Show Contents / Index / Search

Configuring a SOCKS Proxy

You can configure PKI Services Manager to connect to remote servers via a SOCKS proxy. When a SOCKS proxy is configured, all of the following connections are routed through the SOCKS proxy:

  • Downloading intermediate certificates from an LDAP or HTTP server
  • Downloading a CRL from an LDAP or HTTP server
  • Contacting a CDP as specified in the certificate being validated
  • Contacting an OCSP responder
  • Contacting a server specified in AIA extension of the certificate being validated

     

    Note: PKI Services Manager authenticates to the SOCKS server using the current user name (the user under which the Reflection PKI Services Manager service is running) and a blank password.

To configure a SOCKS proxy, you need to define an environment variable called PKID_JVM_PARAMS. The syntax for defining this variable is different in UNIX and Windows.

To configure a SOCKS proxy on Windows

The basic syntax for configuring the environment variable on Windows is:

set PKID_JVM_PARAMS = "-DsocksProxyHost=proxy_address" "-DsocksProxyPort=proxy_port"

Note: Include the quotation marks around each element as shown. This format is required on Windows computers.

To set the environment variable temporarily, you can enter the command shown above in a DOS command box. To create a persistent variable, use the following procedure.

  1. Log in as an administrator.
  2. Open the System control panel, go to the Advanced system settings tab and click Environment Variables.
  3. Under System variables, click New.
  4. Set the variable name equal to PKID_JVM_PARAMS
  5. Define the variable value using the syntax shown above. For example:

    "-DsocksProxyHost=proxy.address.com" "-DsocksProxyPort=1080"

  6. Click OK to close the open dialog boxes.

To configure a SOCKS proxy on UNIX

The basic syntax for configuring the environment variable on UNIX is:

PKID_JVM_PARAMS = "-DsocksProxyHost=proxy_address -DsocksProxyHost=proxy.address.com"

export PKID_JVM_PARAMS

Note: Include a single set of quotation marks around the entire variable value as shown. This format is required on UNIX platforms.

To set the environment variable temporarily, you can enter the command shown above in a shell session. To create a persistent variable, you can use the following procedure.

  1. Log in as root.
  2. Open the pkid init script in a text editor.The default path is:

    Linux and Solaris:/etc/init.d/pkid

    HP-UX: /sbin/ini‑it.d/pkid

  3. Under the line that reads "export PKID_HOME" add lines to define and export the new variable. For example:

    PKID_JVM_PARAMS = "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080"

    Export PKID_JVM_PARAMS
  4. Save the modified script.