Steps to create IdenTrust specific certificate templates

Before you begin

Refer to the sample browser certificate template in Sample browser certificate template for IdenTrust compliance and the sample server certificate template in Sample server certificate template for IdenTrust compliance.
For details about creating certificate templates, see Customizing the end-user Web application if you use REXX CGI execs.

Procedure

For each IdenTrust certificate profile you need, perform the following steps to create an IdenTrust specific certificate template in the PKI Services certificate templates file (pkiserv.tmpl):

Determine if you need to define a certificate profile for a browser certificate or a server certificate.
________________________________________________________________
Copy the appropriate sample browser or server certificate template to the PKI Services certificate templates file.
________________________________________________________________
Change the name of the template as desired.
________________________________________________________________
Change the nickname of the template as desired.
________________________________________________________________
Change the <CONTENT> section to add or remove name fields and matching JavaScript as required for the desired IdenTrust profile. For example, if the subject's alternate name e-mail address is not required, remove it or make it optional.
________________________________________________________________
Change the <CONSTANT> section as follows:
1. Change the AuthInfoAcc values to provide the URLs required by your OCSP responder.
2. Change the CertPolicies value to provide the policy numbers needed for the desired IdenTrust profile. (See Step 3.)
________________________________________________________________

When you are done: You have created an IdenTrust specific certificate template for each IdenTrust certificate profile you need. Stop and restart PKI Services to activate all of your changes.