Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Secure communications > Create an SSL configuration


Develop the WSPKIClient interface for communicating with a certificate authority

Implement the WSPKIClient interface enables WAS security to communicate with a remote certificate authority (CA).


Procedure

  1. Initialize the WSPKIClient method, with init(java.util.HashMap). 
    public void init(java.util.HashMap initAttrs) throws WSPKIException;
    This method is called by WAS runtime to set up connection information to a CA.
  2. • Request a certificate with requestCertificate(byte[], X500Principal, byte[], java.util.HashMap). 
    public X509Certificate[] requestCertificate(byte[] certReq, X500Principal SubjectDN, byte[] revocationPassword, java.util.HashMap customAttrs) throws WSPKIException;
    This method is called by WAS runtime to connect to a CA and requests a certificate signed by the authority. A X509Certificate[] is returned if the requested certificate is created. If a null is returned then queryCertificate() is called to check if the certificate is ready. This method is used when the CA requires manual intervention to process a certificate request.

    You can invoke this operation from the admin console using the Create a CA certificate in SSL task and from a client using the requestCertificate script.

  3. • Revoke a certificate with revokeCertificate(X509Certiifcate[], byte[], String, java.util.HashMap). 
    public void revokeCertificate(X509Certificate[] cert, byte[] revocationPassword, String revocationReason, java.util.HashMap customAttrs) throws WSPKIException;
    This method called by WAS runtime to submit a request to a CA to revoke a certificate.

    We can invoke this operation from the admin console using the revoke CA certificate task, Revoking a CA certificate in SSL, or using the revokeCertificate script.

  4. • Query a certificate with queryCertificate(X509Certiifcate[], byte[], java.util.HashMap). 
    public X509Certificate[] queryCertificate(byte[] certReq, java.util.HashMap customAttrs) throws WSPKIException;
    This method is called by WAS runtime to query if certificate creation is completed on the CA. A X509Certificate[] is returned if certificate request is complete. A null is returned if the certificate request is pending.

    You perform this operation from the admin console using the Query (link to usec_sslperscertreqs.html) option, see Personal certificate requests collectionand from a client using the queryCertificate script.


Results

the WSPKIClient interface for communicating with a certificate authority (CA) is implemented.
Create a CA certificate in SSL
Revoking a CA certificate in SSL
Create an SSL configuration


Related


requestCertificate command
revokeCertificate command
queryCertificate command
createCertRequest command

+

Search Tips   |   Advanced Search