Configure Connections via a SOCKS Proxy

You can configure PKI Services Manager to connect to remote servers via a SOCKS proxy. When a SOCKS proxy is configured, all of the following connections are routed through the SOCKS proxy:

  • Downloading intermediate certificates from an LDAP directory or HTTP server

  • Downloading a CRL from an LDAP directory or HTTP server

  • Contacting a CDP as specified in the certificate being validated

  • Contacting an OCSP responder

  • Contacting a server specified in AIA extension of the certificate being validated

NOTE:PKI Services Manager authenticates to the SOCKS server using the current user name (the user under which the Reflection PKI Services Manager service is running) and a blank password.

To configure a SOCKS proxy on Windows

  1. Open the Windows Registry Editor and navigate to the following key (or create this key if it does not yet exist).

    64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Attachmate\ReflectionPKI

    32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Attachmate\ReflectionPKI

  2. Create a string value called JvmParams and set the value as follows (including quotation marks):

    "-DsocksProxyHost=proxy_address -DsocksProxyPort=proxy_port"

    For example:

    "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080"

To configure a SOCKS proxy on UNIX

To configure a SOCKS proxy, on UNIX you need to define an environment variable called PKID_JVM_PARAMS. The basic syntax for configuring the environment variable is:

PKID_JVM_PARAMS = "-DsocksProxyHost=proxy_address -DsocksProxyHost=proxy.address.com"
export PKID_JVM_PARAMS

NOTE:Include a single set of quotation marks around the entire variable value as shown.

To set the environment variable temporarily, you can enter the command shown above in a shell session. To create a persistent variable, you can use the following procedure.

  1. Log in as root.

  2. Open the pkid init script in a text editor. The default path is:

    Linux and Solaris:/etc/init.d/pkid

    HP-UX:/sbin/init.d/pkid

  3. Under the line that reads "export PKID_HOME" add lines to define and export the new variable. For example:

    PKID_JVM_PARAMS = "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080"
    Export PKID_JVM_PARAMS
    
  4. Save the modified script.