INSERT sections
Although the INSERT sections are at the end of the pkiserv.tmpl certificate templates file, they are explained first because of their relationship to named fields. Any named field that is used in the pkiserv.tmpl file must be defined in a corresponding INSERT section.
Unlike the APPLICATION sections and TEMPLATE sections, INSERT sections
can have no subsections. The format of an INSERT section is:
- <INSERT NAME=insert-name>…</INSERT>
- An INSERT contains HTML that either:
- Defines a certificate field
- Defines other common HTML that can be referenced in other sections.
The following example of an INSERT defines a certificate field.
Example:
<INSERT NAME=Country>
<p> <LABEL for="countryfield">Country [optfield]</LABEL> <BR>
<INPUT NAME="Country" TYPE="text" SIZE=2 maxlength="2" id="countryfield">
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidCountry(frm){
if ("[optfield]" == "" && frm.Country.value == "") {
alert("Enter required field."); frm.Country.focus();
return false;
}
return true;
}
//-->
</SCRIPT>
</INSERT>
The next example defines other common HTML:
Example:
<INSERT NAME=-pagefooter>
<p>email: webmaster@your_company.com
</INSERT>
To reference an INSERT, you use a named field of the form %%insert-name%%, for example %%Country%% or %%-pagefooter%%.
The pkiserv.tmpl certificate templates file contains
INSERT sections of several main types:
- INSERTs that are for internal processing. (This is common HTML for web page content as listed in Table 1.)
- INSERTs that are related to the certificate content. (See Table 1.) These include:
- X.509 fields (for example, OrgUnit)
- Non-X.509 fields (for example UserId).
INSERT NAME | Contents |
---|---|
-AdditionalHeadIE | ActiveX controls to enable Internet Explorer to generate a key pair. |
-ChallengePassphrase, -ChallengePassPhrase2 | HTML for a web page that requests the passphrase that was specified when a certificate request was submitted. |
-ObjectHeaderIEXP | ActiveX controls to enable Internet Explorer to generate a key pair if the application is running on Windows XP operating system. |
-ObjectHeaderIENONXP | ActiveX controls to enable Internet Explorer to generate a key pair if the application is running on Windows Vista and above operating system. |
-RecoverEmail, -RecoverEmail2 | HTML for the web page that requests the email address that was used when a certificate was requested, after a user requests to recover the certificate. |
-requestok | HTML for the web page "Request submitted successfully" after a successful certificate request (for both original requests and renewals). (For a sample of this web page, see Figure 3.) |
-requestbad | HTML for the web page "Request was not successful". |
-requestor | HTML for a web page that requests the name of a certificate requestor. |
-requestor2 | HTML for a web page that requests the email address of a certificate requestor. |
-renewkeysetIE | ActiveX controls to create a renewal certificate request using the original certificates key pair. |
-renewkeysetNS | Mozilla-based browser script for renewal certificate requests. |
-renewrevokeok | HTML for the web page "Request submitted successfully" after a successful attempt to revoke a certificate. (See Figure 2 for a sample of the web page to renew or revoke a certificate.) |
-renewrevokebad | HTML for the web page "Request was not successful" after an unsuccessful attempt to renew or revoke a certificate. (See Figure 2 for a sample of the web page to renew or revoke a certificate.) |
-returnp12cert | HTML for a web page that displays a PKCS #12 package. |
-preregok | HTML for the web page "Preregistration successful" after a successful attempt to preregister a client for a certificate. |
-returnpkcs10 | This returns the server certificate in B64 format. |
returnbrowsercertNS | This contains [base64cert], which is the base64 substitution variable. |
returnbrowsercertIE | This contains a script for producing a popup window installing your certificate (if you are using the Microsoft Internet Explorer browser). See Figure 1 for a sample of this web page. |