INSERT sections

Although the INSERT sections are at the end of the pkiserv.tmpl certificate templates file, they are explained first because of their relationship to named fields. Any named field that is used in the pkiserv.tmpl file must be defined in a corresponding INSERT section.

Unlike the APPLICATION sections and TEMPLATE sections, INSERT sections can have no subsections. The format of an INSERT section is:

An INSERT contains HTML that either:

Defines a certificate field
Defines other common HTML that can be referenced in other sections.

The following example of an INSERT defines a certificate field.

Example:

<INSERT NAME=Country>
<p> <LABEL for="countryfield">Country [optfield]</LABEL> <BR>
<INPUT NAME="Country" TYPE="text" SIZE=2 maxlength="2" id="countryfield">
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidCountry(frm){
 if ("[optfield]" == "" && frm.Country.value == "") {
  alert("Enter required field."); frm.Country.focus();
  return false;
 }
 return true;
}
//-->
</SCRIPT>
</INSERT>

The next example defines other common HTML:

Example:

<INSERT NAME=-pagefooter>
<p>email: webmaster@your_company.com
</INSERT>

To reference an INSERT, you use a named field of the form %%insert-name%%, for example %%Country%% or %%-pagefooter%%.

The pkiserv.tmpl certificate templates file contains INSERT sections of several main types:

INSERTs that are for internal processing. (This is common HTML for web page content as listed in Table 1.)
INSERTs that are related to the certificate content. (See Table 1.) These include:
- X.509 fields (for example, OrgUnit)
- Non-X.509 fields (for example UserId).

Table 1. INSERTs that are common HTML for web page content
INSERT NAME	Contents
-AdditionalHeadIE	ActiveX controls to enable Internet Explorer to generate a key pair.
-ChallengePassphrase, -ChallengePassPhrase2	HTML for a web page that requests the passphrase that was specified when a certificate request was submitted.
-ObjectHeaderIEXP	ActiveX controls to enable Internet Explorer to generate a key pair if the application is running on Windows XP operating system.
-ObjectHeaderIENONXP	ActiveX controls to enable Internet Explorer to generate a key pair if the application is running on Windows Vista and above operating system.
-RecoverEmail, -RecoverEmail2	HTML for the web page that requests the email address that was used when a certificate was requested, after a user requests to recover the certificate.
-requestok	HTML for the web page "Request submitted successfully" after a successful certificate request (for both original requests and renewals). (For a sample of this web page, see Figure 3.)
-requestbad	HTML for the web page "Request was not successful".
-requestor	HTML for a web page that requests the name of a certificate requestor.
-requestor2	HTML for a web page that requests the email address of a certificate requestor.
-renewkeysetIE	ActiveX controls to create a renewal certificate request using the original certificates key pair.
-renewkeysetNS	Mozilla-based browser script for renewal certificate requests.
-renewrevokeok	HTML for the web page "Request submitted successfully" after a successful attempt to revoke a certificate. (See Figure 2 for a sample of the web page to renew or revoke a certificate.)
-renewrevokebad	HTML for the web page "Request was not successful" after an unsuccessful attempt to renew or revoke a certificate. (See Figure 2 for a sample of the web page to renew or revoke a certificate.)
-returnp12cert	HTML for a web page that displays a PKCS #12 package.
-preregok	HTML for the web page "Preregistration successful" after a successful attempt to preregister a client for a certificate.
-returnpkcs10	This returns the server certificate in B64 format.
returnbrowsercertNS	This contains `[base64cert]`, which is the base64 substitution variable.
returnbrowsercertIE	This contains a script for producing a popup window installing your certificate (if you are using the Microsoft Internet Explorer browser). See Figure 1 for a sample of this web page.