Subtask 5: Steps for updating the PKI Services template file

Perform this task only if you implement the web application using REXX CGI execs. If you implement the web application using Java™Server pages (JSPs), each CA domain has a separate template file. Each template file describes the application domains for the CA domain. Each application domain is essentially a subset of the users and certificate request templates for the CA domain.

Before you begin

This procedure requires you to be familiar with the information in Customizing the end-user web application if you use REXX CGI execs. More information about the following steps is found there.

Procedure

Perform the following steps to customize the PKI Services template file (pkiserv.tmpl) for this new CA domain.
  1. Edit the new pkiserv.tmpl file (you copied it in Step 2 of Subtask 4: Steps for configuring the UNIX environment) by entering the following command from the UNIX command line:
    Example:
    oedit /etc/pkiserv/employees/pkiserv.tmpl

    _______________________________________________________________

  2. Locate all occurrences of the CA domain named Customers (in mixed case, uppercase, or lowercase) and change them to the name of this new CA domain, being careful to preserve the case.
    Example: If the new CA domain is Employees (in mixed case), change the default values to the name of your new CA domain.

    Default values for the
    Customers CA domain

    New values for the
    Employees CA domain

    ACTION="/Customers/…"
    (in mixed case)

    ACTION="/Employees/…"
    (also in mixed case)

    <APPLICATION NAME=CUSTOMERS>
    (in uppercase)

    <APPLICATION NAME=EMPLOYEES>
    (also in uppercase)

    _______________________________________________________________

  3. If you intend to have the same set of administrators for all your CA domains, skip this step and proceed to Step 4.

    If you intend to have a dedicated set of administrators for each CA domain, change the name of the PKISERV application section to the corresponding name of the administrative domain in Table 1. This value must be specified in uppercase characters only.

    Example: If the new administrative domain is named AdmEmployees, change the default value (PKISERV) to the name of your new administrative CA domain.

    Default value for the PKISERV
    administrative CA domain

    New value for the new
    AdmEmployees
    administrative CA domain

    <APPLICATION NAME=PKISERV>
    (in uppercase)

    <APPLICATION NAME=ADMEMPLOYEES>
    (also in uppercase)

    _______________________________________________________________

  4. If you intend to have the same set of administrators for all your CA domains, edit the main templates file (/etc/pkiserv/pkiserv.tmpl) as follows:

    Do not update the PKISERV application section in this domain-specific pkiserv.tmpl file; it is not used. The PKISERV application section in the templates file for your initial CA domain is used instead.

    1. Replicate the following lines in the APPLICATION section of the PKISERV application:
      <h3>Go the Customers' home page </h3>
<FORM name=admform METHOD=GET
   ACTION="/Customers/public-cgi/camain.rexx">
<p>
<INPUT TYPE="submit" VALUE="Customers' Home Page">
</FORM>
    2. Change all occurrences of the string Customers in the replicated lines to the name of this CA domain, being careful to preserve case.

      Example: Change ACTION="/Customers/public-cgi/camain.rexx"> to ACTION="/Employees/public-cgi/camain.rexx">.

    3. Uncomment the %%SelectCADomain%% directive in the ADMINSCOPE subsection of the APPLICATION section for the PKISERV application by removing the leading # character. (The %%SelectCADomain%% directive enables multiple CA administration.)
    4. Update the SelectCADomain insert to include an OPTION entry for this CA domain. If this CA domain is used more often than any other, mark the entry SELECTED and remove SELECTED from any other entry.
      Example: 
      <INSERT NAME=SelectCADomain>
<p> <LABEL for="selectcadomfield">Select the CA domain to work with </LABEL>
<SELECT NAME="domain" id="selectcadomfield">
# rename and replicate the following line for every CA domain and
# determine which one should be SELECTED by default, if any
<OPTION VALUE="Employees" SELECTED>Employees
<OPTION VALUE="Customers">Customers
</SELECT>

    _______________________________________________________________

When you are done:

You have customized the PKI Services template file (pkiserv.tmpl) for this CA domain. Record your progress in Table 1.

Continue to the next subtask. Guideline: Complete all subtasks for this new CA domain and ensure that it operates properly before adding another CA domain.

Parent topic: Adding a new CA domain