Macromedia live cycle 7.2 Manual
Adobe LiveCycle
Content and Format of the trust.xml File
Installing and Configuring LiveCycle Security Products for JBoss
prefs element (Plug-in preferences) 84
ocsp
URL
(Optional) The local OCSP Server URL. This attribute is used
only when the
only when the
URLToConsult
attribute (see attribute later
in this table) is set to
LocalConfig
or
LocalConfigIfNoAIA
.
SendNonce
(Optional) Specifies whether to send a random number in
the OCSP request to prevent replay attacks. The default value
is
the OCSP request to prevent replay attacks. The default value
is
true
.
CheckRevocation
(Optional) Specifies whether the revocation checking on the
OCSP certificates is turned on or off. You can set this attribute
to one of the following values:
OCSP certificates is turned on or off. You can set this attribute
to one of the following values:
●
Never
: Never checks.
●
BestEffort
: Try to if possible. No error if no revocation
information is available.
●
RequiredIfInfoAvail
: Revocation information is
returned if available.
●
AlwaysRequired
: Revocation checking is always
required.
The default value is
RequiredIfInfoAvail
.
MaxClockSkew
(Optional) The maximum allowed skew in response time and
local time (in minutes). The default value is
local time (in minutes). The default value is
5
.
ResponseFreshness
(Optional) The maximum time validity of a preconstructed
OCSP response (in minutes). The default value is
OCSP response (in minutes). The default value is
525600
(one year).
URLToConsult
(Optional) The URL to be used for OCSP checking. You can set
the attribute to one of the following values:
the attribute to one of the following values:
●
AIAInCertToCheck
: Use URL from the certificate.
●
LocalConfig
: Use the local URL provided using the URL
pref. (See the previous description of OCSP URL, in this
table.)
table.)
●
LocalConfigIfNoAIA
: Use local URL if none is
provided in the certificate.
The default value is
AIAInCertToCheck
. The default value
indicates that the URL should be present in the certificate.
SignRequest
(Optional) Specifies whether to sign the request. The default
value is
value is
false
.
Record type
Attribute
Description