Steps for adding a custom extension to a certificate template if you are using JSPs
Procedure
- Copy the CustomExt JSP from the mod.inc directory,
and the certificate template file, pkitmpl.xml, by
default in the /etc/pkiserv/ directory.
_______________________________________________________________
- Rename the copy of the CustomExt JSP. The name is the string formed
by concatenating the following values:
- The string "CustomExt".
- The OID. You are responsible for ensuring that you use a registered OID, PKI Services does not check this.
- The critical flag - C for a critical extension, N for a non-critical extension.
- The value type. Supported types are:
- INT (integer in a printable hexadecimal format)
- IA5 (IA5 string)
- PRT (printable string)
- BMP (BMP string)
- OCT (Octet string)
- UTF (UTF 8 string)
_______________________________________________________________
- Customize the certificate template file, pkitmpl.xml to
contain any inputs that you want, and customize the JSP file to manipulate
and verify the inputs.
_______________________________________________________________
- Use the TemplateTool utility to validate your updated
XML template file. When you have completed your updates and successfully
validated them, use the TemplateTool utility to create an updated
CGI template file, pkixgen.tmpl
_______________________________________________________________
- Update the EAR file with the modified JSP file, and deploy
the EAR file to a WebSphere Application Server. For information on
how to do this, see Customizing the PKI Services web application.
_______________________________________________________________
Results
When you are done, you have added a customized extension to a certificate template using JSPs.
Parent topic: Adding custom extensions to certificates