PKI Client Java API - dogtagpki/pki GitHub Wiki

Overview

This page describes how to use PKI Client Java API to access services on PKI server.

NSS Database

The PKI client requires an NSS Database to store CA certificates, client certificates and their keys, and to perform certain crypto operations. The NSS database can be prepared using PKI CLI.

To access the NSS database using JSS:

String nssDatabasePath = <NSS database path>;
String nssDatabasePassword = <NSS database password>;

CryptoManager.initialize(nssDatabasePath);

CryptoManager manager = CryptoManager.getInstance();
CryptoToken token = manager.getInternalKeyStorageToken();
Password password = new Password(nssDatabasePassword .toCharArray());
token.login(password);

Configuration

The location of the PKI server can be specified as follows:

ClientConfig config = new ClientConfig();
config.setServerURL("https://localhost:8443");

By default the client will use anonymous connection.

To authenticate using client certificate stored in the above NSS database, specify the nickname of the certificate as follows:

config.setCertNickname("caadmin");

The authentication will happen when the client connects to the server using SSL connection.

See also ClientConfig.

PKI Client

To connect to PKI server:

PKIClient client = new PKIClient(config);

See also PKIClient.

PKI Subsystems

PKI Client Java API

These are the available client classes:

Examples

To see how the Java API is used, see the examples.

See also the CLI classes in com.netscape.cmstools.

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️