Relationship between CGIs and the pkiserv.tmpl file

CGIs for the end-user web pages are execs that gain control when the end user clicks an action button - for example, the Request certificate button on the PKI Services home page. The CGIs read the pkiserv.tmpl file to determine the action to perform. They resolve substitution variables in the pkiserv.tmpl file.

The CGIs for the end-user web pages (including their directories) are:
  • /usr/lpp/pkiserv/PKIServ/public-cgi/camain.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/catmpl.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/auth/careq.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/carecover.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/caretrieve.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/auth/cagetcert.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/auth/cagetcert2.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/cagorcvr.rexx
  • /usr/lpp/pkiserv/PKIServ/clientauth-cgi-bin/cadisplay.rexx
  • /usr/lpp/pkiserv/PKIServ/clientauth-cgi-bin/camodify.rexx
  • /usr/lpp/pkiserv/PKIServ/ssl-cgi-bin/installcert.rexx
Note: installcert.rexx is invoked from a link in the certificate renewal email notification, not from a web page.
The following table summarizes the actions the CGIs perform:
Table 1. CGI actions for end-user web pages
CGI exec Action Sample web page
camain.rexx
  • When the user clicks Request certificate, this CGI calls catmpl.rexx, passing it a parameter identifying the selected template.
  • The user can click Pick up certificate to go directly to caretrieve.rexx (if the certificate is already requested).
  • The user can click Renew or revoke certificate to go to cadisplay.rexx.
 See Figure 1.
catmpl.rexx
  • Displays web page coded in the HTML under the CONTENT subsection (of a TEMPLATE section).
  • When the user clicks Submit certificate request, this CGI passes template and field name parameters to careq.rexx.
  • When the user clicks Retrieve your certificate, this CGI passes control to caretrieve.rexx.
 See Figure 1.
carecover.rexx
  • Displays web page coded in the HTML under the RECOVERCONTENT subsection (of a TEMPLATE section).
  • This HTML prompts the user to enter the requestor name and passphrase if the user entered one when requesting the certificate.
  • When the user clicks Recover Certificate, this CGI passes the requestor name and passphrase to cagryrcvr.rexx.
 See Figure 1
careq.rexx
  • Processes field names under the APPL subsection (of a TEMPLATE section).
    Note: Depending on the template, the field names can be:
    • UserId only
    • UserId and HostIdMap.
  • Processes hardcoded field names under the CONSTANT subsection (of a TEMPLATE section).
  • Depending on the results, displays web page coded in the HTML under the SUCCESSCONTENT or FAILURECONTENT subsection (of a TEMPLATE section):
    • The SUCCESSCONTENT subsection includes a Continue button the user can click to continue to caretrieve.rexx.
 See Figure 3.
caretrieve.rexx
  • Displays web page coded in the HTML under the RETRIEVECONTENT subsection (of a TEMPLATE section). This HTML prompts the user to enter the transaction ID and a password if the user entered one when requesting the certificate.
  • When the user clicks Retrieve and install certificate, this CGI passes the transaction ID parameter to cagetcert.rexx.
 See Figure 4.
cagetcert.rexx
  • Displays web page coded in the HTML under RETURNCERT subsection (of a TEMPLATE section). This HTML determines which of the following forms to use when returning the certificate:
    • as a base64-encoded certificate (for server certificates)
    • as an ActiveX object (for Microsoft Internet Explorer browser certificates)
    • as an application/x-x509-user-certificate MIME type (for Mozilla-based browser certificates).
 See Figure 1.
cagetcert2.rexx
  • Displays web page coded in the HTML under RETURNCERT subsection (of a TEMPLATE section). This HTML returns the certificate and private key in PKCS #12 format.
  
cagorcvr.rexx
  • Displays web page coded in HTML under the FINDRECOVERCONTENT subsection of the APPLICATION section. This subsection displays security questions for users to answer. The answers to these questions can be used to recover a passphrase, which is used to recover a certificate.
  
cadisplay.rexx
  • Displays web page coded in the HTML under the RECONTENT subsection (of the APPLICATION section).
  • For renewing a certificate, the user fills in the passphrase and clicks Renew. For revoking a certificate, the user clicks Revoke. Both actions call camodify.rexx.
 See Figure 2.
camodify.rexx
  • Displays web page coded in the HTML under the SUCCESSCONTENT subsection (of a TEMPLATE section) for a successful renewal. The SUCCESSCONTENT subsection includes a Continue button the user can click to call caretrieve.rexx.
  • Displays the web page coded in HTML under the RESUCCESSCONTENT subsection (of the APPLICATION section) for a successful revocation.
 See Figure 3.
installcert.rexx
  • When a user who is using the Internet Explorer browser clicks a link in a notification email for a renewed certificate, this CGI displays a web page where the user can paste the renewed certificate sent in the email and install it in the browser.
  
Parent topic: Customizing the end-user web application if you use REXX CGI execs