Adobe LiveCycle
Content and Format of the trust.xml File
Installing and Configuring LiveCycle Security Products for JBoss
CRL element (Certificate revocation) 82
CRL element (Certificate revocation)
The
CRL
element lists all of the CRL files used by the PDF Manipulation Module for certificate revocation
checking. The
CRL
element uses the record type
CRL
. The attributes of the records map from a URL
(referenced by the
CRLdp
value in a certificate) to a file name where the actual CRL is stored so that
LiveCycle Document Security or LiveCycle Reader Extensions never directly fetches a CRL from the web.
The system administrator must keep the CRL files updated. The file referenced by the
filename
attribute
is searched for in the directory specified using Configuration Manager.
The attributes of a
CRL
record are described in this table.
During the initialization of the PDF Manipulation Module, if a CRL file is missing for a URL entry in the
trust.xml file, a warning is generated in the log file. The warning alerts the administrator to install any
missing CRL files.
If no matching URL is found for a
CRLdp
value in the trust.xml file during signature validation, LiveCycle
Document Security or LiveCycle Reader Extensions looks up the CRL over the network. If the CRL is not
retrieved, the signature validation fails and a warning is not generated in the log file.
Common to all
record types
EmbedRevInfo
(Optional) Specifies whether the revocation information is
embedded within the certificate. The value
true
indicates
that, if available, the revocation information is embedded. The
default value is
false
.
The value of this attribute overrides the global preference. (See
the
signature
record type under the
prefs
element in the
table that begins on
page 83
.)
TimestampURL
(Optional) The URL to consult for timestamping information for
this credential. The URL must contain the user name and
password, if required, in this format:
http(s)://
[username]
:
[password]
@
[path]
The value of this attribute overrides the global preference. (See
the
signature
record type under the
prefs
element in the
table that begins on
page 83
.)
Record type
Attributes
Description
Attribute
Description
URL
A reference to the
CRLdp
value in the corresponding certificate. It must exactly
match the URL found in the
CRLdp
field of the certificate.
filename
The file name of the CRL.