Examining the CUSTOMERS application
The following example is an excerpt of the CUSTOMERS application
in the APPLICATION section of the pkiserv.tmpl file.
(The vertical ellipses indicate omitted sections.)
The numbers in the
following list refer to the highlighted tags in the preceding excerpt
of the CUSTOMERS application.
# =====================================================================
#
# Application - CUSTOMERS
#
# The installation should customize the CONTENT subsection as appropriate.
#
# =====================================================================
#
<APPLICATION NAME=CUSTOMERS> 1
<CONTENT> 2
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
#@LTM
%%-copyright%%
<TITLE> Customers Certificate Generation Application </TITLE>
<!-- @DFA -->
<SCRIPT LANGUAGE="Javascript">
<!--
//Get browser type
function getBrowserType()
{
// Determine the browser type from where the script is being invoked.
var type = navigator.userAgent; <!-- @LUC -->
if (type.indexOf("Trident")==-1 && (type.indexOf("MSIE")==-1))<!-- @LUC -->
{
document.getElementById('install').style.display='none'; <!-- @LUM -->
} <!--3@LUD -->
}
// -->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!--
function getOsVersion()
{ // @LKA
var OS = navigator.userAgent;
if (OS.indexOf("Windows NT 5")!=-1)
{
document.getElementById('install').href = "/PKIServ/PKIXEnroll/PKIXEnrollDeploy.msi";
}
else
{
document.getElementById('install').href = "/PKIServ/PKICEnroll/PKICEnrollDeploy.msi";
}
return true;
}
//-->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!--
function init()
{
getBrowserType();
}
//-->
</SCRIPT>
</HEAD>
<!-- @DFA -->
<BODY onLoad="init();">
<div role="main"><H1>PKI Services Certificate Generation Application</H1>
<div role="region" aria-label="Installations">
<p>
<A HREF="/PKIServ/cacerts/cacert.der"> 3
Install the CA certificate to enable SSL sessions for PKI Services </A>
<br><p>
<A href = "" id = "install" onClick="getOsVersion()">Install the PKI ActiveX Control to
renew certificates</A> 4
</div>
<div role="region" aria-label="Options">
<H2>Choose one of the following:</H2>
<ul>
<li>
<div role="region" aria-label="Request A New Certificate">
<h3>Request a new certificate using a model</h3>
<FORM name=mainform METHOD=GET ACTION="/[application]/ssl-cgi/catmpl.rexx"> 5
<p><LABEL for="seltemplate">Select the certificate template to use as a
model </LABEL>
<SELECT NAME="Template" id="seltemplate"> 6
%%1-Year PKI SSL Browser Certificate%%
<OPTION>1-Year PKI SSL Browser Certificate
%%1-Year PKI S/MIME Browser Certificate%%
<OPTION>1-Year PKI S/MIME Browser Certificate
%%2-Year PKI Windows Logon Certificate%%
<OPTION>2-Year PKI Windows Logon Certificate
%%2-Year PKI Browser Certificate For Authenticating To z/OS%%
<OPTION>2-Year PKI Browser Certificate For Authenticating To z/OS
%%5-Year PKI SSL Server Certificate%%
<OPTION>5-Year PKI SSL Server Certificate
%%5-Year PKI IPSEC Server (Firewall) Certificate%%
<OPTION>5-Year PKI IPSEC Server (Firewall) Certificate
%%5-Year PKI Intermediate CA Certificate%%
<OPTION>5-Year PKI Intermediate CA Certificate
%%2-Year PKI Authenticode - Code Signing Certificate%%
<OPTION>2-Year PKI Authenticode - Code Signing Certificate
%%5-Year SCEP Certificate - Preregistration%%
<OPTION>5-Year SCEP Certificate - Preregistration
%%1-Year PKI Generated Key Certificate%%
<OPTION>1-Year PKI Generated Key Certificate
%%n-Year PKI Certificate for Extensions Demonstration%%
<OPTION>n-Year PKI Certificate for Extensions Demonstration
%%1-Year SAF Browser Certificate%%
<OPTION>1-Year SAF Browser Certificate
%%1-Year SAF Server Certificate%%
<OPTION>1-Year SAF Server Certificate
%%2-Year EV SSL Server Certificate%%
<OPTION>2-Year EV SSL Server Certificate
</SELECT>
<p>
<INPUT TYPE="submit" VALUE="Request Certificate">
</FORM>
</div>
<li>
<div role="region" aria-label="Pick Up Previously Requested Certificates">
<h3>Pick up a previously requested certificate</h3>
<FORM name=selform METHOD=GET
ACTION="/[application]/ssl-cgi/caretrieve.rexx" onSubmit=
"return ValidateEntry(this)">
#-- User input fields and validation Javascript ---------------
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidateEntry(frm){
if (ValidTransactionId(frm)) {
# Add your own Javascript here if needed ---
return true;
}
else
return false;
}
//-->
</SCRIPT>
%%-TransactionId%%
<br>
<LABEL for="rettemplate">Select the certificate return type </LABEL>
<SELECT NAME="Template" id = "rettemplate">
%%PKI Browser Certificate%%
<OPTION>PKI Browser Certificate
%%PKI Server Certificate%%
<OPTION>PKI Server Certificate
%%PKI Key Certificate%%
<OPTION>PKI Key Certificate
%%SAF Browser Certificate%%
<OPTION>SAF Browser Certificate
%%SAF Server Certificate%%
<OPTION>SAF Server Certificate
</SELECT>
#-- End user input fields and validation Javascript ------------
<p>
<INPUT TYPE="submit" VALUE="Pick up Certificate">
</FORM>
</div>
<li>
<div role="region" aria-label="Renew or Revoke">
<h3>Renew or revoke a previously issued browser certificate</h3>
<FORM name=selform METHOD=GET ACTION="/[application]/clientauth-cgi/cadisplay.rexx">
<p>
<SCRIPT LANGUAGE="JavaScript">
<!--
function RenewRevokeAlert(){
var STRING_RenewRevokePrompt=
"You will be prompted by the browser to select " +
"the certificate you want to renew or revoke. " +
"Once you select the certificate you will be " +
"given the opportunity to confirm your selection. " +
"Note that you can only renew or revoke a single " +
"certificate per one browser session. If you wish " +
"to renew or revoke another certificate, you must " +
"close your browser and restart it.";
alert(STRING_RenewRevokePrompt);
return true;
}
//-->
</SCRIPT>
<INPUT TYPE="submit" VALUE="Renew or Revoke Certificate"
onClick="return RenewRevokeAlert()">
</FORM>
</div>
<li>
<div role="region" aria-label="Recover Certificate">
<h3>Recover a previously issued certificate whose key was generated by PKI Services </h3>
<!-- @DIC -->
<FORM name=recvform METHOD=GET
ACTION="/[application]/ssl-cgi/carecover.rexx">
<!-- 27@DID -->
<INPUT TYPE="submit" VALUE="Recover Certificate">
</FORM>
</div>
</ul>
</div>
<p> %%-pagefooter%%
</div>
</BODY>
</HTML>
</CONTENT>
<RECONTENT> 7
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"> <HEAD>
#@LTM
%%-copyright%%
<TITLE> Customers Renew or Revoke a Browser Certificate </TITLE>
<div role="region" class="invisible" style="font-size:0pt;" aria-label="Certificate Manager Object">
<SCRIPT LANGUAGE="JavaScript">
<!-- // @LKA
function LoadActiveX()
{
var OS = navigator.userAgent;
//Modified code to handle alternate text for objects @LTC
if (OS.indexOf("Windows NT 5")!=-1)
{
var obj = document.createElement("obj");
obj.innerHTML = "<div role='region' aria-label='xenrollreq'>" +
"<OBJECT classid='clsid:157B42C3-25EB-4C6B-A569-27FA081D61EC' id='xenrollreq'>xenroll
object is not available</OBJECT>" +
"</div>";
document.body.appendChild(obj);
document.getElementById("osname").value="XP";
}
else
{
var obj = document.createElement("obj");
obj.innerHTML = "<div role='region' aria-label='cenrollreq'>" +
"<OBJECT classid='clsid:65D22D38-D2D2-421F-BDFE-B7D990DDFE96' id='cenrollreq'>cert enroll
object is not available</OBJECT>" +
"</div>";
document.body.appendChild(obj);
document.getElementById("osname").value="nonXP";
}
return true;
}
//-->
</SCRIPT>
%%-ObjectHeaderIE[osversion]%%
<SCRIPT LANGUAGE="JavaScript">
<!--
function init()
{
// 1@02D
LoadActiveX();
}
//-->
</SCRIPT>
#13@LTD
</div>
</HEAD>
<BODY onLoad="init();">
<div role="main"><H1>Renew or Revoke a Browser Certificate</H1>
<h3>Here is the certificate you selected:</h3>
<p>
[printablecert]
<h2>If this is the correct certificate, choose one of the following:</h2>
<STRONG>(otherwise you need to restart your browser to pick another certificate)
</STRONG>
</div>
# defined style sheets for displaying labels @LTA
<style type="text/css">
<!--
.invisible {
height: 0px;
width: 0px;
overflow: hidden;
}
.invisible2 {
visibility: hidden;
}
//-->
</style>
<div role="region" aria-label="Actions">
<ul>
<li>
<div role="region" aria-label="Renew the above certificate">
<h3>Renew the above certificate</h3>
<FORM name=renform METHOD=POST
ACTION="/[application]/clientauth-cgi/camodify.rexx" OnSubmit=
"return ValidateEntry(this)">
<INPUT NAME="action" TYPE="hidden" VALUE="renew">
<INPUT NAME="osname" TYPE="hidden" id="osname">
<!-- @DFA -->
<INPUT NAME="autorenflag" TYPE="hidden" value =0 id="autorenflag">
#-- User input fields and validation Javascript ---------------
#-- Added call to ValidRenewKeySet to ValidateEntry function @01C
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidateEntry(frm){
if (ValidNotifyEmail(frm)
&& ValidPassPhrase(frm)
&& ValidRenewKeySet(frm)
) {
# Add your own Javascript here if needed ---
return true;
}
else
return false;
}
//-->
</SCRIPT>
<STRONG>*Email address for notification purposes will be ignored if
the key was generated by PKI Services</STRONG>
%%NotifyEmail (optional)%%
%%PassPhrase%%
# Add RenewKeySet for the browse type in use. @01A
%%-RenewKeySet[browsertype]%%
#-- End user input fields and validation Javascript ------------
<p>
<INPUT TYPE="submit" VALUE="Renew">
</FORM>
</div>
</li>
<li>
<div role="region" aria-label="Revoke the above certificate">
<h3>Revoke the above certificate</h3>
<FORM name=revform METHOD=POST
ACTION="/[application]/clientauth-cgi/camodify.rexx">
<INPUT NAME="action" TYPE="hidden" VALUE="revoke">
<INPUT TYPE="submit" VALUE="Revoke">
#@LMA
#1@LRD
<span class="invisible2" style="font-size:0pt;">
<LABEL for="reasonfield">Revocation Reason</LABEL>
</span>
<SELECT NAME="reason" id="reasonfield" title="Revocation Reason">
<OPTION Selected VALUE="0">No Reason
<OPTION VALUE="1">User key was compromised
<OPTION VALUE="2">CA key was compromised
<OPTION VALUE="3">User changed affiliation
<OPTION VALUE="4">Certificate was superseded
<OPTION VALUE="5">Original use no longer valid
</SELECT>
</div>
</FORM>
</li>
<li>
<div role="region" aria-label="Suspend the above certificate">
<h3>Suspend the above certificate</h3>
<FORM name=suspform METHOD=POST
ACTION="/[application]/clientauth-cgi/camodify.rexx">
<INPUT NAME="action" TYPE="hidden" VALUE="suspend">
<INPUT TYPE="submit" VALUE="Suspend">
</FORM>
</div>
</li>
</ul>
</div>
<div role="region" aria-label="Home Page">
<p>
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<center>
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</center>
</div>
<p> %%-pagefooter%%
</BODY>
</HTML>
</RECONTENT>
<RECONTENT2> 8
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
#@LTM
%%-copyright%%
%%-ObjectHeaderIE[osversion]%%
#8@02D
</HEAD>
#@02C
<BODY>
<div role="main"><H1>Revoke a Browser Certificate</H1>
<TITLE> Customers Revoke a Browser Certificate </TITLE>
#13@LTD
<h3>Here is the certificate you selected:</h3>
<p>
[printablecert]
<h2>If this is the correct certificate, choose one of the following:</h2>
<STRONG>(otherwise you need to restart your browser to pick another certificate)
</STRONG>
<div role="region" aria-label="Actions">
<ul>
<h3><li>Revoke the above certificate</h3>
<FORM name=revform METHOD=POST
ACTION="/[application]/clientauth-cgi/camodify.rexx">
<INPUT NAME="action" TYPE="hidden" VALUE="revoke">
<INPUT TYPE="submit" VALUE="Revoke">
<SELECT NAME="reason">
<OPTION Selected VALUE="0">No Reason
<OPTION VALUE="1">User key was compromised
<OPTION VALUE="2">CA key was compromised
<OPTION VALUE="3">User changed affiliation
<OPTION VALUE="4">Certificate was superseded
<OPTION VALUE="5">Original use no longer valid
</SELECT>
</FORM>
<h3><li>Suspend the above certificate</h3>
<FORM name=suspform METHOD=POST
ACTION="/[application]/clientauth-cgi/camodify.rexx">
<INPUT NAME="action" TYPE="hidden" VALUE="suspend">
<INPUT TYPE="submit" VALUE="Suspend">
</FORM>
</ul>
</div>
<div role="region" aria-label="Home Page">
<p>
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<center>
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</center>
</div>
<p> %%-pagefooter%%
</div>
</BODY>
</HTML>
</RECONTENT2>
<RESUCCESSCONTENT> 9
%%-renewrevokeok%%
</RESUCCESSCONTENT>
<REFAILURECONTENT> 10
%%-renewrevokebad%%
</REFAILURECONTENT>
<!-- @DIA -->
<RECOVERCONTENT> 11
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
%%-copyright%%
<TITLE> Recover Certificate </TITLE>
</HEAD>
<BODY>
<div role="main"><H1>Recover previously issued certificate</H1>
<span role="region" aria-label="Recover Certificate">
<FORM name=recvform METHOD=POST
ACTION="/[application]/ssl-cgi-bin/caqryrcvr.rexx" onSubmit=
"return ValidateEntry(this)">
#-- User input fields and validation Javascript ---------------
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidateEntry(frm){
if (ValidRecoverEmail(frm) &&
ValidChallengePassPhrase2(frm)){
return true;
}
else
return false;
}
//-->
</SCRIPT>
%%-RecoverEmail%%
%%-ChallengePassPhrase2%%
<br><br>
#Uncommented the following lines(GetSec script) if you implement security questions
#<A HREF="JavaScript:GetSec();">Click here if you forget the pass phrase</A>
#<p>
#<SCRIPT LANGUAGE="JavaScript">
#<!--
#function GetSec(){
#var addr=document.recvform.RecoverEmail.value;
#window.location.href=
#'/[application]/ssl-cgi-bin/cagorcvr.rexx?RecoverEmail='+ escape(addr);
#}
#//-->
#</SCRIPT>
<br>
<INPUT TYPE="submit" VALUE="Recover Certificate">
</FORM>
</span>
<div role="region" aria-label="Home Page">
<p>
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</div>
<br>
<p> %%-pagefooter%%
</FORM>
</BODY>
</HTML>
<FINDRECOVERCONTENT> 12
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
%%-copyright%%
<TITLE> Use security questions to locate certificate </TITLE>
</HEAD>
<BODY>
# This ACTION forces userid/pw authentication and runs the task
# under the client's ID
#<FORM NAME=findrecoverform METHOD=POST ACTION=
# "/[application]/ssl-cgi-bin/auth/caqryrcvr.rexx" onSubmit=
#
# This ACTION forces userid/pw authentication but runs the task
# under the surrogate ID
#<FORM NAME=findrecoverform METHOD=POST ACTION=
# "/[application]/ssl-cgi-bin/surrogateauth/caqryrcvr.rexx" onSubmit=
#
# This ACTION is for non z/OS clients. The task runs under surrogate ID
<FORM NAME=findrecoverform METHOD=POST ACTION=
"/[application]/ssl-cgi-bin/caqryrcvr.rexx" onSubmit=
"return ValidateEntry(this)">
#-- User input fields and validation Javascript ---------------
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidateEntry(frm){
if (ValidRecoverEmail(frm) &&
ValidSecurity1(frm) &&
ValidSecurity2(frm)) {
return true;
}
else
return false;
}
//-->
</SCRIPT>
<div role="main"><p><H1>Recover your certificate</H1><p></div>
<div role="region" aria-label="Recover Certificate">
<H3>Security questions - answer the following with the same answers
you provided in the original request if you forget the pass phrase.
</H3>
%%-RecoverEmail2%%
%%Security1%%
%%Security2%%
<p>
<INPUT TYPE="submit" VALUE="Recover Certificate">
</div>
</FORM>
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<p>
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</div>
</BODY>
</HTML>
<RETRIEVECONTENT2> 13
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
%%-copyright%%
<TITLE> Web Based PKIX Certificate Recovery Application</TITLE>
</HEAD>
<BODY>
<div role="main"><H1> Retrieve your recovered certificate </H1>
<div role="region" aria-label="Retrieve Certificate">
# This ACTION forces userid/pw authentication and runs the task
# under the client's ID
#<FORM NAME=recoverform METHOD=POST ACTION=
# "/[application]/ssl-cgi-bin/auth/cagetcert2.rexx" onSubmit=
#
# This ACTION forces userid/pw authentication but runs the task
# under the surrogate ID
#<FORM NAME=recoverform METHOD=POST ACTION=
# "/[application]/ssl-cgi-bin/surrogateauth/cagetcert2.rexx" onSubmit=
#
# This ACTION is for non z/OS clients. The task runs under surrogate ID
<FORM NAME=recoverform METHOD=POST ACTION=
"/[application]/ssl-cgi-bin/cagetcert2.rexx" onSubmit=
"return ValidateEntry(this)">
#-- User input fields and validation Javascript ---------------
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidateEntry(frm){
if (ValidChallengePassPhrase2(frm)) {
return true;
}
else
return false;
}
//-->
</SCRIPT>
#-- End user input fields and validation Javascript -----------
<p>
<LABEL for="KeyIDfield">Key ID</LABEL>
<INPUT NAME="KeyId" SIZE=50 VALUE="[keyid]" id="KeyIDfield" readonly>
<p>
<LABEL for="Serialnumberfield">Serial number</LABEL>
<INPUT NAME="SerialNo" SIZE=16 VALUE="[serialno]" id="Serialnumberfield" readonly>
%%-ChallengePassPhrase2%%
<p>
<INPUT TYPE="submit" VALUE="Retrieve Certificate">
</FORM>
</div>
<div role="region" aria-label="Home Page">
<p>
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
<p>%%-pagefooter%%
</div>
</BODY>
</HTML>
</RETRIEVECONTENT2>
<RETURNCERT> 14
%%returnp12cert%%
</RETURNCERT>
<FAILURECONTENT> 15
%%-requestbad%%
</FAILURECONTENT>
<!-- @DFA -->
<RENEWEDCERT> 16
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
#@LTM
%%-copyright%%
<TITLE> Install Automatic Renewed Certificate</TITLE>
#DKA
%%-ObjectHeaderIE[osversion]%%
<SCRIPT LANGUAGE="Javascript">
<!--
//Get browser type
function getBrowserType()
{
// Determine the browser type from where the script is being invoked.
var type = navigator.userAgent; // @LUC
if (type.indexOf("Trident")!=-1 || (type.indexOf("MSIE")!=-1)) // @LUC
{
document.getElementById("b64cert").focus();
LoadActiveX();
}
else
{
document.write("<HTML lang='en'><HEAD><TITLE>Auto Renew Certificate</TITLE></HEAD>");
document.write("<BODY><div role='main'><H1>This is intended for Internet Explorer.");
document.write("For other browser types, save the contents of the certificate <br>");
document.write("into a file and import the certificate file. </H1></div></BODY></HTML>");
}
}
// -->
</SCRIPT>
<SCRIPT LANGUAGE="JavaScript">
<!--
// Load the PKIActiveX controls on the browser
function LoadActiveX()
{
var OS = navigator.userAgent;
//Modified code to handle alternate text for objects @LTC
if (OS.indexOf("Windows NT 5")!=-1)
{
var obj = document.createElement("obj");
obj.innerHTML = "<div role='region' aria-label='xenrollreq'>" +
"<OBJECT classid='clsid:157B42C3-25EB-4C6B-A569-27FA081D61EC' id='xenrollreq'>xenroll
object is not available</OBJECT>" +
"</div>";
document.body.appendChild(obj);
document.getElementById("osname").value="XP";
}
else
{
var obj = document.createElement("obj");
obj.innerHTML = "<div role='region' aria-label='cenrollreq'>" +
"<OBJECT classid='clsid:65D22D38-D2D2-421F-BDFE-B7D990DDFE96' id='cenrollreq'>cert enroll
object is not available</OBJECT>" +
"</div>";
document.body.appendChild(obj);
document.getElementById("osname").value="nonXP";
}
return true;
}
// -->
</SCRIPT>
<!-- 29@DKD -->
<SCRIPT LANGUAGE="JavaScript">
<!--
function init()
{
// 1@02D;
getBrowserType();
}
//-->
</SCRIPT>
</HEAD>
#12@LTD
</HEAD>
<BODY onLoad="init();">
<INPUT NAME="osname" TYPE="hidden" value="" id="osname">
<INPUT NAME="autorenflag" TYPE="hidden" value=1 id="autorenflag">
#<INPUT NAME="retry" TYPE="hidden" value=0 id="retry">
<div role="main"><h1>Install Automatic Renewed Certificate</h1>
<!-- @DGC -->
<h2> Click 'Install Certificate' to install the renewed certificate you got from the email </h2>
<TABLE>
<!-- @DGC -->
<TR><TD>
<p><LABEL for="b64cert">Base64 encoded certificate</LABEL></p>
</TD></TR>
<TR><TD>
<TEXTAREA NAME="b64cert" COLS="70" ROWS="12" WRAP="OFF" id="b64cert">
</TEXTAREA>
</TD></TR>
<TR><TD>
<p>
<INPUT TYPE="BUTTON" VALUE="Install Certificate" NAME="INSTALL" onclick="InstallCertificate()">
</TD></TR></TABLE>
%%-RenewKeySetIE%%
%%InstallCert%%
<div role="region" aria-label="Home Page">
<FORM METHOD=GET ACTION="/[application]/public-cgi/camain.rexx">
<INPUT TYPE="submit" VALUE="Home Page">
</FORM>
</div>
%%-pagefooter%%
</BODY>
</HTML>
</RENEWEDCERT>
<ADMINHEADER>
#@LMA
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE>Web Based Certificate Generation Administration</TITLE>
</HEAD>
</div>
<BODY>
</ADMINHEADER>
<ADMINFOOTER>
<p> %%-pagefooter%%
</BODY>
</HTML>
</ADMINFOOTER>
</APPLICATION>- This is the beginning of the APPLICATION section. The name of the application is CUSTOMERS.
- This is the beginning of the CONTENT subsection. The CONTENT subsection contains HTML to display the web page where the end user requests or retrieves a certificate. The <H1> indicates the main heading of that web page, "PKI Certificate Generation Application." (See Figure 1 for a sample of that web page.)
- The HREF tag is the link to install the CA certificate in the browser.
- The HREF tag is the link to install the PKI Services ActiveX control.
- The ACTION tag indicates where to go when the user clicks Request certificate.
- The SELECT tag produces a drop-down that lists the certificate templates the user can request. (The named fields, which are bracketed with %% symbols, are the names of the certificate templates.)
- The RECONTENT section contains the HTML to display the web page where the end user renews or revokes a certificate. The main heading on this web page is "Renew or Revoke a Browser Certificate". It includes a JavaScript function that determines which PKI Services ActiveX programs should be loaded. (See Figure 2 for a sample of that web page.)
- The RECONTENT2 subsection is similar to the RECONTENT
section except that it applies to a certificate whose key was generated
by PKI Services and is to be revoked.
- The RESUCCESSCONTENT subsection references the %%-renewrevokeok%% named field, which is defined in the INSERT section. This contains HTML for the web page displayed when the user's attempt to revoke a certificate is successful. The main heading on this web page is "Request submitted successfully". (See Figure 3 for a sample of that web page.)
- The REFAILURECONTENT subsection references the %%-renewrevokebad%% named field, which is defined in the INSERT section. This contains HTML for the web page displayed when the user's attempt to renew or revoke a certificate fails. The main heading on this web page is "Request was not successful".
- The RECOVERCONTENT subsection contains the HTML and JavaScript to input parameters required to recover a previously issued certificate whose key was generated by PKI Services.
- The FINDRECOVERCONTENT subsection displays security questions for users to answer when they want to recover a certificate and have forgotten the passphrase.
- The RETRIEVECONTENT2 subsection contains the HTML to allow the end user to retrieve a recovered certificate.
- The RETURNCERT subsection contains the HTML for
the web page that is displayed upon successful retrieval of a recovered
certificate. This section contains the named field %%returnp12cert%%,
which indicates a PKCS #12 format.
- The FAILURECONTENT subsection contains the HTML
for the web page that is displayed when the certificate request submit
failed. Any named fields in this subsection are interpreted as content
inserts defined by INSERT sections. For PKISERV, the INSERT sections
are included as part of the HTML presented to the end user.
- The RENEWEDCERT subsection references the %%RenewKeySetIE%% named field, which is defined in the INSERT section. This field contains the HTML and JavaScript functions for the web page displayed when a user clicks a link in an email notification to install an automatically renewed certificate.