For each IdenTrust certificate
profile you need, perform the following steps to create an IdenTrust
specific certificate template in the
PKI Services certificate
templates file (
pkiserv.tmpl):
- Determine if you need to define a certificate profile for a browser
certificate or a server certificate.
________________________________________________________________
- Copy the appropriate sample browser or server certificate template
to the PKI Services certificate
templates file.
________________________________________________________________
- Change the name of the template as desired.
________________________________________________________________
- Change the nickname of the template as desired.
________________________________________________________________
- Change the <CONTENT> section to add or remove
name fields and matching JavaScript as
required for the desired IdenTrust profile. For example, if the subject's
alternate name e-mail address is not required, remove it or make it
optional.
________________________________________________________________
- Change the <CONSTANT> section as follows:
- Change the AuthInfoAcc values to provide the
URLs required by your OCSP responder.
- Change the CertPolicies value to provide the
policy numbers needed for the desired IdenTrust profile. (See Step 3.)
________________________________________________________________
When you are done: You
have created an IdenTrust specific certificate template for each IdenTrust
certificate profile you need. Stop and restart
PKI Services to activate
all of your changes.