z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Environment variables in the environment variables file

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

The environment variables contained in pkiserv.envars and their values are:
_PKISERV_CA_DOMAIN
Specifies the CA domain. The first eight characters must be unique. The first eight characters of the CA domain name are limited to the following character set: alphanumeric characters (a-z, A-Z, 0-9) and the hyphen (-). In addition, the first character must not be a number or hyphen.
Example:
_PKISERV_CA_DOMAIN=WebAppCA
_PKISERV_CONFIG_PATH
Specifies the path name for the directory containing the configuration file, pkiserv.conf, and the certificate template file, pkiserv.tmpl for this CA domain. The default value (if you do not set the environment variable) is /etc/pkiserv.
Guideline: Copy both of these files from the install directory, /usr/lpp/pkiserv/samples, before making any changes.
Note: Because the PKISERV CGIs run in an IBM HTTP Server address space, if the pkiserv.tmpl file is not in its default location of /etc/pkiserv/pkiserv.tmpl, you need to add the _PKISERV_CONFIG_PATH variable to the IBM HTTP Server environment variable file.
  • If you are using IBM® HTTP Server V7.0, the environment variables are added to the configuration files using the SetEnv directive.
  • If you are using IBM HTTP Server V5.3, the environment variables file is usually in /etc/httpd.envvars. PKI Services uses two instances of the IBM HTTP Server. If the two servers are using different environment variables files, you must update both files.
_PKISERV_EXIT
Specifies the full path name for the installation-provided PKI exit program that the PKI Services daemon invokes to perform autorenew preprocessing or postprocessing. (This exit is a UNIX-executable program or shell script.) If you do not define this variable or if it contains a null value, the PKI autorenew exit processing is disabled.
Note: The _PKISERV_EXIT environment variable is also used by the PKI Services CGI scripts to specify an exit program to be used by the Web application. The PKI Services CGI scripts run in an IBM HTTP Server address space, so you must specify the _PKISERV_EXIT environment variable in the IBM HTTP Server environment variables file.
  • If you are using IBM HTTP Server V7.0, the environment variables are added to the configuration files using the SetEnv Directive.
  • If you are using IBM HTTP Server V5.3, the environment variables file is usually /etc/httpd.envvars. PKI Services uses two instances of the IBM HTTP Server. If the two servers are using different environment variables files, you must update both files.
_PKISERV_MSG_LOGGING
Values include:
STDOUT_LOGGING
Indicates writing all messages (verbose, diagnostic, informational, warning, error, and severe) to STDOUT and additionally writing the error and severe messages to STDERR. This is the default if the environment variable is not set.
STDERR_LOGGING
Indicates writing verbose, diagnostic, informational, and warning messages to STDOUT and writing error and severe messages to STDERR.
_PKISERV_MSG_LEVEL
Specifies the subcomponent and message level to log. Messages for a particular subcomponent are logged only if the message level is greater than or equal to the specified level for that subcomponent. You can use an asterisk (*) to indicate all subcomponents. The subcomponent list consists of a subcomponent name and a message level separated by a period (.).

For example, the following sets the message level for all subcomponents to log warning messages or higher. (This is the default setting.)

Example:
_PKISERV_MSG_LEVEL=*.W

You can specify multiple subcomponents by separating entries with a comma (,). For example, the following indicates that all subcomponents are set to message level W (warning) and that the PKID subcomponent is set to message level D (diagnostic).

Example:
 _PKISERV_MSG_LEVEL=*.W,PKID.D
The subcomponents are:
Subcomponent Meaning
* The wildcard character (represents all subcomponents)
CORE The core functions of PKI Services that are not specific to the other subcomponents
DB Activity related to the object store or issued certificate list repositories
LDAP LDAP posting operations
PKID The PKI Services daemon address setup and infrastructure
POLICY Certificate creation and revocation policy processing
SAF SAF key ring, OCEP, and R_datalib calls
TPOLICY Trust policy plug-in processing
The message levels are listed hierarchically:
Debug level Meaning
S This indicates logging only severe messages.
E This indicates logging severe and error messages.
W This indicates logging severe, error, and warning messages. This is the default message level for all subcomponents if you do not set the environment variable.
I This indicates logging severe, error, warning, and informational messages.
D This indicates logging severe, error, warning, informational, and diagnostic messages.
V This indicates logging all messages, including verbose diagnostic messages. This is very verbose.

Guideline: Do not use V level unless IBM support personnel instruct you to do so.
_PKISERV_VARDIR
Specifies the pathname for a directory in which PKI Services will write persistent data. The maximum length of the pathname is 256 characters, including the trailing /. The default value (if you do not set the environment variable) is /var/pkiserv.
_PKISERV_ENABLE_JSP
Specifies whether you use the JSP interface and XML templates for PKI Services Web pages, or the REXX CGI execs and text templates. Set to TRUE to use the JSP interface. The default (if you do not set the environment variable) is to use the REXX CGI exec interface.
Parent topic: Environment variables

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014