Steps for building the sample application

Perform the following steps to build the sample application:
  1. Copy the pkitpsamp.c program and Makefile.pkitpsamp to the current directory by entering the following commands: 
    cp /usr/lpp/pkiserv/samples/pkitpsamp.c pkitpsamp.c
cp /usr/lpp/pkiserv/samples/Makefile.pkitpsamp Makefile

    _______________________________________________________________

  2. Before compiling pkitpsamp.c, you need to edit some data (for example, information about how you want the Trust Policy to operate and where your LDAP is located). In the pkitpsamp.c code (see Code sample of the PKITP program (pkitpsamp.c)), find the section that begins with a block comment that says // Start of application specific options. Update the code as necessary up to the block comment that says // End of application specific options:
    1. If the number of LDAP servers is not 1, change NUM_LDAPS.
    2. Update ldap_info by specifying your LDAP server and port (myldap.mycompany.com:389 in the sample program). If you have more than one LDAP server, you need to provide this information for each LDAP server.
    3. Replace the "@USERID@/@KEYRINGNAME@" default value for the char ringname[ ] variable in the code sample. Specify either the name of the real SAF key ring containing your trusted CA or site certificates, or the name of the virtual key ring that points to all your trusted CA or site certificates.
      • If using a real SAF key ring, specify the owning user ID and ring name of the real SAF key ring. Example: patelusr/ring01
      • If using a virtual key ring, replace the default value with either *AUTH*/* or *SITE*/* to point to all your trusted CA or site certificates, respectively. (The name of a virtual key ring is always an asterisk.)
    4. If necessary, change the value of useCRLS:
      0
      This means using no CRL processing. (You must specify 0 if you have no LDAP servers.)
      1
      This means querying LDAP for CRLs and processing those found. This is the value in the sample.
      2
      This means using strong CRL checking. (With strong CRL checking, a valid CRL must be found for each CA certificate in the chain.)
    5. If necessary, change NUM_POLICIES, the policies that the application calling PKITP uses. In the sample, this is 2. For each policy, specify the DER-encoded policy information.
    6. If necessary, change INITIALExplicitPolicy from the default of FALSE to TRUE if you want PKITP to require all certificates in the chain to have at least one policydata in the preceding list.

    _______________________________________________________________

  3. Compile and link to produce the executable, pkitpsamp, by entering the following command:
    make

    _______________________________________________________________

  4. Export LIBPATH to include /usr/lpp/pkiserv/lib.
    Example: 
    export LIBPATH=$LIBPATH:/usr/lpp/pkiserv/lib

    _______________________________________________________________

  5. Enable program control by setting the extended attribute for pkitpsamp.
    Example: 
    extattr +p pkitpsamp
    Restriction: To execute the extattr command with the +p option, you must have at least READ access to the BPX.FILEATTR.PROGCTL resource in FACILITY class.

    _______________________________________________________________

  6. Update your C/C++ environment variable _CEE_RUNOPTS to include XPLINK(ON) if it does not already include it. For example, execute the following command from a UNIX shell.
    Example: 
    export _CEE_RUNOPTS=$_CEE_RUNOPTS' XPLINK(ON)'

    _______________________________________________________________

  7. Run the pkitpsamp.c in your own directory by entering the following command:
    pkitpsamp

    _______________________________________________________________

Parent topic: Building the sample application to invoke the certificate validation service