z/OS Cryptographic Services PKI Services Guide and Reference
Previous topic | Next topic | Contents | Contact z/OS | Library | PDF


Examining the INSERT section

z/OS Cryptographic Services PKI Services Guide and Reference
SA23-2286-00

The final section of the pkiserv.tmpl file contains several sample INSERTS. The following example is an excerpt from the INSERT section of the pkiserv.tmpl file. (The vertical ellipses indicate omitted sections.)
# =====================================================================
#
# Sample INSERTS
#
# =====================================================================
#
<INSERT NAME=-AdditionalHeadIE>
<OBJECT
  classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
  CODEBASE="xenroll.cab#Version=5,131,3659,0"
  id="certmgr"
>
</OBJECT>
<OBJECT
 classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"
    id="g_objWCF"
>
</OBJECT>
</INSERT>

<INSERT NAME=-requestok>  1 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Web Based Certificate Generation Success</TITLE>
</HEAD>
<BODY>
<H1> Request submitted Successfully</H1> 
[errorinfo]
<p> Here's your transaction ID. You will need it to retrieve your
certificate.  Press 'Continue' to retrieve the certificate.
<p> <TABLE BORDER><TR><TD>[transactionid]</TD></TR></TABLE>
<FORM METHOD=GET ACTION="/[application]/ssl-cgi/caretrieve.rexx">  2 
<INPUT NAME="Template" TYPE="hidden" VALUE="[tmplname]">
<INPUT NAME="TransactionId" TYPE="hidden" VALUE="[transactionid]">
<INPUT TYPE="submit" VALUE="Continue">
</FORM>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>

<INSERT NAME=-requestbad>  3 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Web Based Certificate Generation Failure</TITLE>
</HEAD>
<BODY>
<H1> Request was not successful</H1>
<p> Please correct the problem or report the error to your Web admin
person<br>
<PRE>
[errorinfo]
</PRE>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
⋮
<INSERT NAME=-returnpkcs10>  4 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Web Based Certificate Generation Application Pg 4</TITLE>
</HEAD>
<BODY>
<H1> Here's Your Certificate. Cut and Paste it to a File</H1>
<TABLE BORDER><TR><TD>
<PRE>
[base64cert]  5 
</PRE>
</TD></TR></TABLE>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
⋮
</BODY>
</HTML>
</INSERT>
#
# =====================================================================
#
# X.509 fields (INSERTs) valid for certificate requests 
#
# =====================================================================
#
⋮
<INSERT NAME=PublicKeyIE>  6 
<SCRIPT LANGUAGE="VBScript">
<!--
⋮
// -->
</SCRIPT>

# =====================================================================
⋮
<INSERT NAME=PassPhrase>  7 
<p> <LABEL for="passphrasefield">Pass phrase for securing this request. You will need to supply
this value when retrieving your certificate [optfield]</LABEL> <BR>
<INPUT NAME="PassPhrase" TYPE="password" SIZE=32 maxlength="32" id="passphrasefield"> <BR>
<p> <LABEL for="passphrase2field">Reenter your pass phrase to confirm</LABEL> <BR>
<INPUT NAME="ConfirmPassPhrase" TYPE="password" SIZE=32
 maxlength="32" id="passphrase2field">
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidPassPhrase(frm){
 if ("[optfield]" == "" && frm.PassPhrase.value == "") {
  alert("Enter required field."); frm.PassPhrase.focus();
  return false;
 }
 if ("[optfield]" == "" && frm.ConfirmPassPhrase.value == "") {
  alert("Reenter the pass phrase."); frm.ConfirmPassPhrase.focus();
  return false;
 }
 if (frm.PassPhrase.value != frm.ConfirmPassPhrase.value) {
  alert("Passwords don't match. Reenter."); frm.PassPhrase.focus();
  return false;
 }
 return true;
}
//-->
</SCRIPT>
</INSERT>
⋮
<INSERT NAME=-pagefooter>
<p>email: webmaster@your_company.com
</INSERT>
The numbers in the following list refer to the highlighted tags in the preceding excerpt of the INSERT section.
  1. The -requestok INSERT has the logic to generate the certificate. If the certificate is successfully generated, a Web page (whose main heading is "Request submitted successfully") is displayed. This Web page includes the transaction ID.
  2. The -requestok INSERT includes an ACTION that calls caretrieve.rexx, which allows the user to retrieve the certificate.
  3. Alternately, if the request is not successful, the -requestbad INSERT gains control.
  4. (The caretrieve.rexx CGI displays the RETRIEVECONTENT subsection (see list item 15) HTML, which displays a Web page that prompts the user for the transaction ID associated with the certificate request. The user enters the transaction ID (and any password) and clicks the Continue button, which calls cagetcert.rexx.) The cagetcert.rexx CGI calls R_PKIServ for EXPORT of the certificate. If the export is successful, cagetcert.rexx displays the HTML under the RETURNCERT subsection. (See list item 18.)
  5. The base64-encoded certificate is displayed on the Web page by using the [base64cert] substitution variable.
  6. This is a browser-qualified PublicKey INSERT for Internet Explorer.
  7. Additional INSERTs are certificate field name INSERTs. These describe the fields using the HTML dialogs that are displayed on the Web pages if the user is allowed to input these fields. For example, PassPhrase is a text field with a maximum length of 32 characters. The two-year PKI browser certificate for authenticating to z/OS allows the user to fill in this field. (%%PassPhrase%% is listed in the input fields; see list item 8.)
Parent topic: Examining the pkiserv.tmpl file

Go to the previous page Go to the next page

Notices | Terms of use | Support | Contact z/OS | zFavorites



Copyright IBM Corporation 1990, 2014