Digital certificates canb be generated in a couple of ways. They can be "self-signed", meaning they are generated by the user of the certificate using some type of application (Acrobat Pro for example) or utility (Java Keytool for example), or they can be generated by a trusted third party Certificate Authority (i.e VeriSign).
If the digital certificate used to generate a signature was issued from a trusted Certificate Authority (CA), then there is a "certificate chain", meaning the end user certificate "chains" up to the issuing party's (i.e. VeriSign) ROOT certificate. If a digital certificate is"self-signed" there is no certificate "chain".
So, if you are validating a digital signature generated by a self-signed certificate, then you need the corresponding public key to the self-signed certifcate. If you had 1000 users with self-signed certificates, then you need the 1000 corresponding public keys. In the case of LiveCycle you would need to import the 1000 certificates (public keys) into the Trust Store and configure the "trust" for the certificates.
If you are validating a digital signature generated by a certificate issued by a trusted CA, then you need the corresponding public key (root certificate) of the issuing authority. If you had 1000 users with CA issued certificates, you only need the ROOT public key from the issuing CA. In the case of LiveCycle you would need to import the 1 certificates (public keys) into the Trust Store and configure the "trust" for the certificate. If you trust the "issuer", then you implicitly trust any certificate issued by the trusted CA.
Hope this helps.
Steve