Subtask 5: Steps for updating the PKI Services template file
Perform this task only if you implement the web application using REXX CGI execs. If you implement the web application using Java™Server pages (JSPs), each CA domain has a separate template file. Each template file describes the application domains for the CA domain. Each application domain is essentially a subset of the users and certificate request templates for the CA domain.
Before you begin
This procedure requires you to be familiar with the information in Customizing the end-user web application if you use REXX CGI execs. More information about the following steps is found there.Procedure
- Edit the new pkiserv.tmpl file (you copied it
in Step 2 of Subtask 4: Steps for configuring the UNIX environment) by entering the following command from
the UNIX command line: Example:
oedit /etc/pkiserv/employees/pkiserv.tmpl
_______________________________________________________________
- Locate all occurrences of the CA domain named Customers (in mixed case, uppercase, or lowercase) and change them to the
name of this new CA domain, being careful to preserve the case. Example: If the new CA domain is Employees (in mixed case), change the default values to the name of your new CA domain.
Default values for the
Customers CA domainNew values for the
Employees CA domainACTION="/Customers/…"
(in mixed case)ACTION="/Employees/…"
(also in mixed case)<APPLICATION NAME=CUSTOMERS>
(in uppercase)<APPLICATION NAME=EMPLOYEES>
(also in uppercase)_______________________________________________________________
- If you intend to have the same set of administrators for
all your CA domains, skip this step and proceed to Step 4.
If you intend to have a dedicated set of administrators for each CA domain, change the name of the PKISERV application section to the corresponding name of the administrative domain in Table 1. This value must be specified in uppercase characters only.
Example: If the new administrative domain is named AdmEmployees, change the default value (PKISERV) to the name of your new administrative CA domain.Default value for the PKISERV
administrative CA domainNew value for the new
AdmEmployees
administrative CA domain<APPLICATION NAME=PKISERV>
(in uppercase)<APPLICATION NAME=ADMEMPLOYEES>
(also in uppercase)_______________________________________________________________
- If you intend to have the same set of administrators
for all your CA domains, edit the main templates file (/etc/pkiserv/pkiserv.tmpl) as follows:
Do not update the PKISERV application section in this domain-specific pkiserv.tmpl file; it is not used. The PKISERV application section in the templates file for your initial CA domain is used instead.
- Replicate the following lines in the APPLICATION section of the
PKISERV application:
<h3>Go the Customers' home page </h3> <FORM name=admform METHOD=GET ACTION="/Customers/public-cgi/camain.rexx"> <p> <INPUT TYPE="submit" VALUE="Customers' Home Page"> </FORM>
- Change all occurrences of the string Customers in the replicated lines to the name of this CA domain, being careful
to preserve case.
Example: Change ACTION="/Customers/public-cgi/camain.rexx"> to ACTION="/Employees/public-cgi/camain.rexx">.
- Uncomment the %%SelectCADomain%% directive in the ADMINSCOPE subsection of the APPLICATION section for the PKISERV application by removing the leading # character. (The %%SelectCADomain%% directive enables multiple CA administration.)
- Update the SelectCADomain insert to include an
OPTION entry for this CA domain. If this CA domain is used more often
than any other, mark the entry SELECTED and remove SELECTED from any other entry.Example:
<INSERT NAME=SelectCADomain> <p> <LABEL for="selectcadomfield">Select the CA domain to work with </LABEL> <SELECT NAME="domain" id="selectcadomfield"> # rename and replicate the following line for every CA domain and # determine which one should be SELECTED by default, if any <OPTION VALUE="Employees" SELECTED>Employees <OPTION VALUE="Customers">Customers </SELECT>
_______________________________________________________________
- Replicate the following lines in the APPLICATION section of the
PKISERV application:
When you are done:
You have customized the PKI Services template file (pkiserv.tmpl) for this CA domain. Record your progress in Table 1.Continue to the next subtask. Guideline: Complete all subtasks for this new CA domain and ensure that it operates properly before adding another CA domain.