Configure Connections via a SOCKS Proxy
You can configure PKI Services Manager to connect to remote servers via a SOCKS proxy. When a SOCKS proxy is configured, all of the following connections are routed through the SOCKS proxy:
- Downloading intermediate certificates from an LDAP directory or HTTP server
- Downloading a CRL from an LDAP directory or HTTP server
- Contacting a CDP as specified in the certificate being validated
- Contacting an OCSP responder
- Contacting a server specified in AIA extension of the certificate being validated
Note: PKI Services Manager authenticates to the SOCKS server using the current user name (the user under which the Reflection PKI Services Manager service is running) and a blank password.
To configure a SOCKS proxy on Windows
- Open the Windows Registry Editor and navigate to the following key (or create this key if it does not yet exist).
64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Attachmate\ReflectionPKI
32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Attachmate\ReflectionPKI
- Create a string value called JvmParams and set the value as follows (including quotation marks):
To configure a SOCKS proxy on UNIX
To configure a SOCKS proxy, on UNIX you need to define an environment variable called PKID_JVM_PARAMS. The basic syntax for configuring the environment variable is:
PKID_JVM_PARAMS = "-DsocksProxyHost=proxy_address -DsocksProxyHost=proxy.address.com"
Note: Include a single set of quotation marks around the entire variable value as shown.
To set the environment variable temporarily, you can enter the command shown above in a shell session. To create a persistent variable, you can use the following procedure.
- Log in as root.
- Open the pkid init script in a text editor. The default path is:
Linux and Solaris: /etc/init.d/pkid
- Under the line that reads "export PKID_HOME" add lines to define and export the new variable. For example:
PKID_JVM_PARAMS = "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080"
- Save the modified script.