Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
Exit routine processing for automatic certificate renewal z/OS Cryptographic Services PKI Services Guide and Reference SA23-2286-00 |
|
The PKI Services daemon
supports an installation-provided exit routine for automatic renewal
processing. An exit routine can be written to provide additional automatic
renewal criteria, and to capture the renewed certificate for further
processing. If you choose to implement this exit routine, it must
be a UNIX executable program
residing in a file system, with appropriate permission assigned. The PKI Services daemon identifies
the exit routine as the program specified by the value of the _PKISERV_EXIT environment
variable in the pkiserv.envars file. The value specified
is limited to a maximum of 256 characters. The exit routine is invoked
by the PKI Services daemon
using standard UNIX parameters
(that is, argc and argv[]). The
exit routine communicates its results back to the PKI Services daemon by
way of a return code. The exit routine is called for preprocessing
and post-processing before and after automatic certificate renewal
processing. Unlike the PKI Services CGI exit
routines, messages written to either STDOUT or STDERR do not appear
in either the Web server or PKI Services daemon logs.
If you want to write messages in the exit program, you need to open
a file and write messages to that file. The sample exit routine provided
in /usr/lpp/pkiserv/samples/pkiexit.c illustrates
writing messages to a file in both the preprocessing and post-processing
exit functions.
Note: This exit routine can be implemented in the same
program as the exit routines for the PKI Services CGIs (as illustrated
in the sample pkiexit.c exit program) or can be implemented
as a separate program.
The ExitTimeout keyword in the General section of the pkiserv.conf file specifies the maximum time PKI Services will wait for the exit routine to return. If ExitTimeout is not specified, PKI Services waits at most 30 seconds for the exit routine to return. If ExitTimeout is specified with a value greater than 1 hour, PKI Services waits 1 hour at the most for the exit routine to return. |
Copyright IBM Corporation 1990, 2014
|