The following example is an excerpt of the CUSTOMERS application
in the APPLICATION section of the
pkiserv.tmpl file.
(The vertical ellipses indicate omitted sections.)
# =====================================================================
#
# Application - CUSTOMERS
#
# The installation should customize the CONTENT subsection as appropriate.
#
# =====================================================================
#
<APPLICATION NAME=CUSTOMERS> 1
<CONTENT> 2
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Customers Certificate Generation Application </TITLE>
<SCRIPT LANGUAGE="Javascript">
<!--
//Get browser type
function getBrowserType()
{
// Determine the browser type from where the script is being invoked.
var type = navigator.appName;
if(type == "Microsoft Internet Explorer")
{
}else
{document.getElementById('install').style.display='none';
}
}
// -->
</SCRIPT><SCRIPT LANGUAGE="JavaScript">
<!--
function getOsVersion()
{
var OS = navigator.userAgent;
if (OS.indexOf("Windows NT 5")!=-1)
{
document.getElementById('install').href =
"/PKIServ/PKIXEnroll/PKIXEnrollDeploy.msi";
}
else
{
document.getElementById('install').href =
"/PKIServ/PKICEnroll/PKICEnrollDeploy.msi";
}
return true;
}
//-->
</SCRIPT>
%%-copyright%%
</HEAD>
<BODY>
<H1>PKI Services Certificate Generation Application</H1>
<p>
<A HREF="/PKIServ/cacerts/cacert.der"> 3
Install the CA certificate to enable SSL sessions for PKI Services </A>
<br><p>
<A href = "" id = "install" onClick="getOsVersion()">Install the PKI ActiveX
Control to renew certificates</A> 4
<H2>Choose one of the following:</H2>
<ul>
<li><h3>Request a new certificate using a model</h3>
<FORM name=mainform METHOD=GET ACTION="/[application]/ssl-cgi/catmpl.rexx"> 5
<p><LABEL for="seltemplate">Select the certificate template to use as a model</LABEL>
<SELECT NAME="Template" id="seltemplate"> 6
%%1-Year PKI SSL Browser Certificate%%
<OPTION>1-Year PKI SSL Browser Certificate
%%1-Year PKI S/MIME Browser Certificate%%
<OPTION>1-Year PKI S/MIME Browser Certificate
%%2-Year PKI Windows Logon Certificate%%
<OPTION>2-Year PKI Windows Logon Certificate
⋮
</HTML>
</CONTENT>
<RECONTENT> 7
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Customers Renew or Revoke a Browser Certificate </TITLE>
<SCRIPT LANGUAGE="JavaScript">
<!--
function LoadActiveX()
{
var OS = navigator.userAgent;
if (OS.indexOf("Windows NT 5")!=-1)
{
document.getElementById("xenrollreq").setAttribute("classid","clsid:157B42C3-
25EB-4C6B-A569-27FA081D61EC");
document.getElementById("osname").value="XP";
}
else
{
document.getElementById("cenrollreq").setAttribute("classid","clsid:65D22D38-
D2D2-421F-BDFE-B7D990DDFE96");
document.getElementById("osname").value="nonXP";
}
return true;
}
//--></SCRIPT>
#-- Create a certmgr object for use in the renew process @01A
<OBJECT
classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
CODEBASE="xenroll.cab#Version=5,131,3659,0"
id="certmgr"
>
</OBJECT>
<OBJECT
#-- Create g_objWCF object for CertEnroll process 6@LDA>
<OBJECT
classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"
id="g_objWCF"
>
</OBJECT>
<OBJECT id="xenrollreq">
</OBJECT>
<OBJECT id="cenrollreq">
</OBJECT>
%%-copyright%%
</HEAD>
<BODY onLoad="LoadActiveX()">
<H1>Renew or Revoke a Browser Certificate</H1>
⋮
</BODY>
</HTML>
</RECONTENT>
<RESUCCESSCONTENT> 8
%%-renewrevokeok%%
</RESUCCESSCONTENT>
<REFAILURECONTENT> 9
%%-renewrevokebad%%
</REFAILURECONTENT>
<RECOVERCONTENT> 10
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Recover Certificate</TITLE>
⋮
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidateEntry(frm){
if (ValidRecoverEmail(frm) &&
ValidChallengePassPhrase2(frm)){
return true
⋮
</SCRIPT>
%%-RecoverEmail%%
%%-ChallengePassPhrase2%%
<br><br>
#Uncommented the following lines(GetSec script) if you implement security questions
⋮
INPUT TYPE="submit" VALUE="Recover Certificate">
⋮
</RECOVERCONTENT>
<FINDRECOVERCONTENT> 11
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Use security questions to locate certificate </TITLE>
⋮<RETRIEVECONTENT2> 12
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE Web Based PKIX Certificate Recovery Application</TITLE>
⋮
<RETURNCERT>
%%returnp12cert%%
</RETURNCERT>
<FAILURECONTENT>
%%-requestbad%%
</FAILURECONTENT>
<RENEWEDCERT> 13
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Install Automatic Renewed Certificate</TITLE>
<SCRIPT LANGUAGE="Javascript">
⋮
%%-RenewKeySetIE%%
%%InstallCert%%
</RENEWEDCERT></APPLICATION>
The
numbers in the following list refer to the highlighted tags in the
preceding excerpt of the CUSTOMERS application.
- This is the beginning of the APPLICATION section. The name of
the application is CUSTOMERS.
- This is the beginning of the CONTENT subsection. The CONTENT subsection
contains HTML to display the Web page where the end user requests
or retrieves a certificate. The <H1> indicates
the main heading of that Web page, "PKI Certificate Generation Application." (See Figure 1 for a sample of that
Web page.)
- The HREF tag is the link to install the CA certificate in the
browser.
- The HREF tag is the link to install the PKI Services ActiveX control.
- The ACTION tag indicates where to go when the user
clicks Request certificate.
- The SELECT tag produces a drop-down that lists the certificate
templates the user can request. (The named fields, which are bracketed
with %% symbols, are the names of the certificate
templates.)
- The RECONTENT section contains the HTML to display the Web page
where the end user renews or revokes a certificate. The main heading
on this Web page is "Renew or Revoke a Browser Certificate".
It includes a JavaScript function
that determines which PKI Services ActiveX programs should be loaded.
(See Figure 2 for a sample of
that Web page.)
- The RESUCCESSCONTENT subsection references the %%-renewrevokeok%% named
field, which is defined in the INSERT section. This contains HTML
for the Web page displayed when the user's attempt to revoke a certificate
is successful. The main heading on this Web page is "Request submitted
successfully". (See Figure 3 for
a sample of that Web page.)
- The REFAILURECONTENT subsection references the %%-renewrevokebad%% named
field, which is defined in the INSERT section. This contains HTML
for the Web page displayed when the user's attempt to renew or revoke
a certificate fails. The main heading on this Web page is "Request
was not successful".
- The RECOVERCONTENT subsection contains the HTML and JavaScript to input parameters
required to recover a previously issued certificate whose key was
generated by PKI Services.
- The FINDRECOVERCONTENT subsection displays security questions
for users to answer when they want to recover a certificate and have
forgotten the passphrase.
- The RETRIEVECONTENT2 subsection contains the HTML to allow the
end user to retrieve a recovered certificate.
- The RENEWEDCERT subsection references the %%RenewKeySetIE%% named
field, which is defined in the INSERT section. This field contains
the HTML and JavaScript functions
for the Web page displayed when a user clicks on a link in an email
notification to install an automatically renewed certificate.
z/OS Cryptographic Services PKI Services Guide and Reference
Copyright IBM Corporation 1990, 2014