Perform this task only if you implement the Web application using
REXX CGI execs. If you implement the Web application using Java™ server pages (JSPs), each CA
domain has a separate template file. Each template file describes
the application domains for the CA domain. Each application domain
is essentially a subset of the users and certificate request templates
for the CA domain.
Procedure
Perform the following steps to
customize the
PKI Services template
file (
pkiserv.tmpl) for this new CA domain.
- Edit the new pkiserv.tmpl file (you copied it
in Step 2 of Subtask 4: Steps for configuring the UNIX environment) by entering the following command from
the UNIX command line:
Example:oedit /etc/pkiserv/employees/pkiserv.tmpl
_______________________________________________________________
- Locate all occurrences of the CA domain named Customers (in
mixed case, upper case, or lower case) and change them to the name
of this new CA domain, being careful to preserve the case.
Example: If
the new CA domain is
Employees (in mixed case), change
the default values to the name of your new CA domain.
Default values for the Customers CA domain
|
New values for the Employees CA domain
|
---|
ACTION="/Customers/…"
(in mixed case)
|
ACTION="/Employees/…"
(also in mixed case)
|
<APPLICATION NAME=CUSTOMERS>
(in upper case)
|
<APPLICATION NAME=EMPLOYEES>
(also in upper case)
|
_______________________________________________________________
- If you intend to have the same set of administrators for
all your CA domains, skip this step and proceed to Step 4.
If you intend to have a dedicated set
of administrators for each CA domain, change the name of the PKISERV
application section to the corresponding name of the administrative
domain in Table 1. This value
must be specified in uppercase characters only.
Example: If
the new administrative domain is named
AdmEmployees,
change the default value (
PKISERV) to the name of
your new administrative CA domain.
Default value for the PKISERV
administrative CA domain
|
New value for the new AdmEmployees
administrative CA domain
|
---|
<APPLICATION NAME=PKISERV>
(in upper case)
|
<APPLICATION NAME=ADMEMPLOYEES>
(also in upper case)
|
_______________________________________________________________
- If you intend to have the same set of administrators
for all your CA domains, edit the main templates file (/etc/pkiserv/pkiserv.tmpl)
as follows:
Do not update the PKISERV application section in this
domain-specific pkiserv.tmpl file; it will not be
used. The PKISERV application section in the templates file for your
initial CA domain will be used instead.
- Replicate the following lines in the APPLICATION section of the
PKISERV application:
<h3>Go the Customers' home page </h3>
<FORM name=admform METHOD=GET
ACTION="/Customers/public-cgi/camain.rexx">
<p>
<INPUT TYPE="submit" VALUE="Customers' Home Page">
</FORM>
- Change all occurrences of the string Customers in
the replicated lines to the name of this CA domain, being careful
to preserve case.
Example: Change ACTION="/Customers/public-cgi/camain.rexx"> to ACTION="/Employees/public-cgi/camain.rexx">.
- Uncomment the %%SelectCADomain%% directive in
the ADMINSCOPE subsection of the APPLICATION section for the PKISERV
application by removing the leading # character.
(The %%SelectCADomain%% directive enables multiple
CA administration.)
- Update the SelectCADomain insert to include an
OPTION entry for this CA domain. If this CA domain will be used more
often than any other, mark the entry SELECTED and
remove SELECTED from any other entry.
Example: <INSERT NAME=SelectCADomain>
<p> <LABEL for="selectcadomfield">Select the CA domain to work with </LABEL>
<SELECT NAME="domain" id="selectcadomfield">
# rename and replicate the following line for every CA domain and
# determine which one should be SELECTED by default, if any
<OPTION VALUE="Employees" SELECTED>Employees
<OPTION VALUE="Customers">Customers
</SELECT>
_______________________________________________________________
When you are done:
You
have customized the
PKI Services template
file (
pkiserv.tmpl) for this CA domain. Record your
progress in
Table 1.
Continue to the next subtask. Guideline: Complete all subtasks
for this new CA domain and ensure that it operates properly before
adding another CA domain.