Developing the WSPKIClient interface for communicating with a certificate authority

Implementing the WSPKIClient interface enables WebSphere® Application Server security to communicate with a remote certificate authority (CA).

Procedure

  1. Initialize the WSPKIClient method, with init(java.util.HashMap).
    public void init(java.util.HashMap initAttrs) throws WSPKIException;
    This method is called by WebSphere Application Server runtime to set up connection information to a CA.
  2. • Request a certificate with requestCertificate(byte[], X500Principal, byte[], java.util.HashMap).
    public X509Certificate[] requestCertificate(byte[] certReq,
    X500Principal SubjectDN, byte[] revocationPassword,
    java.util.HashMap customAttrs) throws WSPKIException;
    This method is called by WebSphere Application Server runtime to connect to a CA and requests a certificate signed by the authority. A X509Certificate[] is returned if the requested certificate is created. If a null is returned then queryCertificate() is called to check if the certificate is ready. This method is used when the CA requires manual intervention to process a certificate request.

    You can invoke this operation from the administrative console using the Creating a CA certificate in SSL task and from a client using the requestCertificate script.

  3. • Revoke a certificate with revokeCertificate(X509Certiifcate[], byte[], String, java.util.HashMap).
    public void revokeCertificate(X509Certificate[] cert, byte[] revocationPassword,
    String revocationReason, java.util.HashMap customAttrs) throws WSPKIException;
    This method called by WebSphere Application Server runtime to submit a request to a CA to revoke a certificate.

    You can invoke this operation from the administrative console using the revoke CA certificate task, Revoking a CA certificate in SSL, or using the revokeCertificate script.

  4. • Query a certificate with queryCertificate(X509Certiifcate[], byte[], java.util.HashMap).
    public X509Certificate[] queryCertificate(byte[] certReq,
    java.util.HashMap customAttrs) throws WSPKIException;
    This method is called by WebSphere Application Server runtime to query if certificate creation is completed on the CA. A X509Certificate[] is returned if certificate request is complete. A null is returned if the certificate request is pending.

    You perform this operation from the administrative console using the Query (link to usec_sslperscertreqs.html) option, see Personal certificate requests collectionand from a client using the queryCertificate script.

Results

the WSPKIClient interface for communicating with a certificate authority (CA) is implemented.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Feb 5, 2014 9:49:51 PM CST
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=compass&product=was-nd-mp&topic=tsec_7dev_WSPKIClient_interface
File name: tsec_7dev_WSPKIClient_interface.html