Scenario 2: Maintain a customized certificate repository

This scenario is for maintaining a customized certificate repository (database) that is independent of PKI Services. After a successful submission of a certificate request, PKI Services returns the transaction ID. This is saved in a new customer-provided database entry. An alias for this database entry is then returned to the end user as the transaction ID. Later, when the user wants to pick up the certificate, the user-entered alias name is used to retrieve the actual PKI Services transaction ID. The retrieved certificate is saved in the database entry before being returned to the user.

Three different exit routine calls handle the preceding logic.
  • Post-processing for the GENCERT or REQCERT functions (subroutine postProcessGenReqCertExit) returns a pretend alias entry name by suffixing the actual transaction ID with either SAF or PKI. This is where the database entry should be created. (Note that the exit routine performs no actual database calls because this would be too customer-specific.)
  • Preprocessing for the EXPORT function (subroutine preProcessExportExit) reverts the transaction ID to its original value. This emulates retrieval from the database entry.
  • Post-processing for the EXPORT function (subroutine postProcessExportExit) saves the returned certificate to a database entry. This is emulated by writing it to a file.
Parent topic: Scenarios for using the exit routine