Challenge PKI : 7. Testing
- Copy trust anchor and subscriber certificates to client
Default location of their certificates is
Please copy it to client.
- make directories for each trust anchors.
# on client machine
% cd cert
% make for-client
- run verificatoin clients
For each sub directory, you can find 'cpkiverify' script, one
trust anchor certificate and subscriber certificates.
When you verify a subscriber certificate using
'Challenge PKI Test Suite Sample Client'
which can be downloaded at
or some client which can handle the same command line arguments
as sample implementation
you can use 'cpkiverify' script.
When you use 'gpkiverify' command which is the sample implementation
written in Java type as follows.
% cpkiverify gpkiverify EE_METI_OK.crt
The initial policy set and initial flags which are X.509/RFC3280
certificate path validation input values may be found in
- To use other validation client
Set the trust anchor certificate and verify each subscriber certificates.
When you use the certificate validation server
or S/MIME mail reader, some document for their testing will be
provided near in future.
Some client may requre PKCS#12 to import certificates and keys.
Certificate and keys can be downloaded from CGI.
Then you may generate PKCS#12 using 'openssl' command.
JNSA/IPA Challenge PKI Test Suite