Directory CertStore Provider

A Directory CertStore provider implements a certificate store as a set of files in a file system directory. Each file in the directory is scanned for certificates or certificate revocation lists. A Directory CertStore provider is particularly useful in components that support CRL checking.

The provider accepts a sequence of DER-encoded certificates in binary or in printable base64. If the certificate is provided in Base64 encoding, it must be bounded at the beginning by -----BEGIN CERTIFICATE-----, and must be bounded at the end by -----END CERTIFICATE-----.

The provider also accepts a sequence of DER-encoded Certificate Revocation Lists in binary or in printable base64. If the CRL is provided in Base64 encoding, it must be bounded at the beginning by a line starting with -----BEGIN, and must be bounded at the end by a line starting with -----END.

The provider also accepts certificates and CRLs in pkcs#7 format.

The Reload Period property tells the provider how often to check whether the certstore should be reloaded. By default, the certstore is loaded only once the first time the provider is accessed and will never be reloaded. When defined, the Reload Period is the minimum time to wait before a reload can occur. The check occurs only when the provider is accessed so there is no cost if there is no activity. The value 0 means the provider must check for a possible reload every time it is accessed. The certstore is completely reloaded if the directory or any of the files have modification times later than the last check. This guarantees additions and deletions are recognized.

The following table lists the Directory CertStore Provider properties.

Property

Description

Name *

The name of the Directory CertStore definition to add.

Description

A brief description of the use of this Directory CertStore.

CertStore Location *

CertStore directory location.

Certificate Factory JCE Provider

JCE Provider to use when creating the X.509 Certificate Factory.

Reload Period

Minimum time to wait before the provider checks if the directory contents was modified, hereby forcing the CertStore to be reloaded. The format is [xxh][xxm]xx[s]. Enter 0 to check the directory every time the CertStore is requested. Leave the parameter empty to never reload the CertStore.

Property	Description
Name *	The name of the Directory CertStore definition to add.
Description	A brief description of the use of this Directory CertStore.
CertStore Location *	CertStore directory location.
Certificate Factory JCE Provider	JCE Provider to use when creating the X.509 Certificate Factory.
Reload Period	Minimum time to wait before the provider checks if the directory contents was modified, hereby forcing the CertStore to be reloaded. The format is [xxh][xxm]xx[s]. Enter 0 to check the directory every time the CertStore is requested. Leave the parameter empty to never reload the CertStore.

iWay Software