Challenge PKI : 7. Testing


  1. Copy trust anchor and subscriber certificates to client
    Default location of their certificates is '/usr/local/cpki/testcase/cpki2002jpki2/data/cert'. Please copy it to client.
  2. make directories for each trust anchors.
    # on client machine
    % cd cert
    % make for-client
  3. run verificatoin clients
    For each sub directory, you can find 'cpkiverify' script, one trust anchor certificate and subscriber certificates. When you verify a subscriber certificate using 'Challenge PKI Test Suite Sample Client' which can be downloaded at this site or some client which can handle the same command line arguments as sample implementation you can use 'cpkiverify' script. When you use 'gpkiverify' command which is the sample implementation written in Java type as follows.
    % cpkiverify gpkiverify EE_METI_OK.crt
    The initial policy set and initial flags which are X.509/RFC3280 certificate path validation input values may be found in 'cpkiverify' script.
  4. To use other validation client
    Set the trust anchor certificate and verify each subscriber certificates. When you use the certificate validation server (i.e. cvs) or S/MIME mail reader, some document for their testing will be provided near in future. Some client may requre PKCS#12 to import certificates and keys. Certificate and keys can be downloaded from CGI. Then you may generate PKCS#12 using 'openssl' command.

JNSA/IPA Challenge PKI Test Suite