Configuring Connections using a SOCKS Proxy

You can configure PKI Services Manager to connect to remote servers via a SOCKS proxy. When a SOCKS proxy is configured, all of the following connections are routed through the SOCKS proxy:

• Downloading intermediate certificates from an LDAP directory or HTTP server
• Downloading a CRL from an LDAP directory or HTTP server
• Contacting a CDP as specified in the certificate being validated
• Contacting an OCSP responder
• Contacting a server specified in AIA extension of the certificate being validated

To configure a SOCKS proxy on Windows

1. Open the Windows Registry Editor and navigate to the following key (or create this key if it does not yet exist).

   HKEY_LOCAL_MACHINE\SOFTWARE\Micro Focus\ReflectionPKI

2. Create a string value called JvmParams and set the value as follows (including quotation marks):

   "-DsocksProxyHost=proxy_address -DsocksProxyPort=proxy_port"

   For example:

   "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080"

To configure a SOCKS proxy on Unix

To configure a SOCKS proxy, on Unix you need to define an environment variable called PKID_JVM_PARAMS. The basic syntax for configuring the environment variable is:

PKID_JVM_PARAMS = "-DsocksProxyHost=proxy_address -
DsocksProxyHost=proxy.address.com"
export PKID_JVM_PARAMS

To set the environment variable temporarily, you can enter the command shown above in a shell session. To create a persistent variable, you can use the following procedure.

1. Log in as root.

2. Open the pkid init script in a text editor. The default path is:

   Linux and Solaris:/etc/init.d/pkid

   HP-UX:/sbin/init.d/pkid

3. Under the line that reads "export PKID_HOME" add lines to define and export the new variable. For example:

   PKID_JVM_PARAMS = "-DsocksProxyHost=proxy.address.com -DsocksProxyPort=1080"
   Export PKID_JVM_PARAMS
   

4. Save the modified script.