Reflection PKI Services Manager is a service that provides certificate validation services for many Attachmate products. This technical note outlines the features available in the Reflection PKI Services Manager 1.3 Service Pack 1 (SP1) released January 2015, as well as product release notes.
- For a list of products that include Reflection PKI Services Manager, see KB 7021880.
- For information about platforms Reflection PKI Services Manager is supported on, see KB 7021871.
Java and PKI Services Manager
PKI Services Manager installs its own Java Runtime Environment (JRE) and uses this installed JRE by default. It is also possible to configure PKI Services Manager to use a different JRE. Beginning with version 1.2.2 and higher, the JRE you configure must be Java version 7 (1.7.0_nn).
- On Linux, Solaris and Windows platforms, the installed Java Runtime Environment (JRE) has been updated to Oracle Java Platform Standard Edition 7 Update 71.
- On AIX, the installed Java Runtime Environment (JRE) has been updated from IBM Runtime Environment Java Technology Edition Version 5 to Version 7 R1 SR2.
- Support for Microsoft Windows Server 2012 R2 has been added.
- Linux Standard Based (LSB) tags have been added to the PKI Services Manager init scripts.
- The default pseudo-random number generator (PRNG) has been updated to use HMACDRBG256.
For current information about security alerts and advisories that may affect PKI Services Manager, see Security Alerts - Reflection PKI Services Manager.
- The User Guide describing the location of the PKID script to start and stop PKI Services Manager on AIX has been corrected.
- Loading a large certificate revocation list (CRL) file from the local store no longer causes an "Error: Socket closed."
When PKI Services Manager 1.3 SP1 tries to test a certificate from the PKI Services Manager Console using a Certificate Revocation List (CRL) file in the Local Store, it will fail to load the CRL file and display a âCRL not foundâ error. This issue only occurs in the PKI Services Manager Console UI and does not prevent PKI Services Manager from properly performing revocation checking.
Certificates can be tested using the pki-client Command Line Utility by running the following:
java âjar pki-client.jar validate <options>
Obtaining Your Add-on Component
The directions for obtaining the Reflection PKI Services Manager add-on vary depending on the type of customer: maintained or new customers, or evaluating customers.
Note: You can install or upgrade the PKI Services Manager component without changing your installed Attachmate product version.
Maintained or New Customers
Maintained customers are eligible to download the latest product release from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
New Volume Purchase Account customers can use link(s) in the email message sent to the order "ship to" contact to download PKI Services Manager files.
The PKI Services Manager file downloads for various platforms are listed in the Download Library on your product's download page under the heading, "Supplemental File â Utility or Add-On," which appears below the "Current Product Release" and "Service Pack or Patch" headings. You will be prompted to login and accept the Software License Agreement before you can select and download the PKI Services Manager file. For more information on using the Download Library web site, see KB 7021965.
The latest product release is available to evaluate by contacting Technical Support, https://support.microfocus.com/contact/.
For information about Reflection PKI Services Manager supported platforms, see KB 7021871.
Installing Reflection PKI Services Manager
Reflection PKI Services Manager version 1.3 SP1 is a full product installation and does not require a previous version to be installed. Installation instructions vary depending on platform. For detailed installation instructions on a Windows or UNIX platform, see the PKI Services Manager 1.3 SP1 User Guide available from the documentation page: https://support.microfocus.com/manuals/pki.html.