You can configure PKI Services Manager to connect to remote servers via a SOCKS proxy. When a SOCKS proxy is configured, all of the following connections are routed through the SOCKS proxy:
Downloading intermediate certificates from an LDAP directory or HTTP server
Downloading a CRL from an LDAP directory or HTTP server
Contacting a CDP as specified in the certificate being validated
Contacting an OCSP responder
Contacting a server specified in AIA extension of the certificate being validated
NOTE:PKI Services Manager authenticates to the SOCKS server using the current user name (the user under which the Reflection PKI Services Manager service is running) and a blank password.
To configure a SOCKS proxy on Windows
Open the Windows Registry Editor and navigate to the following key (or create this key if it does not yet exist).
64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Attachmate\ReflectionPKI
32-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Attachmate\ReflectionPKI
Create a string value called JvmParams and set the value as follows (including quotation marks):
To configure a SOCKS proxy on UNIX
To configure a SOCKS proxy, on UNIX you need to define an environment variable called PKID_JVM_PARAMS. The basic syntax for configuring the environment variable is:
PKID_JVM_PARAMS = "-DsocksProxyHost=proxy_address -DsocksProxyHost=proxy.address.com" export PKID_JVM_PARAMS
NOTE:Include a single set of quotation marks around the entire variable value as shown.
To set the environment variable temporarily, you can enter the command shown above in a shell session. To create a persistent variable, you can use the following procedure.
Log in as root.
Open the pkid init script in a text editor. The default path is:
Linux and Solaris:/etc/init.d/pkid
Under the line that reads "export PKID_HOME" add lines to define and export the new variable. For example:
PKID_JVM_PARAMS = "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080" Export PKID_JVM_PARAMS
Save the modified script.