Signing And Validating Trust.xml; Updated Livecycle Product Information - Adobe LIVE CYCLE 7.2 - INSTALLING AND CONFIGURING Manual

Adobe LiveCycle
Installing and Configuring LiveCycle Security Products for JBoss
If you are upgrading from Document Security Server 6.0 or later, you can use your existing trust directory
and trust.xml file; you can specify the existing trust directory with Configuration Manager.
This table describes the trust or security components required to run LiveCycle Document Security.
Trust component
trust.xml
credentials
certificates
CRLs
keystore file
key pair

Signing and validating trust.xml

After the installation program creates the trust.xml file and populates it with all of the trust information
that references certificates (trustAnchors), credentials, and CRLs, it signs it to ensure that it is valid and
protected. Any time you add credentials to your system, you must update the trust.xml file and re-sign it.
The private key is used for signing, and the public key is for validation (or verification). Each time you
modify the content of the trust.xml file, you must re-sign the file.
You update the trust.xml file automatically using Configuration Manager. (See
Products" on page

Updated LiveCycle product information

Adobe Systems has posted a Knowledge Center article to communicate any updated LiveCycle product
information with customers. You can access the article at:
www.adobe.com/support/products/enterprise/knowledgecenter/c4811.pdf.
Description
The trust.xml file contains mapping information for the certificates, credentials, and
CRLs used by the PDF Manipulation Module. This file references the contents of the
credentials, certificates, and CRL directories.
Credentials are the private keys used to establish identity in encryption operations.
Credential files used with the Trust Manager Module must be stored in the
credentials directory and referenced in the trust.xml file.
Certificates are the public keys that correspond to credentials. Certificates used
with the Trust Manager Module must be stored in the certificates directory and
referenced in the trust.xml file. Certificates are called trustAnchors in the trust.xml
file.
CRLs contain a list of all of the certificates that are no longer valid. The CRLs
directory can be located anywhere on your system, but it is convenient to maintain
it in the same location as your other trust security resources. CRLs used with the
Trust Manager Module must be stored in the CRLs directory and referenced in the
trust.xml file. CRL files must also be imported into the Trust Manager Module.
The keystore file stores private keys and their associated public key certificates. You
create the keystore, which is used for validating the trust.xml file against the
trust.sig file. It can be located anywhere on your system, but its properties are
configured and maintained within the Trust Manager Module.
The private and public key generated and stored in the keystore is used for signing
and validating the trust.xml file. This key pair is separate from the credentials and
certificates described above. It is used to protect the integrity of the trust data and
is used only during the product startup to verify the data integrity.
44.)
Before You Install
Signing and validating trust.xml
"Configuring LiveCycle
18