Steps for adding a custom extension to a certificate template if you are using JSPs

Procedure

  1. Copy the CustomExt JSP from the mod.inc directory, and the certificate template file, pkitmpl.xml, by default in the /etc/pkiserv/ directory.

    _______________________________________________________________

  2. Rename the copy of the CustomExt JSP. The name is the string formed by concatenating the following values:
    1. The string "CustomExt".
    2. The OID. You are responsible for ensuring that you use a registered OID, PKI Services does not check this.
    3. The critical flag - C for a critical extension, N for a non-critical extension.
    4. The value type. Supported types are:
      • INT (integer in a printable hexadecimal format)
      • IA5 (IA5 string)
      • PRT (printable string)
      • BMP (BMP string)
      • OCT (Octet string)
      • UTF (UTF 8 string)

    _______________________________________________________________

  3. Customize the certificate template file, pkitmpl.xml to contain any inputs that you want, and customize the JSP file to manipulate and verify the inputs.

    _______________________________________________________________

  4. Use the TemplateTool utility to validate your updated XML template file. When you have completed your updates and successfully validated them, use the TemplateTool utility to create an updated CGI template file, pkixgen.tmpl

    _______________________________________________________________

  5. Update the EAR file with the modified JSP file, and deploy the EAR file to a WebSphere Application Server. For information on how to do this, see Customizing the PKI Services web application.

    _______________________________________________________________

Results

When you are done, you have added a customized extension to a certificate template using JSPs.

Parent topic: Adding custom extensions to certificates