Scenario for using the exit routine
This scenario disables the automatic renewal of certificates for contractors, postpones the renewal if the expiration date is more than 30 days away, and logs the subject name and serial number of certificates that are automatically renewed.
For sample code illustrating this scenario, see the sample exit routine pkiexit.c shipped with PKI Services.
The preprocessing exit routine for the automatic renewal function
(subroutine preProcessAutoRenewExit) disables the
automatic renewal of certificates for contractors and postpones the
renewal if the expiration date is more than 30 days away. Here are
the steps:
- Get the current time and format it for output.
- Call subroutines to decode the Base64 certificate data and decode the certificate.
- Get a printable version of the subject name from the certificate.
- Get a printable version of the serial number from the certificate.
- Check the subject name for an organizationalUnitName of "Contractors". If found, log a message indicating that the renewal was disabled, and return with a return code of 8 to disable the automatic renewal.
- Call a subroutine to determine how many days there are until the certificate expires.
- If there are more than 30 days before the certificate expires, log a message indicating that the renewal was postponed, and return with a return code of 4 to postpone the automatic renewal.
- If there are 30 or fewer days before the certificate expires, log a message indicating that renewal of the certificate was allowed, and return with a return code of 0 to continue with the automatic renewal.
The postprocessing exit routine for the automatic renewal function
(postProcessAutoRenewExit) logs the subject name
and serial number of certificates that are automatically renewed.
Here are the steps:
- Get the current time and format it for output.
- Call subroutines to decode the Base64 certificate data and decode the certificate.
- Get a printable version of the subject name from the certificate.
- Get a printable version of the serial number in hexadecimal from the certificate.
- Log a message indicating that the certificate was renewed, containing the subject name, serial number, and time.