User Guide
Adobe LiveCycle Content and Format of the trust.xml File
Installing and Configuring LiveCycle Security Products for JBoss CRL element (Certificate revocation) 82
CRL element (Certificate revocation)
The CRL element lists all of the CRL files used by the PDF Manipulation Module for certificate revocation
checking. The
CRL element uses the record type CRL. The attributes of the records map from a URL
(referenced by the
CRLdp value in a certificate) to a file name where the actual CRL is stored so that
LiveCycle Document Security or LiveCycle Reader Extensions never directly fetches a CRL from the web.
The system administrator must keep the CRL files updated. The file referenced by the
filename attribute
is searched for in the directory specified using Configuration Manager.
The attributes of a
CRL record are described in this table.
During the initialization of the PDF Manipulation Module, if a CRL file is missing for a URL entry in the
trust.xml file, a warning is generated in the log file. The warning alerts the administrator to install any
missing CRL files.
If no matching URL is found for a
CRLdp value in the trust.xml file during signature validation, LiveCycle
Document Security or LiveCycle Reader Extensions looks up the CRL over the network. If the CRL is not
retrieved, the signature validation fails and a warning is not generated in the log file.
Common to all
record types
EmbedRevInfo
(Optional) Specifies whether the revocation information is
embedded within the certificate. The value
true indicates
that, if available, the revocation information is embedded. The
default value is
false.
The value of this attribute overrides the global preference. (See
the
signature record type under the prefs element in the
table that begins on page 83
.)
TimestampURL
(Optional) The URL to consult for timestamping information for
this credential. The URL must contain the user name and
password, if required, in this format:
http(s)://[username]:[password]@[path]
The value of this attribute overrides the global preference. (See
the
signature record type under the prefs element in the
table that begins on page 83
.)
Record type Attributes Description
Attribute Description
URL
A reference to the CRLdp value in the corresponding certificate. It must exactly
match the URL found in the
CRLdp field of the certificate.
filename
The file name of the CRL.