The final section of the
pkiserv.tmpl file contains
several sample INSERTS. The following example is an excerpt from the
INSERT section of the
pkiserv.tmpl file. (The vertical
ellipses indicate omitted sections.)
# =====================================================================
#
# Sample INSERTS
#
# =====================================================================
#
<INSERT NAME=-AdditionalHeadIE>
<OBJECT
classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
CODEBASE="xenroll.cab#Version=5,131,3659,0"
id="certmgr"
>
</OBJECT>
<OBJECT
classid="clsid:884e2049-217d-11da-b2a4-000e7bbb2b09"
id="g_objWCF"
>
</OBJECT>
</INSERT>
<INSERT NAME=-requestok> 1
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Web Based Certificate Generation Success</TITLE>
</HEAD>
<BODY>
<H1> Request submitted Successfully</H1>
[errorinfo]
<p> Here's your transaction ID. You will need it to retrieve your
certificate. Press 'Continue' to retrieve the certificate.
<p> <TABLE BORDER><TR><TD>[transactionid]</TD></TR></TABLE>
<FORM METHOD=GET ACTION="/[application]/ssl-cgi/caretrieve.rexx"> 2
<INPUT NAME="Template" TYPE="hidden" VALUE="[tmplname]">
<INPUT NAME="TransactionId" TYPE="hidden" VALUE="[transactionid]">
<INPUT TYPE="submit" VALUE="Continue">
</FORM>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
<INSERT NAME=-requestbad> 3
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Web Based Certificate Generation Failure</TITLE>
</HEAD>
<BODY>
<H1> Request was not successful</H1>
<p> Please correct the problem or report the error to your Web admin
person<br>
<PRE>
[errorinfo]
</PRE>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
⋮
<INSERT NAME=-returnpkcs10> 4
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd">
<HTML lang="en"><HEAD>
<TITLE> Web Based Certificate Generation Application Pg 4</TITLE>
</HEAD>
<BODY>
<H1> Here's Your Certificate. Cut and Paste it to a File</H1>
<TABLE BORDER><TR><TD>
<PRE>
[base64cert] 5
</PRE>
</TD></TR></TABLE>
<p>%%-pagefooter%%
</BODY>
</HTML>
</INSERT>
⋮
</BODY>
</HTML>
</INSERT>
#
# =====================================================================
#
# X.509 fields (INSERTs) valid for certificate requests
#
# =====================================================================
#
⋮
<INSERT NAME=PublicKeyIE> 6
<SCRIPT LANGUAGE="VBScript">
<!--
⋮
// -->
</SCRIPT>
# =====================================================================
⋮
<INSERT NAME=PassPhrase> 7
<p> <LABEL for="passphrasefield">Pass phrase for securing this request. You will need to supply
this value when retrieving your certificate [optfield]</LABEL> <BR>
<INPUT NAME="PassPhrase" TYPE="password" SIZE=32 maxlength="32" id="passphrasefield"> <BR>
<p> <LABEL for="passphrase2field">Reenter your pass phrase to confirm</LABEL> <BR>
<INPUT NAME="ConfirmPassPhrase" TYPE="password" SIZE=32
maxlength="32" id="passphrase2field">
<SCRIPT LANGUAGE="JavaScript">
<!--
function ValidPassPhrase(frm){
if ("[optfield]" == "" && frm.PassPhrase.value == "") {
alert("Enter required field."); frm.PassPhrase.focus();
return false;
}
if ("[optfield]" == "" && frm.ConfirmPassPhrase.value == "") {
alert("Reenter the pass phrase."); frm.ConfirmPassPhrase.focus();
return false;
}
if (frm.PassPhrase.value != frm.ConfirmPassPhrase.value) {
alert("Passwords don't match. Reenter."); frm.PassPhrase.focus();
return false;
}
return true;
}
//-->
</SCRIPT>
</INSERT>
⋮
<INSERT NAME=-pagefooter>
<p>email: webmaster@your_company.com
</INSERT>
The numbers in the following list refer to
the highlighted tags in the preceding excerpt of the INSERT section.
- The -requestok INSERT has the logic
to generate the certificate. If the certificate is successfully generated,
a Web page (whose main heading is "Request submitted successfully")
is displayed. This Web page includes the transaction ID.
- The -requestok INSERT includes an ACTION that
calls caretrieve.rexx, which allows the user to retrieve
the certificate.
- Alternately, if the request is not successful, the -requestbad INSERT
gains control.
- (The caretrieve.rexx CGI displays
the RETRIEVECONTENT subsection (see list item 15) HTML, which displays a
Web page that prompts the user for the transaction ID associated with
the certificate request. The user enters the transaction ID (and any
password) and clicks the Continue button, which calls cagetcert.rexx.)
The cagetcert.rexx CGI calls R_PKIServ for
EXPORT of the certificate. If the export is successful, cagetcert.rexx displays
the HTML under the RETURNCERT subsection. (See list item 18.)
- The base64-encoded certificate is displayed on the Web page by
using the [base64cert] substitution variable.
- This is a browser-qualified PublicKey INSERT for Internet Explorer.
- Additional INSERTs are certificate field name INSERTs. These describe
the fields using the HTML dialogs that are displayed on the Web pages
if the user is allowed to input these fields. For example, PassPhrase
is a text field with a maximum length of 32 characters. The two-year
PKI browser certificate for authenticating to z/OS allows the
user to fill in this field. (%%PassPhrase%% is listed
in the input fields; see list item 8.)