Running OCSPConfigExample
The OCSPConfigExample sample application setups the Java toolkit to automatically use OCSP.
To run this sample application, execute the following command line in the etjava/examples directory.
java -classpath classes;../lib/enttoolkit.jar com.entrust.toolkit.examples.ocsp.OCSPConfigExample <epf_file> <epf_pwd> [-prop <properties> ]|
Parameter |
Value |
|
<epf_file> |
The path of an Entrust user profile in .epf file format. |
|
<epf_pwd> |
The password for accessing the Entrust profile. |
|
<properties> |
The path of a Java properties file containing the OCSP configuration. |
For example:
C:\etjava\examples>java -classpath classes;../lib/enttoolkit.jar com.entrust.toolkit.examples.ocsp.OCSPConfigExample data/userdata/RSAUser1.epf ~Sample7~ -prop ocsp/ocsp_crl_fallback.propertieslogindoneChecking revocation of the users verification certificateRevocation check was successful!Below is the same example with the system property(com.entrust.toolkit.x509.revocation.RevocationChecker.trace=4) turned on and the resulting output:logindoneChecking revocation of the users verification certificateRevocationChecker: RevocationManager: check() - Checking Revocation of certificate with DN cn=RSA User1,ou=PKI7,o=Java Toolkit Samples,c=CA using com.entrust.toolkit.x509.revocation.OCSPRevocationCheckerRevocationChecker: RevocationManager: checkSingleRevocation() - CertificationException caught with message: OCSRevocationChecker(): check() - The Certificate does not contain an AIA extension that can be followed by this configuration and no local access location has been configured!RevocationChecker: RevocationManager: check() - The revocation status for the specified certificate could not be found by object com.entrust.toolkit.x509.revocation.OCSPRevocationCheckerRevocationChecker: RevocationManager: check() - Checking Revocation of certificate with DN cn=RSA User1,ou=PKI7,o=Java Toolkit Samples,c=CA using com.entrust.toolkit.x509.revocation.CollectionRSRevocationChecker: CollectionRS: --RevocationChecker: CollectionRS: Checking revocation status of certificate with serial number '1064926582' and issuer DN 'ou=PKI7,o=Java Toolkit Samples,c=CA'RevocationChecker: CollectionRS: CRLDistributionPoints were found in the certificateRevocationChecker: CollectionRS: Checking under the following distribution point: 'directoryName: cn=CRL1,ou=PKI7,o=Java Toolkit Samples,c=CA'RevocationChecker: CollectionRS: Searching for CRLs in the Memory CRL Cache revocation storeRevocationChecker: CollectionRS: CRLs not found; no CRLs were found in the Memory CRL Cache revocation storeRevocationChecker: CollectionRS: Searching for CRLs in the LDAP Directory revocation storeRevocationChecker: CollectionRS: CRLs not found; no CRLs were found in the LDAP Directory revocation storeRevocationChecker: CollectionRS: Searching for CRLs in the HTTP revocation storeRevocationChecker: CollectionRS: CRLs not found; no CRLs were found in the HTTP revocation storeRevocationChecker: CollectionRS: The search for CRLs using the following parameters did not locate any valid CRLs; considering this an invalid search - Distribution Point: 'directoryName: cn=CRL1,ou=PKI7,o=Java Toolkit Samples,c=CA', CRL Issuer: null, Certificate Type 'User Certificate'RevocationChecker: CollectionRS: CRLs were not found at the CRLDistributionPoints or CRLDistributionPoints were not found in the certificate; defaulting to the certificate issuerRevocationChecker: CollectionRS: Checking under the following distribution point: 'directoryName: ou=PKI7,o=Java Toolkit Samples,c=CA'RevocationChecker: CollectionRS: Searching for CRLs in the Memory CRL Cache revocation storeRevocationChecker: CollectionRS: CRLs not found; no CRLs were found in the Memory CRL Cache revocation storeRevocationChecker: CollectionRS: Searching for CRLs in the LDAP Directory revocation storeRevocationChecker: CollectionRS: CRLs not found; no CRLs were found in the LDAP Directory revocation storeRevocationChecker: CollectionRS: Searching for CRLs in the HTTP revocation storeRevocationChecker: CollectionRS: CRLs not found; no CRLs were found in the HTTP revocation storeRevocationChecker: CollectionRS: The search for CRLs using the following parameters did not locate any valid CRLs; considering this an invalid search - Distribution Point: 'directoryName: ou=PKI7,o=Java Toolkit Samples,c=CA', CRL Issuer: null, Certificate Type 'User Certificate'RevocationChecker: RevocationManager: check() - Successfull Revocation check performed!Revocation check was successful!