Macromedia live cycle 7.2 매뉴얼
Adobe LiveCycle
Content and Format of the trust.xml File
Installing and Configuring LiveCycle Security Products for JBoss
trustAnchor element 80
<prefs>
<proxy name="network-proxy" port="80" />
<ocsp URL="" SendNonce="true" ReqRevCheck="CertRevRequiredIfInfoAvail"
MaxClockSkew="10" ResponseFreshness="525600"
URLToConsult="AIAInCertToCheck" SignRequest="false" />
<timestamp URL="http://tsp.adobe.com" CheckRevocation="CertRev"
HashAlgorithm="SHA1" Username="uname" Password="pwd" />
<signature EmbedRevInfo="true" VerificationTime="UseSigningTime" />
<ocsp URL="" SendNonce="true" ReqRevCheck="CertRevRequiredIfInfoAvail"
MaxClockSkew="10" ResponseFreshness="525600"
URLToConsult="AIAInCertToCheck" SignRequest="false" />
<timestamp URL="http://tsp.adobe.com" CheckRevocation="CertRev"
HashAlgorithm="SHA1" Username="uname" Password="pwd" />
<signature EmbedRevInfo="true" VerificationTime="UseSigningTime" />
</prefs>
</trust>
trustAnchor element
The
trustAnchor
element has one sub-element, which is
cerrecord
. The
cerrecord
sub-element
has two required attributes:
●
cerFile
—A reference to a certificate (.cer) file. The value for this attribute must be a file name only,
not a path name.
●
trustedFor
—A list of things that the certificate is trusted for.
This information is used during the signature validation operation of the PDF Manipulation Module, and is
used in a similar manner as the AddressBook in Acrobat. The PDF Manipulation Module searches the
certificates directory for file names. The certificates directory is imported into the deployment unit. The
Adobe root CDS certificate, from which all Adobe CDS intermediate CAs are issued, is always automatically
trusted for the
used in a similar manner as the AddressBook in Acrobat. The PDF Manipulation Module searches the
certificates directory for file names. The certificates directory is imported into the deployment unit. The
Adobe root CDS certificate, from which all Adobe CDS intermediate CAs are issued, is always automatically
trusted for the
Identity
,
Signatures
, and
CertifiedDocuments
flags.
The values allowed in the
trustedFor
attribute are described in this table.
Flag
Description
Identity
Include this certificate when determining trust. If this flag is not
present, the certificate can be used in building a certificate chain, but
cannot be used to determine what the signature is trusted for.
present, the certificate can be used in building a certificate chain, but
cannot be used to determine what the signature is trusted for.
Signatures
Documents signed with this signature, or whose certificate chain
includes this certificate, are trusted.
includes this certificate, are trusted.
CertifiedDocuments
Documents signed with this signature as an author signature, or
whose certificate chain includes this certificate, are considered trusted
for
whose certificate chain includes this certificate, are considered trusted
for
CertifiedDocuments
.
DynamicContent
This value is valid only when the
CertifiedDocuments
flag is also
present in the flag list. When present, dynamic content (movies, audio,
and so on) are allowed.
and so on) are allowed.
EmbeddedJavaScript
This value is valid only when the
CertifiedDocuments
flag is also
present in the flag list. When present, JavaScript™ embedded in the
document can be executed. This flag needs to be set when you want to
allow certified documents to run any embedded Javascript scripts on
the server.
document can be executed. This flag needs to be set when you want to
allow certified documents to run any embedded Javascript scripts on
the server.
SSL
(Linux) Use this certificate as a trust anchor when determining if any
particular server is trusted for SSL communication. In Windows, the
default (Internet Explorer) certificate store is used instead.
particular server is trusted for SSL communication. In Windows, the
default (Internet Explorer) certificate store is used instead.