Environment
Situation
Reflection PKI Services Manager is a service that provides certificate validation services for many Attachmate products. This technical note outlines the new features available in the Reflection PKI Services Manager 1.3 (released October 2013), as well as product release notes and information about how to obtain and install this service.
Resolution
Note the following:
- A newer version of this product, Reflection PKI Services Manager 1.3 Service Pack 1, released January 2015. For details, see KB 7021881.
- For a list of products that include Reflection PKI Services Manager, see KB 7021880.
- For information about platforms Reflection PKI Services Manager is supported on, see KB 7021871.
Java and PKI Services Manager
PKI Services Manager installs its own Java Runtime Environment (JRE) and uses this installed JRE by default. It is also possible to configure PKI Services Manager to use a different JRE. Beginning with version 1.2.2 and higher, the JRE you configure must be Java version 7 (1.7.0_nn). To use Java version 6, you must be running PKI Services Manager version 1.2.1 or earlier.
New Features in 1.3
- JITC DoD PKI certification for Reflection PKI Services Manager 1.3.
- Support for Microsoft Windows Server 2012 has been added.
- The installed Java Runtime Environment (JRE) has been updated to Oracle Java 7 Update 25 on all platforms except AIX. The JRE installed on AIX remains unchanged from the previous Reflection PKI Services Manager release: IBM Java 1.5.0.
Resolved Issues
- PKI Services Manager now provides both DER and PEM format when a certificate is sent to an external application to determine the allowed identity.
- The certificate validation tool, pki-val, now runs properly on AIX.
Known Issue
When PKI Services Manager 1.3 provides certificate services to Reflection for Secure IT Web Edition 8.1 and there are more trust anchors configured in PKI Services Manager than can be returned (either by size or number), an error will be written to the log file.
The error when the size of the trust anchors is too large:
[error] [<date>] [NetDispatcher.writeOutputStream - error:
IO error: Software caused connection abort: socket write error]
The error when the number of trust anchors is greater than 20:
[error] [<date>] [Too many trust anchors to return to client. Please upgrade the client.]
Contact Attachmate Technical Support (https://support.microfocus.com/contact/) for assistance.
Obtaining Your Add-on Component
The directions for obtaining the Reflection PKI Services Manager add-on vary depending on the type of customer: maintained or new customers, or evaluating customers.
Note: You can install or upgrade the PKI Services Manager component without changing your installed Attachmate product version.
Maintained or New Customers
Maintained customers are eligible to download the latest product release from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
New Volume Purchase Account customers can use link(s) in the email message sent to the order "ship to" contact to download PKI Services Manager files.
The PKI Services Manager file downloads for various platforms are listed in the Download Library on your product's download page under the heading, "Supplemental File – Utility or Add-On," which appears below the "Current Product Release" and "Service Pack or Patch" headings. You will be prompted to login and accept the Software License Agreement before you can select and download the PKI Services Manager file. For more information on using the Download Library web site, see KB 7021965.
Evaluating Customers
The latest product release is available to evaluate when you request an evaluation copy of the products listed in KB 7021880 from the Attachmate web site (https://www.attachmate.com/products/).
You will be prompted to fill out a form and then will receive an email with instructions about downloading the evaluation software.
The PKI Services Manager file downloads are intermixed in the file listing of Attachmate product downloads, which are organized by available platforms under the "Description" heading. The PKI Services Manager file downloads include "PKI Services Manager Add-On" in the description.
After downloading the product evaluation software, you must navigate back to the file listing page to obtain the PKI Services Manager Add-On. Alternatively, you can click the link in the original email to return to the file listing page.
Supported Platforms
For information about Reflection PKI Services Manager supported platforms, see KB 7021871.
Installing Reflection PKI Services Manager
Reflection PKI Services Manager version 1.3 is a full product installation and does not require a previous version to be installed. Installation instructions vary depending on platform. For detailed installation instructions on a Windows or UNIX platform, see the PKI Services Manager 1.3 User Guide available from the documentation page: https://support.microfocus.com/manuals/pki.html.