PKI Proxy

From idenprotect Knowledge Base
Jump to: navigation, search


This article explains how to install and configure a proxying PKI connector on top of an existing Pki-connector installation

This connector will accept a request for a P12 cert and if it cannot find a certificate on its local idenprotect Core Platform it will proxy the request to a different PKI connector.

This is required if you wish to configure the UEM to use a PKI connector. For other information about the UEM configuration, please see our UEM Guide


  1. Download the .zip file
  2. Rename to a .war file
  3. Navigate to locations of Apache-Tomcat server for the PKI connector
  4. Stop tomcat
  5. Take a back up of existing .war file and remove from webapps
  6. Take a back up of existing properties file under WEB-INF/classes
  7. Start tomcat (existing connector should be uninstalled)
  8. Copy new .war file to webapps (new connector should be deployed) Make sure .war file has the same name as original connector
  9. If it does not deploy, check permissions on the .war file


  1. Stop tomcat
  2. Edit so that the settings for the idenprotect server match the previous values
  3. Edit the following values as required

Replace with the hostname of the other PKI connector and if using basic authentication set the username and password values as required


Certificate Based Authentication

If the other PKI connector uses Certificate-Based Authentication then you need to configure the Apache-Tomcat server accordingly. This means creating a Keystore with the required keys to support the authentication. To do this you must set the following PKCS12<path to Keystore that holds keypair><keystore password><path to Trustore that hold associated certificate><truststore password> eg JKS

These settings can be made by adding them to the file under the tomcat folder /bin

For example