Developing the WSPKIClient interface for communicating with a certificate authority

Implementing the WSPKIClient interface enables WebSphere® Application Server security to communicate with a remote certificate authority (CA).

Procedure

  1. Initialize the WSPKIClient method, with init(java.util.HashMap). 
    public void init(java.util.HashMap initAttrs) throws WSPKIException;
    This method is called by WebSphere Application Server runtime to set up connection information to a CA.
  2. • Request a certificate with requestCertificate(byte[], X500Principal, byte[], java.util.HashMap). 
    public X509Certificate[] requestCertificate(byte[] certReq,
X500Principal SubjectDN, byte[] revocationPassword,
java.util.HashMap customAttrs) throws WSPKIException;
    This method is called by WebSphere Application Server runtime to connect to a CA and requests a certificate signed by the authority. A X509Certificate[] is returned if the requested certificate is created. If a null is returned then queryCertificate() is called to check if the certificate is ready. This method is used when the CA requires manual intervention to process a certificate request.

    You can invoke this operation from the administrative console using the Creating a CA certificate in SSL task and from a client using the requestCertificate script.

  3. • Revoke a certificate with revokeCertificate(X509Certiifcate[], byte[], String, java.util.HashMap). 
    public void revokeCertificate(X509Certificate[] cert, byte[] revocationPassword,
String revocationReason, java.util.HashMap customAttrs) throws WSPKIException;
    This method called by WebSphere Application Server runtime to submit a request to a CA to revoke a certificate.

    You can invoke this operation from the administrative console using the revoke CA certificate task, Revoking a CA certificate in SSL, or using the revokeCertificate script.

  4. • Query a certificate with queryCertificate(X509Certiifcate[], byte[], java.util.HashMap). 
    public X509Certificate[] queryCertificate(byte[] certReq,
java.util.HashMap customAttrs) throws WSPKIException;
    This method is called by WebSphere Application Server runtime to query if certificate creation is completed on the CA. A X509Certificate[] is returned if certificate request is complete. A null is returned if the certificate request is pending.

    You perform this operation from the administrative console using the Query (link to usec_sslperscertreqs.html) option, see Personal certificate requests collectionand from a client using the queryCertificate script.

Results

the WSPKIClient interface for communicating with a certificate authority (CA) is implemented.