summary screen you have the following options If you are installing only one LiveCycle product or this is the last LiveCycle product you are installing select Launch the Configuration Manager...

Page 22: ...ext to continue When you continue Configuration Manager configures the LiveCycle product properties using the default values and assembles the products into the LiveCycle ear file 27 On the Deployment Instructions screen click Next 28 On the Tasks Completed screen click Finish The product is now deployed to JBoss and JBoss should be running If JBoss is not running you can start the JBoss for Adobe...

Page 23: ...urnkey installation For the turnkey installation it is recommended that you accept the default configuration options If you run the manual installation configuration and deployment process you can set all of the configuration options For information about the configuration options see Configuring LiveCycle Products on page 44 Tip To improve the speed of installation disable any on access virus sca...

Page 24: ...reviously run Configuration Manager 15 Select LiveCycle Policy Server and then click Next 16 Review the configuration summary information and then click Back to change any settings or click Next to continue When you continue Configuration Manager configures the LiveCycle product properties using the default values and assembles the products into the LiveCycle ear file 17 On the Application Configu...

Page 25: ...l Programs Administrative Tools Services 2 Right click the JBoss for Adobe LiveCycle service and click Properties 3 From the Startup Type menu select Automatic and then click OK 4 Right click the MySQL for Adobe LiveCycle service and click Properties 5 From the Startup Type menu select Automatic and then click OK Next step For LiveCycle Policy Server you must configure JAAS configuration See Confi...

Page 26: ...r on page 30 For detailed information on how to complete the configuration tasks including specifying the Kerberos run time properties see LiveCycle Policy Server Help This section assumes that you have installed the products configured the application server deployed the products and initialized the LiveCycle database Configuring LiveCycle Policy Server run time properties After the application s...

Page 27: ...y servers to set up user authentication For JBoss deployments the JAAS application name must be the name of the application policy you defined in the login config xml file The directory properties you specify must match those in the login config xml file See Configuring JAAS authentication on page 56 To add Kerberos authentication you must have Microsoft Active Directory 2000 or 2003 controlling a...

Page 28: ...vice should receive the end user s credentials This ensures that only LiveCycle Policy Server referred to as the service in Kerberos receives the credentials and not some other server service or user LiveCycle Policy Server can accomplish this through a special Active Directory account that is created to act as the service Creating the Active Directory account The following example shows how to cr...

Page 29: ...ctive Directory This service corresponds to the new account that is created in the steps presented in Creating the Active Directory account on page 28 and described in the KDC Host Service User Service Password and Service Realm fields Technically Acrobat requires the service in a special format constructed using the service principal Service User as well as the realm Service Realm How these field...

Page 30: ...ot use entrydn Depending on the application server you are using configuration steps may be required from the administrative console to use eDirectory For more information see your application server s documentation LiveCycle Reader Extensions After deploying LiveCycle Reader Extensions to the application server you can perform the following tasks Create applications for LiveCycle Reader Extension...

Page 31: ... files on page 41 For turnkey installations the default username is administrator and the default password is password To edit these values see Setting up users roles and login files on page 41 LiveCycle Document Security After deploying LiveCycle Document Security to the application server you can perform the following tasks Test the installation and deployment of LiveCycle Document Security by b...

Page 32: ...This section of the guide describes how to manually configure and deploy your LiveCycle products For information on the turnkey configuration and deployment of the products see Installing LiveCycle Products Using the Turnkey Installation on page 20 ...

Page 33: ...ducts Using the Turnkey Installation on page 20 Performing the installation When you run an installation program you need the following information The serial number for the product you are installing The type of installation and configuration you are performing See Methods for installing configuring and deploying LiveCycle products on page 10 When installing on Linux the installation program uses...

Page 34: ...elect the application server you are deploying to and click Next Note For JBoss do not select the option to automatically configure and deploy 7 Accept the default directory as listed or click Browse and navigate to the directory where you want to install the product and then click Next Note You can also enter a name for a new install directory and one will be created for you Caution When you inst...

Page 35: ...he error log If any errors occur during the installation the installation program creates a log file called log txt which contains the error messages The log file is located in the LiveCycle root directory Next steps You must now prepare your database and application server for hosting LiveCycle products See Preparing your Environment on page 36 ...

Page 36: ... an empty database All of the tables required to support LiveCycle products will be created by Configuration Manager when you initialize the database See Initializing the Database on page 63 If you are using the turnkey method to install the product JBoss and MySQL are installed and configured automatically you do not need to perform the tasks in this section If you stop and start the LiveCycle da...

Page 37: ... you must create one For information about the location of my ini or my cnf file or how to create the file see the MySQL documentation To customize the MySQL configuration 1 Open the my ini file in a text editor 2 Add the following line to the end of the my ini file max_allowed_packet 25M 3 Save and close the my ini file Creating an Oracle database If you prefer not to use the default database tha...

Page 38: ...on Creating a DB2 database Create a DB2 database by running the script provided in this section The script is tuned for a system that will use 1 GB of memory for the database If your system has a different size of memory dedicated for the database see the DB2 documentation for details on configuring your system settings You must also create a user with SYSADM and DBADM privileges that can be used ...

Page 39: ...nect reset update db cfg for dbname using dbheap 4000 update db cfg for dbname using logbufsz 2048 update db cfg for dbname using locklist 2000 update db cfg for dbname using chngpgs_thresh 40 update db cfg for dbname using logfilsiz 4000 deactivate database dbname activate database dbname 2 Make the following changes to the script Replace the instances of dbname and DBNAME with the name that you ...

Page 40: ...formation about creating the database and user see the SQL Server documentation The SQL Server database can be configured with Windows or SQL Server authentication types For JBoss the authentication type should be set to SQL Server You must download the Microsoft SQL Server JDBC drivers from the following website and then copy them to the appserver root lib directory www microsoft com downloads de...

Page 41: ...rtal jbossas download If you are performing a turnkey install you do not need to install JBoss because Configuration Manager installs it automatically Setting up users roles and login files This section applies to LiveCycle Reader Extensions only To run LiveCycle Reader Extensions you must set up a default user user role and user login The installation program creates the appropriate files but you...

Page 42: ...operties ares roles properties module option login module authentication application policy 8 Save the login config xml file 9 Stop and restart the JBoss application server Configuring DocumentServicesLibrary jar This section applies to LiveCycle Document Security and LiveCycle Reader Extensions only You need to copy the DocumentServicesLibrary jar file from the LiveCycle root directory to the app...

Page 43: ...Cycle Policy Server you must install database drivers to the installation directories of the application server Drivers are required to enable Configuration Manager and the application server to connect to the LiveCycle database You need to install the drivers for the type of database that you use for the LiveCycle database To install the MS SQL Server 2000 SP 3 drivers 1 Download the MS SQL Serve...

Page 44: ...ith the new product when you deploy the file to the application server Note To assemble multiple LiveCycle products each product must be installed in the same LiveCycle root directory When Configuration Manager completes the configuration of the products it places the applicable files to be deployed to the application server LiveCycle ear adobe FontManager ear LiveCycle security ear and edc server...

Page 45: ...s screen select either Use Previously Entered Values or Revert to Default Values and then click Next 6 Select the application server you have installed if displayed select Foundation and the products that you want to configure and then click Next 7 Ensure that only Configure and assemble LiveCycle products is selected and then click Next 8 On the Configure and Assemble Products screen click Next 9...

Page 46: ... in a clustered environment Additional NFS software should be installed on your computer running Windows before enabling this option This option does not affect deployments on Linux Global storage directory A path to a shared directory used to store long lived documents that are passed between LiveCycle products Using an NFS shared directory can help to improve performance See Optimizing inline do...

Page 47: ... if you are not sure what these values should be accept the defaults and click Next 18 LiveCycle Reader Extensions On the Reader Extensions Credential screen browse to the location of your credential file type the credential password and then click Next 19 LiveCycle Reader Extensions LiveCycle Document Security On the Trust XML Review screen review the contents of the trust xml file and click Next...

Page 48: ...e parameters are used The default value is True Default language code The ISO 639 Language Code for the default language The default value is en Default country code The ISO 3166 Country Code for the default country The default value is US 25 LiveCycle Reader Extensions LiveCycle Document Security On the PDFAgent Module Configuration screen configure the maximum number of simultaneous processes al...

Page 49: ... files on page 50 Configure JBoss properties See Configuring JBoss properties on page 51 Configure the transaction time out value See Configuring the transaction time out property on page 51 LiveCycle Policy Server Set up the connection to the LiveCycle database See Connecting JBoss to the database on page 52 LiveCycle Policy Server Set up authentication See Configuring security on page 55 This ch...

Page 50: ...ed to be copied on the instance of JBoss that hosts LiveCycle Policy Server Before copying the files ensure that you make backup copies of all of the files If a file exists in the target location replace it with the new file To copy the JBoss configuration files 1 Copy the files listed in the table below to the target location 2 Remove the hsqldb jdbc2 service xml fle from the appserver root deplo...

Page 51: ...y in the jacorb properties file to ensure that your Adobe document services run properly on the application server The jacorb properties file is located in the appserver root server all conf directory Before making any changes ensure that you create a backup copy of the jacorb properties file To edit the jacorb properties file 1 Open the jacorb properties file in a text editor 2 Locate the jacorb ...

Page 52: ... xml version 1 0 encoding UTF 8 datasources local tx datasource jndi name EDC_DS jndi name connection url jdbc mysql localhost 3306 adobe connection url driver class com mysql jdbc Driver driver class user name adobe user name password adobe password min pool size 1 min pool size max pool size 100 max pool size blocking timeout millis 20000 blocking timeout millis idle timeout minutes 10 idle time...

Page 53: ...verDriver driver class user name adobe user name password adobe password SelectMethod Cursor SelectMethod min pool size 1 min pool size max pool size 100 max pool size blocking timeout millis 20000 blocking timeout millis idle timeout minutes 10 idle timeout minutes check valid connection sql SELECT 1 check valid connection sql local tx datasource datasources 2 Replace the bold text for the follow...

Page 54: ...nnection url driver class oracle jdbc driver OracleDriver driver class user name database_username user name password password password Checks the Oracle error codes and messages for fatal errors exception sorter class name org jboss resource adapter jdbc vendor OracleExceptionSorter exception sorter class name local tx datasource datasources 2 Replace the bold text for the following elements with...

Page 55: ...your LiveCycle database connection url describes the server name the name of the computer that hosts DB2 and port number and the database name The application server uses the URL to connect to the database user name and password are the user name and password that the application server uses to access the database These values are set when you create the database See Creating a DB2 database on pag...

Page 56: ...ations 1 Open the login config xml file from the appserver root server all conf directory If you are deploying LiveCycle Policy Server to an existing instance of JBoss that is already running other LiveCycle applications you can copy the sample application policy element from the default login config xml file insert it into the login config xml file that is in the appserver root conf directory and...

Page 57: ... documentation for the LDAP server For example application policies for Sun ONE and Active Directory see Example application policies on page 58 The following table describes each property that can be configured Configurable option Description user provider url The LDAP URL to your directory server for example ldap servername port java naming security authentication The LDAP authentication type se...

Page 58: ... 389 module option this is the ldap authentication type module option name java naming security authentication simple module option setting this to true forces the code to search for the user with the DN that will be constructed dynamically module option name searchUser true module option if searchUser is true then than the following three configure whether the search is performed anonymously or w...

Page 59: ...onstructed dynamically module option name searchUser true module option if searchUser is true then than the following three configure whether the search is performed anonymously or with a specific user module option name searchUsingAnonymousBind false module option module option name binduser cn John Doe cn users dc company_name dc com module option module option name bindpassword password module ...

Page 60: ...have deployed the products if you need to make any further changes to the run time properties set during configuration you can run Configuration Manager to make the changes and then redeploy the updated EAR file See Configuring LiveCycle Products on page 44 If you are using an external web server see your web server documentation for information on the configuration required to allow access to the...

Page 61: ...le Reader Extensions LiveCycle Document Security adobe FontManager ear LiveCycle Reader Extensions LiveCycle Document Security LiveCycle ear LiveCycle Reader Extensions LiveCycle Document Security LiveCycle security ear LiveCycle Policy Server edc server ear 2 Copy the LCM ear file from the LiveCycle root configurationManager deploy jboss directory to the appserver root server all deploy directory...

Page 62: ...rtup errors are recorded to the application server log files If you have any problems deploying to the application server you can use log files to help you find the problem You can open the log files using any text editor The following log files are located in the appserver root server all log directory boot log LiveCycle Document Security server log yyyy mm dd LiveCycle Reader Extensions server l...

Page 63: ...nning To initialize the database 1 Start the application server 2 Start Configuration Manager by navigating to the LiveCycle root configurationManager directory and entering the following command Windows ConfigurationManager exe Linux ConfigurationManager bin 3 On the Welcome screen click Next 4 Select Custom Configuration Wizard and click Next 5 If prompted on the Configuration Preferences screen...

Page 64: ...ration This section of the guide describes the additional configuration tasks that you need to perform after LiveCycle products are deployed to the application server and the LiveCycle database is initialized for LiveCycle Policy Server ...

Page 65: ...rver all conf directory Then you must edit the jboss service file in the appserver root server all conf directory Also note that keytool is typically located in your Java jre bin directory For information about using keytool see the keytool html file that is part of your JDK documentation Note The password you type as the keystore password must correspond with the PassPhrase specified in the Data ...

Page 66: ...ntry code for this unit Unknown CA Is CN first_last OU company_name O company_name L town_name ST state_name C CA correct no yes Enter key password for ads credentials Unknown Press ENTER if the same as keystore password Tip The genkey procedure can be entered as a single command as in the following example keytool genkey alias ads credentials keyalg RSA keystore ads ssl jks validity 3650 storepas...

Page 67: ...ads ssl jks jacorb security keystore_password password trusted ca certs are also in the same keystore jacorb security jsse trustees_from_ks on jacorb security support_ssl on client side ssl supported or enforced jacorb security ssl client supported_options 60 jacorb security ssl client required_options 0 server side ssl supported or enforced jacorb security ssl server supported_options 60 jacorb s...

Page 68: ...bute name KeyStorePass password attribute mbean 4 Replace the mbean node text below the RMI JRMP invoker line with the following mbean node text mbean code org jboss invocation jrmp server JRMPInvoker name jboss service invoker type jrmp attribute name RMIObjectPort 4444 attribute attribute name ServerAddress jboss bind address attribute attribute name RMIClientSocketFactory org jboss security ssl...

Page 69: ...erver is installed this configuration is already completed as part of the LiveCycle Policy Server configuration process If LiveCycle Reader Extensions or LiveCycle Document Security are installed on separate application servers the application servers must be on the same subnet or port access might be blocked All products must also be running on the same application server type For example if Live...

Page 70: ...rs JBOSS_HOME server all lib endorsed Configuring LiveCycle Policy Server for EJB access You must configure LiveCycle Document Security or LiveCycle Reader Extensions to use the LiveCycle Policy Server SDK To perform this task configure the LiveCycle Policy Server XML configuration file by default named config xml Note When exporting the config xml file you must rename it to clearly identify that ...

Page 71: ... removing MySQL back up any data that you do not want to lose To remove the product files 1 Navigate to the product root _uninst directory and double click the product name _uninstall exe file Alternatively you can use the Add or Remove Programs function in the Windows Control Panel to start the uninstall program 2 If prompted select a language for the uninstall program and click OK 3 Follow the o...

Page 72: ...nstall directory including JBoss if applicable are subject to removal without further warning Before proceeding back up any data you do not want to lose Removing the product only removes the LiveCycle product root directory from the installation directory structure Note After you have uninstalled your product product files will remain in the LiveCycle root configurationManager export directory Do ...

Page 73: ...hen a document that is sent for processing by LiveCycle products is less than or equal to the maximum inline size the document is stored on the server inline and the document is serialized as an Adobe Document object Storing documents inline can have significant performance benefits A document that is larger than the maximum inline size is stored on the local file system in the storage directories...

Page 74: ...ion To store a document inline there must be sufficient contiguous space in the JVM heap memory Some operating systems JVMs and garbage collection algorithms are prone to heap fragmentation Fragmentation decreases the amount of contiguous heap space and can lead to OutOfMemoryError even when sufficient total free space exists For example previous operations on the application server have left the ...

Page 75: ...3 JBoss 3 2 5 J2SDK version 1 4 2_04 MySQL 4 1 JBoss 3 2 5 J2SDK version 1 4 2_04 Oracle 9i JBoss 3 2 5 J2SDK version 1 4 2_04 Oracle 10g IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere Oracle 9i BEA WebLogic Server 8 1 SP5 J2SDK version 1 4 2_08 Oracle 9i BEA WebLogic Server 8 1 SP5 J2SDK version 1 4 2_08 Oracle 10g IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere Oracle 10g BEA WebL...

Page 76: ...ith WebSphere IBM DB2 8 2 Version 8 1 FixPack 7 IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere Oracle 9i IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere Oracle 10g Red Hat Linux AdvancedServer 3 0 JBoss 3 2 5 J2SDK version 1 4 2_04 IBM DB2 8 2 Version 8 1 FixPack 7 JBoss 3 2 5 J2SDK version 1 4 2_04 MySQL 4 1 JBoss 3 2 5 J2SDK version 1 4 2_04 Oracle 9i JBoss 3 2 5 J2SDK version 1 4...

Page 77: ...Version 8 1 FixPack 7 Applicable to LiveCycle Policy Server only BEA WebLogic Server 8 1 SP5 J2SDK version 1 4 2_08 Oracle 9i BEA WebLogic Server 8 1 SP5 J2SDK version 1 4 2_08 Oracle 10g IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere IBM DB2 8 2 Version 8 1 FixPack 7 IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere Oracle 9i IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere Ora...

Page 78: ...ss 3 2 5 J2SDK version 1 4 2_04 Oracle 10g JBoss 3 2 5 J2SDK version 1 4 2_04 MySQL 4 1 BEA WebLogic Server 8 1 SP5 J2SDK version 1 4 2_08 IBM DB2 8 2 Version 8 1 FixPack 7 Applicable to LiveCycle Policy Server only BEA WebLogic Server 8 1 SP5 J2SDK version 1 4 2_08 Oracle 9i IBM WebSphere 5 1 1 5 IBM JDK installed with WebSphere IBM DB2 8 2 Version 8 1 FixPack 7 IBM WebSphere 5 1 1 5 IBM JDK inst...

Page 79: ...ollowing text is an example of a typical trust xml file xml version 1 0 encoding UTF 8 trust trustAnchors cerrecord cerFile JohnSmithDER cer TrustedFor Signatures CertifiedDocuments DynamicContent Identity SSL cerrecord cerFile Alice cer TrustedFor Identity Signatures trustAnchors CRLs crl URL http crl adobe com testCA3 crl filename testCA3 crl crl URL http crl adobe com testCA4 crl filename testC...

Page 80: ...be CDS intermediate CAs are issued is always automatically trusted for the Identity Signatures and CertifiedDocuments flags The values allowed in the trustedFor attribute are described in this table Flag Description Identity Include this certificate when determining trust If this flag is not present the certificate can be used in building a certificate chain but cannot be used to determine what th...

Page 81: ... SHA1 fingerprint of the corresponding certificate The sha1 value can be used to distinguish among different keys if more than one is stored in a single PKCS 12 file If the sha1 value is not provided and the PKCS 12 file contains multiple appropriate credentials an exception is raised hsmrecord alias The name by which the credential is known to the PDF Manipulation Module API It must be unique in ...

Page 82: ... If no matching URL is found for a CRLdp value in the trust xml file during signature validation LiveCycle Document Security or LiveCycle Reader Extensions looks up the CRL over the network If the CRL is not retrieved the signature validation fails and a warning is not generated in the log file Common to all record types EmbedRevInfo Optional Specifies whether the revocation information is embedde...

Page 83: ...Username This attribute is required if a timestamp server is specified If this value is present in addition to a username value in the URL attribute the value in the URL attribute is tried first If that value fails the value specified by this Username attribute is used Password This attribute is required if a timestamp server is specified If this value is present in addition to a password value in...

Page 84: ...cation information is returned if available AlwaysRequired Revocation checking is always required The default value is RequiredIfInfoAvail MaxClockSkew Optional The maximum allowed skew in response time and local time in minutes The default value is 5 ResponseFreshness Optional The maximum time validity of a preconstructed OCSP response in minutes The default value is 525600 one year URLToConsult ...

Page 85: ...on You can set this attribute to one of the following values AlwaysUseCurrentTime Use current time UseSigningTimeIfSecureElseCurrent Use signing time if it is secure timestamped otherwise use current time UseSigningTime Use signing time The default value is UseSigningTimeIfSecureElseCurrent proxy Host The host name or IP address of the proxy server Port Optional The port where the proxy server is ...

Page 86: ...lar Myriad Pro Italic Myriad Pro Bold Myriad Pro Semibold Myriad Pro Semibold Italic Myriad Pro Bold Italic Myriad Pro Black Myriad Pro Black Italic Minion Pro Regular Kozuka Mincho Std Extra Light Kozuka Mincho Std Light Kozuka Mincho Std Regular Kozuka Mincho Std Medium Kozuka Mincho Std Bold Kozuka Mincho Std Heavy Kozuka Gothic Std Extra Light Minion Pro Italic Minion Pro Semibold Minion Pro S...

Page 87: ... updates 8 manual deployment 60 manual installation 33 turnkey installation 20 Adobe LiveCycle Reader Extensions integrating with LiveCycle Policy Server 69 JAR file configuring 42 manual installation 33 resetting counter for 62 Rights credentials 15 setting up users roles and login files 41 trust components 16 trust xml file 79 turnkey installation 20 web application accessing 30 Adobe LiveCycle ...

Page 88: ...Boss 61 deployment checklists 13 configuring LiveCycle products for 44 digital certificates obtaining 17 directories endorsed creating 44 Global storage 46 74 JBoss naming convention 60 document transfer performance increasing 73 documentation resources 7 DocumentServicesLibrary jar file copying 42 E EAR files deployable 61 deploying to JBoss 61 eDirectory directory server configuring support for ...

Page 89: ...e database creating 37 creating data source for JBoss 54 P PDF support 12 prefs element trust xml file 83 private keys 17 product files removing 71 72 public keys 17 R Rights credentials obtaining 15 run time properties configuring for LiveCycle Policy Server 26 S security configuring on JBoss 55 65 required to run LiveCycle Document Security 17 setting for offline documents 27 signing trust xml f...

Page 90: ...cle Security Products for JBoss 90 V verifying LiveCycle Document Security installation 31 trust xml file 18 viewing log files 35 62 W web application LiveCycle Reader Extensions 30 web browser support 11 X XML configuration file LiveCycle Policy Server 70 ...