Skip to main content

Certificate Validation for Federal Environments

Set Up Webcullis for Enhanced PKI Validation

Introduction

Some environments need to preform path building and discovery of the presented Client Side CAC and PIV certificates. Webcullis is an opensource tool that has been evaluated by the GSA PDVAL testing laboratory and the US DoD JITC testing Laboratory.

  • Performs PDVAL

  • Allows for easy constraints based on EKU, Key Size and more

  • Allows for multiple LDAP directories for path building

  • Allows for OCSP responders to be configured

Download Webcullis from Sourceforge

1. Open the browser on the server and navigate to the PKIF webcullis page and download the Webcullis-2.1.14.12304.msi file to your server.

18153521.png

2. Open Server Manager and navigate to 'Web Server (IIS) and select 'Add Role Service'.

18153522.png

3. Add IIS 6 Management Compatibility.

18153523.png

4. Continue with the installation.

18153524.png

5. Navigate to the download of Webcullis, right-click and install, clicking Next until you select the custom installation.

18153525.png
18153526.png
18153527.png

6. Finally, click Install.

18153528.png

Configure Webcullis

1. Find the configuration in your start menu.

18153529.png

2. Dive into the sub settings of Global and setup the permitted Subtrees, select the EKU you'd like to use for client authentication.

18153530.png

3. Navigate to LDAP and OCSP settings to configure any SLAP servers you would like to use or an OCSP responder.

18153531.png

4. Save your settings.

18153532.png
In this section: