Removed unnecessary pki folder.

Previously the source code was located inside a pki folder. This folder was created during svn migration and is no longer needed. This folder has now been removed and the contents have been moved up one level. Ticket #131
author: Endi Sukma Dewata <edewata@redhat.com> 2012-03-24 02:27:47 -0500
committer: Endi Sukma Dewata <edewata@redhat.com> 2012-03-26 11:43:54 -0500
commit: 621d9e5c413e561293d7484b93882d985b3fe15f (patch)
tree: 638f3d75761c121d9a8fb50b52a12a6686c5ac5c /dogtag
parent: 40d3643b8d91886bf210aa27f711731c81a11e49 (diff)
download: pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz
pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz
pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip
749 files changed, 114094 insertions, 0 deletions
diff --git a/dogtag/CMakeLists.txt b/dogtag/CMakeLists.txt
new file mode 100644
index 000000000..d83f91591
--- /dev/null
+++ b/dogtag/CMakeLists.txt
@@ -0,0 +1,16 @@
+project(dogtag)
+
+if (APPLICATION_FLAVOR_IPA_PKI_THEME)
+    add_subdirectory(common-ui)
+    add_subdirectory(ca-ui)
+endif (APPLICATION_FLAVOR_IPA_PKI_THEME)
+if (APPLICATION_FLAVOR_DOGTAG_PKI_THEME)
+    add_subdirectory(common-ui)
+    add_subdirectory(ca-ui)
+    add_subdirectory(kra-ui)
+    add_subdirectory(ocsp-ui)
+    add_subdirectory(ra-ui)
+    add_subdirectory(tks-ui)
+    add_subdirectory(tps-ui)
+    add_subdirectory(console-ui)
+endif (APPLICATION_FLAVOR_DOGTAG_PKI_THEME)
diff --git a/dogtag/ca-ui/CMakeLists.txt b/dogtag/ca-ui/CMakeLists.txt
new file mode 100644
index 000000000..68c1c2061
--- /dev/null
+++ b/dogtag/ca-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(ca-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/ca-ui/LICENSE b/dogtag/ca-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/ca-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/ca-ui/shared/webapps/ca/404.html b/dogtag/ca-ui/shared/webapps/ca/404.html
new file mode 100755
index 000000000..bd04559aa
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>CA 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ca/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ca/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ca/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System CA Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/500.html b/dogtag/ca-ui/shared/webapps/ca/500.html
new file mode 100755
index 000000000..a775341e5
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>CA 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ca/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ca/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ca/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System CA Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/GenUnexpectedError.template b/dogtag/ca-ui/shared/webapps/ca/GenUnexpectedError.template
new file mode 100644
index 000000000..1e51f85e9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/GenUnexpectedError.template b/dogtag/ca-ui/shared/webapps/ca/admin/GenUnexpectedError.template
new file mode 100644
index 000000000..7a47f2c2b
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Admin Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/admin/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/ca/EnrollSuccess.template b/dogtag/ca-ui/shared/webapps/ca/admin/ca/EnrollSuccess.template
new file mode 100644
index 000000000..d0e5af3dd
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/ca/EnrollSuccess.template
@@ -0,0 +1,245 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Enrollment Success
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+
+document.writeln('Congratulations a certificate has been issued and ' +
+'the administrator now has Certificate Manager Agent privileges.' +
+'  You can now go to the <b>Agent Services</b> page' +
+' to process any pending requests.');
+
+document.writeln('<P>');
+document.writeln('Issued Certificates: </font>');
+document.writeln('<P>');
+document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/ca/admin/graphics/hr.gif" width="100%">');
+document.writeln('  <tr> ');
+document.writeln('    <td>&nbsp;</td>');
+document.writeln('  </tr>');
+document.writeln('</table>');
+
+if (result.recordSet == null) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+}
+else if (result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('0');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	// document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+/*			document.write('Serial number ');
+			document.write('<B><PRE>');
+			document.writeln(toHex(result.recordSet[i].serialNo));
+			document.write('</B></PRE>');
+			document.writeln('<P>');
+			document.write('Base 64 encoded Cert<BR>');
+			document.write('<PRE>');
+			document.writeln(result.recordSet[i].base64Cert);
+			document.write('</PRE>');
+			document.writeln('<P>');
+			document.write('Cert Pretty Print<BR>');
+			document.write('<PRE>');
+			document.writeln(result.recordSet[i].certPrettyPrint);
+			document.write('</PRE>');
+*/
+
+			document.write('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Serial number ');
+			document.writeln('&nbsp; 0x' + result.recordSet[i].serialNo);
+			document.writeln('</font><br>');
+
+			document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+			document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+			document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+			document.writeln('Certificate contents</font></td></tr></table>');
+
+			document.writeln('<pre>');
+//			document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+			document.write(result.recordSet[i].certPrettyPrint);
+//			document.writeln('</font>');
+			document.writeln('</pre>');
+/*
+			document.writeln('<p>');
+			document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+			document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+			document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+			document.writeln('Certificate fingerprints</font></td></tr></table>');
+
+			document.writeln('<pre>');
+			document.write(result.recordSet[i].certFingerprint);
+			document.writeln('</pre>');
+*/
+			document.writeln('<p>');
+			document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+			document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+			document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+			document.writeln('Base 64 encoded certificate</font></td></tr></table>');
+			document.writeln('<p><pre>');
+//			document.write('<font face="PrimaSans BT, Verdana, sans-serif" >');
+			document.writeln(result.recordSet[i].base64Cert);
+//			document.writeln('</font>');
+			document.writeln('</pre>');
+		}
+	}
+	// document.writeln('</UL>');
+
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+document.writeln('<P>');
+
+// import certs if cartman.
+if (navigator.appName == 'Netscape' && 
+	typeof(crypto.version) != "undefined" &&
+	typeof(result.fixed.crmfReqId) != "undefined") {
+	
+//		window.location = result.fixed.scheme + "://" +
+//		result.fixed.host + ":" + result.fixed.port +
+//		"/ca/getAdminCertBySerial?serialNumber=" +
+//		record.serialNo +
+//		"&importCert=true";
+
+	var errors = crypto.importUserCertificates(null, 
+			result.fixed.cmmfResponse, false);
+
+	if (errors != '') {
+		document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+		document.writeln(
+			'<b>ERROR</b>Could not import the certificate into your browser '+
+			'using nickname '+result.fixed.certNickname+'.<p>');
+		document.writeln(
+			'The following error message was returned by the browser '+
+			'when importing the certificate:');
+		document.writeln('</font>');
+		document.writeln('<BLOCKQUOTE><PRE>');
+		document.writeln(errors);
+		document.writeln('</PRE></BLOCKQUOTE>');
+	}
+	else {
+		document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+		document.writeln(
+			'Your certificate was successfully imported to the browser '+
+			'with nickname '+result.fixed.certNickname);
+		document.writeln('</font>');
+	}
+
+	// crypto.importUserCertificates(result.fixed.certNickname,
+	//	result.fixed.cmmfResponse, false);
+} else if (navigator.appName == 'Netscape' && 
+                typeof(crypto.version) == "undefined") {
+        // non Cartman
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/ca/getAdminCertBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+}
+
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+	Sub ImportCertificate
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+
+	ImportCertificate()
+
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/ca/ImportAdminCert.template b/dogtag/ca-ui/shared/webapps/ca/admin/ca/ImportAdminCert.template
new file mode 100644
index 000000000..e52764ec6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/ca/ImportAdminCert.template
@@ -0,0 +1,58 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>VBScript Administrator Certificate Enrollment
+</TITLE>
+<CMS_TEMPLATE>
+<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"
+    codebase="xenroll.dll"
+    id=Enroll >
+</OBJECT>
+<SCRIPT language="VBScript">
+<!--
+                Dim pkcs7
+
+                On Error Resume Next
+
+                'Convert the cert to PKCS7 format
+                pkcs7 = result.header.pkcs7
+                If (IsEmpty(pkcs7) OR theError <> 0) Then
+                    ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+                End If
+
+                'Import the PKCS7 object
+                Enroll.DeleteRequestCert = FALSE
+                Enroll.WriteCertToCSP = true
+                Enroll.acceptPKCS7(pkcs7)
+                if err.number <> 0 then
+                        Enroll.WriteCertToCSP = false
+                end if
+                err.clear
+                Enroll.acceptPKCS7(pkcs7)
+                if err.number = 0 then
+                    MsgBox "Certificate has been successfully imported."
+                else
+                    sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+                    MsgBox sz
+                end if
+-->
+</SCRIPT>
+</head>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/ca/ImportCert.template b/dogtag/ca-ui/shared/webapps/ca/admin/ca/ImportCert.template
new file mode 100644
index 000000000..8df83eca9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/ca/ImportCert.template
@@ -0,0 +1,242 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+//document.writeln('<P>');
+//document.writeln('host  '+result.fixed.host+'<BR>');
+//document.writeln('port  '+result.fixed.port+'<BR>');
+//document.writeln('scheme  '+result.fixed.scheme+'<BR>');
+//document.writeln('authority  '+result.fixed.authorityName+'<BR>');
+
+function navMajorVersion()
+{
+	return parseInt(
+		navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+document.writeln('Importing the following certificate to your browser:');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No more information on your certificate is provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			//document.write('Serial number ');
+			//document.write('<BLOCKQUOTE><B><PRE>');
+			//document.writeln(result.recordSet[i].serialNo);
+			//document.write('</BLOCKQUOTE></B></PRE>');
+			//document.writeln('<P>');
+			//document.write('Your certificate in Base 64 encoded form:<BR>');
+			//document.write('<BLOCKQUOTE><PRE>');
+			//document.writeln(result.recordSet[i].base64Cert);
+			//document.write('</PRE></BLOCKQUOTE>');
+			document.writeln('<P>');
+			document.write('Certificate Content: <BR>');
+			document.write('<BLOCKQUOTE><PRE>');
+			document.writeln(result.recordSet[i].certPrettyPrint);
+			document.write('</PRE></BLOCKQUOTE>');
+		}
+	}
+	document.writeln('</UL>');
+
+}
+
+// NOTE: importUserCertificate should be done before this point  but 
+// it creates a javascript error that clobbers the result variable set in 
+// the template. 
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && 
+	typeof(crypto.version) != "undefined" && 
+	typeof(result.fixed.crmfReqId) != "undefined") {
+	//alert('certNickname is '+result.fixed.certNickname);
+	//alert(result.fixed.cmmfResponse);
+	var errors = crypto.importUserCertificates(null,
+				 result.fixed.cmmfResponse, false);
+	// var errors = crypto.importUserCertificates(result.fixed.certNickname,
+	//			 result.fixed.cmmfResponse, false);
+
+	// NOTE: Alpha version of cartman always returns a non-empty string 
+	// from importUserCertificates() so we can only always assume succcess. 
+	// Uncomment the following line and add appropriate javascripts/messages 
+	// for use with a later version of cartman.
+	// This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below 
+	// to check for errors returned from importUserCertificates.  
+	if (errors != '') {
+		document.writeln(
+			'<b>ERROR</b>Could not import the certificate into your browser '+
+			'using nickname '+result.fixed.certNickname+'.<p>');
+		document.writeln(
+			'The following error message was returned by the browser '+
+			'when importing the certificate:');
+		document.writeln('<BLOCKQUOTE><PRE>');
+		document.writeln(errors);
+		document.writeln('</PRE></BLOCKQUOTE>');
+	}
+	else {
+		document.writeln(
+			'Your certificate was successfully imported to the browser '+
+			'with nickname '+result.fixed.certNickname);
+	}
+
+//	document.writeln(
+//		'NOTE: '+
+//		'The following was returned by the browser when importing '+
+//		'the certificate:');
+//	document.writeln('<BLOCKQUOTE><PRE>');
+//	document.writeln(errors);
+//	document.writeln('</PRE></BLOCKQUOTE>');
+//	document.writeln(
+//		'If there was an error message it could be that you do not have '+
+//		'the private key of the certificate you are trying to import. '+
+//		'Please consult your system administrator for assistance.');
+}
+
+//-->
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'>
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+
+        'Get OS Version, works for Vista and below only
+        Function GetOSVersion
+               dim agent
+               dim res
+               dim pos
+
+               agent = Navigator.appVersion
+               pos = InStr(agent,"NT 6.")
+
+               If pos > 0 Then
+                  GetOSVersion = 6
+                  Exit Function
+               End If
+
+               pos = InStr(agent,"NT 5.")
+
+               If pos > 0 Then
+                  GetOSVersion = 5
+                  Exit Function
+               End If
+
+               GetOSVersion = 5
+        End Function
+
+	Sub ImportCertificate
+		Dim pkcs7
+                Dim res
+                Dim osVersion
+
+		On Error Resume Next
+                osVersion = GetOSVersion()
+                 
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+                If osVersion <> 6 Then  'Not Vista
+
+		  'Import the PKCS7 object
+		  Enroll.DeleteRequestCert = FALSE
+		  Enroll.WriteCertToCSP = true
+		  Enroll.acceptPKCS7(pkcs7)
+		  if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		  end if
+		  err.clear
+		  Enroll.acceptPKCS7(pkcs7)
+		  if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		  else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		  end if
+		  Exit Sub
+                Else  'Vista
+                  Dim enrollObj
+
+                  Set enrollObj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+		  If IsObject(enrollObj) =  False Then
+                    res = MsgBox("Can't create Enroll Object!")
+                    Exit Sub
+                  End If
+
+                  enrollObj.Initialize(1)
+                  enrollObj.InstallResponse 0,pkcs7,6,""
+
+                  If Err.number <> 0 Then
+                    sz = "Error in InstallResponse. Error Number " & Hex(err.number) & " occurred."
+                    res =MsgBox(sz & Err.description)
+                  else
+                    res = MsgBox("Certificate has been successfully imported.")
+                  End If
+                End If
+	End Sub
+
+	ImportCertificate()
+-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/ca/adminEnroll.html b/dogtag/ca-ui/shared/webapps/ca/admin/ca/adminEnroll.html
new file mode 100644
index 000000000..e4be5c746
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/ca/adminEnroll.html
@@ -0,0 +1,779 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Admin Enrollment form.</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/admin/cms-funcs.js"></script>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/admin/helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/admin/dynamicVars.js"></SCRIPT>
+
+
+<SCRIPT>
+<!--
+function navMajorVersion() 
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function updateUid(f)
+{
+   if (f.uid.value != '') {
+     f.UID1.value = f.uid.value;
+   }
+   formulateDN(f, f.subject);
+}
+
+var crmfObject;
+function validate(form)
+{
+    if (!checkValidity())
+        return false;
+
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+			alert("You must supply your password");
+            return false;
+        }
+
+	if (isValidCSR(form) == false) {
+		//alert(' is not valid csr');
+		return false;
+	}
+
+        var keyGenAlg = "rsa-ex";
+        // var kraTranCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+        // var keyGenAlg = "rsa-ex";
+
+		var keylen=512;
+
+        // generate keys for cartman.
+        if (navigator.appName == "Netscape" && 
+			 typeof(crypto.version) != "undefined") {
+			certNickname.value = subject.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				subject.value,
+               	"regToken", "authenticator", 
+				null,
+                "setCRMFRequest();", 
+                keylen, null, "rsa-dual-use");
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		//alert(crmfObject.request);
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN(a,b)
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.C.Value <> Empty) Then
+			If doubleQuotes(TheForm.C.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Country field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "C=" & escapeDNComponent(TheForm.C.Value)
+		End If
+
+		If (TheForm.O.Value <> Empty) Then
+			If doubleQuotes(TheForm.O.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Organiztion field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "O=" & escapeDNComponent(TheForm.O.Value)
+		End If
+
+		If (TheForm.OU.Value <> Empty) Then
+			If doubleQuotes(TheForm.OU.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Org Unit field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value)
+		End If
+
+		If (TheForm.UID1.Value <> Empty) Then
+			If doubleQuotes(TheForm.UID1.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID1.Value)
+		End If
+
+		If (TheForm.CN.Value <> Empty) Then
+			If doubleQuotes(TheForm.CN.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Common Name field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value)
+		End If
+
+		If (TheForm.E.Value <> Empty) Then
+			If doubleQuotes(TheForm.E.Value) = True Then
+				MsgBox "Double quotes are not allowed in the eMail field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "E=" & escapeDNComponent(TheForm.E.Value)
+		End If
+
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN("","")
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<script lang=javascript>
+//<!--
+	if (navigator.appName == "Netscape" && 
+		navMajorVersion() <= 3) {
+        document.writeln(
+		'<form name="ReqForm" method="post" action="adminEnroll">');
+	} else
+	if (navigator.appName == "Netscape" && 
+		typeof(crypto.version) != "undefined") {
+        document.writeln(
+		'<form name="ReqForm" method="post" action="adminEnroll">');
+	} else {
+        document.writeln(
+			'<form name="ReqForm" method="post" action="adminEnroll" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+//-->
+</script>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Administrator/Agent Certificate Enrollment<br>
+</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  To access the Agent Services pages and approve requests for certificates,
+  you must have a personal client SSL certificate so that Certificate
+  System can authenticate your identity. You must also
+  be designated as an agent, or privileged user.
+  <p>
+  Use this form to request this first personal certificate to be issued
+  by the system. When you submit the form, the certificate is issued
+  immediately and returned to you. The system also adds you 
+  automatically to the list of agents. You must import the new
+  certificate into your browser before you can access the Agent Services
+  pages.
+  <p>
+  <b>After you submit this form, it is automatically disabled.</b> To enroll
+  again, or to enroll other users, please see the documentation.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background=/ca/admin/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	  <b>Important:</b> 
+    </font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Be sure to request your certificate on the same computer
+      on which you plan to use the certificate.
+	</font></td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="0" background=/ca/admin/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td colspan="2" valign="TOP">
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	    <b>Authentication Information</b><br>
+        Enter the user ID and password for the administrator/agent.
+    </td>
+  </tr>
+  <tr> 
+    <td align="RIGHT"> 
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+      User ID:</font>
+    </td>
+    <td valign="TOP"> 
+      <input type="TEXT" name="uid" size="30" onchange="updateUid(this.form)">
+    </td>
+  </tr>
+  <tr> 
+    <td align="RIGHT"> 
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+      Password:</font> 
+    </td>
+    <td valign="TOP"> 
+      <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+    </td>
+  </tr>
+
+  <tr>
+    <td VALIGN=TOP COLSPAN="2">
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        <b>Subject Name</b><br>
+        Enter values for the DN components you want to have in your certificate.
+      </font>
+    </td>
+  </tr>
+
+  <tr>
+    <td align=right>
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        Full name:
+      </font>
+    </td>
+    <td VALIGN=TOP>
+      <input type="HIDDEN" name="csrRequestorName">
+      <input type="TEXT" name="CN" value="CS Administrator" size="30" onchange="formulateDN(this.form, this.form.subject)">
+    </td>
+  </tr>
+
+  <tr>
+    <td ALIGN=RIGHT>
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        Login name:
+      </font>
+    </td>
+    <td VALIGN=TOP>
+      <input type="TEXT" name="UID1" size="30" onchange="formulateDN(this.form, this.form.subject)">
+    </td>
+  </tr>
+
+  <tr>
+    <td ALIGN=RIGHT>
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        Email address:
+      </font>
+    </td>
+    <td>
+      <input type="TEXT" name="E" size="30" onchange="formulateDN(this.form, this.form.subject)">
+    </td>
+  </tr>
+
+  <tr>
+    <td ALIGN=RIGHT>
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        Organization unit:
+      </font>
+    </td>
+    <td>
+      <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)">
+    </td>
+  </tr>
+
+  <tr>
+    <td ALIGN=RIGHT>
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        Organization:
+      </font>
+    </td>
+    <td>
+      <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)">
+    </td>
+  </tr>
+
+  <tr>
+    <td ALIGN=RIGHT>
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        Country:
+      </font>
+    </td>
+    <td>
+      <input type="TEXT" name="C" value="US" size=2 maxlength=2 onchange="formulateDN(this.form, this.form.subject)">
+    </td>
+  </tr>
+
+  <tr>
+    <td></td>
+
+    <td>
+      <!-- for Netscape Certificate Type Extension -->
+      <input type="HIDDEN" value="false" name="email">
+      <input type="HIDDEN" value="true" name="ssl_client">
+      <!-- for Key Usage Extension -->
+      <input type="HIDDEN" name="digital_signature" value=true>
+    </td>
+  </tr>
+
+<script lang=javascript>
+<!--
+function renderSelectionWithNames(name, from, to, selected, names)
+{
+    document.writeln('<SELECT NAME="'+name+'" onChange="checkValidity()">');
+    for (var i = from; i < to; i++) {
+        if (i == selected) {
+            document.writeln('<OPTION VALUE='+i+' SELECTED>'+names[i]);
+        } else {
+            document.writeln('<OPTION VALUE='+i+'>'+names[i]);
+        }
+    }
+    document.writeln('</SELECT>');
+}
+
+function renderSelection(name, from, to, selected)
+{
+    document.writeln('<SELECT NAME="'+name+'" onChange="checkValidity()">');
+    for (var i = from; i < to; i++) {
+        if (i == selected) {
+            document.writeln('<OPTION VALUE='+i+' SELECTED>'+i);
+        } else {
+            document.writeln('<OPTION VALUE='+i+'>'+i);
+        }
+    }
+    document.writeln('</SELECT>');
+}
+
+function renderValidityInfo()
+{
+    document.writeln('<tr><td valign="top" colspan="2">');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Validity</b><br>');
+    document.writeln('Set certificate validity period by selecting dates,');
+    document.writeln('for which certificate is not valid before and not valid after.');
+    document.writeln('</font></td></tr>');
+
+    var months = new Array("January", "February", "March", "April",
+                           "May", "June", "July", "August",
+                           "September", "October", "November", "December");
+
+    var startDay = new Date(serverdate);
+    var year = startDay.getFullYear();
+    var time1 = startDay.getTime();
+    var time2 = time1 + 31536000000;  // 1 Year (365 days)
+    var endDay = new Date(time2);
+
+
+    document.writeln('<tr><td align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     'Not valid before:</font></td>');
+    document.writeln('<td valign="top">');
+
+    renderSelection("fromDay", 1, 32, startDay.getDate());
+    renderSelectionWithNames("fromMonth", 0, months.length, startDay.getMonth(), months);
+    renderSelection("fromYear", year-2, year+10, year);
+    document.writeln('&nbsp;&nbsp;');
+    renderSelection("fromHour", 0, 24, startDay.getHours());
+    renderSelection("fromMinute", 0, 60, startDay.getMinutes());
+    renderSelection("fromSecond", 0, 60, startDay.getSeconds());
+    document.writeln('</td></tr>');
+
+
+    document.writeln('<tr><td align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     'Not valid after:</font></td>');
+    document.writeln('<td valign="top">');
+
+    renderSelection("toDay", 1, 32, endDay.getDate());
+    renderSelectionWithNames("toMonth", 0, months.length, endDay.getMonth(), months);
+    renderSelection("toYear", year-2, year+10, endDay.getFullYear());
+    document.writeln('&nbsp;&nbsp;');
+    renderSelection("toHour", 0, 24, endDay.getHours());
+    renderSelection("toMinute", 0, 60, endDay.getMinutes());
+    renderSelection("toSecond", 0, 60, endDay.getSeconds());
+    document.writeln('</td></tr>');
+
+    document.writeln('<tr><td valign="top" colspan="2">');
+    document.writeln('<input type="HIDDEN" name="notValidBefore" value="">');
+    document.writeln('<input type="HIDDEN" name="notValidAfter" value="">');
+    document.writeln('</td></tr>');
+
+    document.forms[0].notValidBefore.value = time1;
+    document.forms[0].notValidAfter.value = time2;
+}
+
+function checkValidity()
+{
+    var i;
+    var fromDate;
+    i = document.forms[0].fromDay.selectedIndex;
+    var day = document.forms[0].fromDay.options[i].value;
+    i = document.forms[0].fromMonth.selectedIndex;
+    var month = document.forms[0].fromMonth.options[i].value;
+    i = document.forms[0].fromYear.selectedIndex;
+    var year = document.forms[0].fromYear.options[i].value;
+    i = document.forms[0].fromHour.selectedIndex;
+    var hour = document.forms[0].fromHour.options[i].value;
+    i = document.forms[0].fromMinute.selectedIndex;
+    var minute = document.forms[0].fromMinute.options[i].value;
+    i = document.forms[0].fromSecond.selectedIndex;
+    var second = document.forms[0].fromSecond.options[i].value;
+
+    fromDate = new Date(year,month,day,hour,minute,second);
+    if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return false;
+    }
+    var fromTime = fromDate.getTime();
+
+    var toDate;
+    i = document.forms[0].toDay.selectedIndex;
+    day = document.forms[0].toDay.options[i].value;
+    i = document.forms[0].toMonth.selectedIndex;
+    month = document.forms[0].toMonth.options[i].value;
+    i = document.forms[0].toYear.selectedIndex;
+    year = document.forms[0].toYear.options[i].value;
+    i = document.forms[0].toHour.selectedIndex;
+    hour = document.forms[0].toHour.options[i].value;
+    i = document.forms[0].toMinute.selectedIndex;
+    minute = document.forms[0].toMinute.options[i].value;
+    i = document.forms[0].toSecond.selectedIndex;
+    second = document.forms[0].toSecond.options[i].value;
+
+    toDate = new Date(year,month,day,hour,minute,second);
+    if (toDate.getMonth() != month || toDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return false;
+    }
+    var toTime = toDate.getTime();
+
+
+    if (fromTime > toTime) {
+        alert("NOT VALID AFTER date should not be earlier than NOT VALID BEFORE date.");
+        return false;
+    }
+
+    document.forms[0].notValidBefore.value = fromTime;
+    document.forms[0].notValidAfter.value = toTime;
+
+    return true;
+}
+
+renderValidityInfo();
+//-->
+</script>
+
+  <tr> 
+    <td valign="TOP" colspan="2">
+	  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        <b>User's Key Information</b><br>
+        When your submit this form, the browser generates a private and 
+        public key. The browser retains the private key and submits the 
+        public key along with your request for a certificate. 
+        The public key becomes part of your certificate. <P>
+<script lang=javascript>
+<!--
+		if (navigator.appName == 'Netscape' && navMajorVersion() <= 3) {
+			document.writeln('Select the length of the key to generate. '+
+				'The longer the key length, the greater the strength. ');
+		} else
+		if (navigator.appName == 'Netscape' && typeof(crypto.version) == "undefined") {
+			document.writeln('Select the length of the key to generate. '+
+				'The longer the key length, the greater the strength. ');
+		}
+        if (navigator.appName == "Microsoft Internet Explorer") {
+              document.writeln(
+                  '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                  document.writeln('Cryptographic Provider:');
+                  document.writeln('</font>');
+           document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+                }
+//-->
+</script>
+      </font>
+    </td>
+  </tr>
+  <tr> 
+<script lang=javascript>
+<!--
+        if (navigator.appName == "Netscape") {
+			if (navMajorVersion() <= 3) {
+    			document.write('<td align="right">');
+	      		document.write('<font size="-1" '+
+		    		'face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+			    document.write('Key Length:');
+			    document.write('</font>');
+			    document.write('</td>');
+				document.write('<td>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+				document.write('</td>');
+			} else
+			if (typeof(crypto.version) == "undefined") {
+                //alert('not cartman');
+    			document.write('<td align="right">');
+	      		document.write('<font size="-1" '+
+		    		'face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+			    document.write('Key Length:');
+			    document.write('</font>');
+			    document.write('</td>');
+				document.write('<td>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+				document.write('</td>');
+        	} 
+			else {
+                //alert('cartman');
+				//document.write('<td>');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+				//document.write('</td>');
+			}
+        }
+//-->
+</script>
+
+    </td>
+  </tr>
+
+  <tr> 
+    <td valign="TOP" colspan="2"> 
+      <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background=/ca/admin/graphics/gray90.gif">
+        <tr> 
+          <td> 
+            <div align="RIGHT">
+<script lang=javascript>
+<!--
+        		if (navigator.appName == "Netscape" && 
+			 		navMajorVersion() <= 3) {
+					document.writeln(
+						'<input type="submit" value="Submit" '+
+						'name="submit" width="72">');
+				} else
+        		if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+					document.writeln(
+						'<input type="submit" value="Submit" '+
+						'name="submit" width="72">');
+				}
+				else if (navigator.appName == "Microsoft Internet Explorer") {
+					document.writeln(
+						'<input type="submit" value="Submit" '+
+						'name="Send" width="72">');
+				}
+				else {
+					// alert('cartman');
+					document.writeln(
+						'<input type="button" value="Submit" '+
+						'name="submitbutton" '+
+						'onclick="validate(form)" width="72">');
+        		}
+//-->
+</script>
+
+            <input type="hidden" name="subject" value="" >
+			<img src=/ca/admin/graphics/spacer.gif" width="6" height="6"> 
+			<input type="reset" value="Reset" name="reset" width="72">
+			<img src=/ca/admin/graphics/spacer.gif" width="9" height="6"> 
+			<!-- <input type="button" value="Help" onclick=
+				 "help('http://www.redhat.com/docs/manuals/cert-system#Administrator/Agent Certificate Enrollment')" 
+				 name="button" width="72"> -->
+			<input type="hidden" name="certType" value="client">
+
+<script lang=javascript>
+<!--
+				if (navigator.appName == 'Netscape') {
+					if (navMajorVersion() < 4 ||
+						typeof(crypto.version) == "undefined") {
+						document.write(
+					 	'<input type="hidden" name="importCert" value="off">');
+					} 
+					else {
+						document.write(
+					 	'<input type="hidden" name="CRMFRequest" value="">');
+						document.write(
+					 	'<input type="hidden" name="cmmfResponse" value="on">');
+						document.write(
+					 	'<input type="hidden" name="certNickname" value="">');
+					}
+				}
+				else {
+					// IE 
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+</script>
+            </div>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+        Dim i, j
+        Dim providers()
+        i = 0
+        j = 1
+        Dim el
+        Dim temp
+        Dim first
+        Dim TheForm
+        Set TheForm = document.ReqForm
+        On Error Resume Next
+        first = 0
+
+        Do While True
+        temp = ""
+        Enroll.providerType = j
+        temp = Enroll.enumProviders(i,0)
+        If Len(temp) = 0 Then
+        If j < 1 Then
+          j = j + 1
+          i = 0
+        Else
+          Exit Do
+        End If
+        Else
+        set el = document.createElement("OPTION")
+        el.text = temp
+        el.value = j
+        TheForm.cryptprovider.add(el)
+        If first = 0  Then
+          first = 1
+          TheForm.cryptprovider.selectedIndex = 0
+        End If
+        i = i + 1
+        End If
+        Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template b/dogtag/ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template
new file mode 100644
index 000000000..7d61a8602
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/ca/securitydomainlogin.template
@@ -0,0 +1,114 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+  <head>
+    
+    <title>CA Admin Security Domain Login</title>
+
+    <link rel="shortcut icon" href="/ca/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/ca/css/pki-base.css" type="text/css" />
+<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+  </head>
+
+
+<div id="wrap">
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/ca/admin/console/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/ca/admin/console/img/rhn-icon-software.gif" />
+<script language=javascript>
+document.write('Security Domain ('+result.header.sdname+') Login </h1>');
+</script>
+    <form name=sdForm action="getCookie" method="post">
+
+<script language=javascript>
+document.write('<p>The Enterprise '+result.header.subsystem+' Administrator will register this '+result.header.subsystem+' Subsystem located at '+ result.header.host+' under this Security Domain located at '+result.header.sdhost+'. The credential information will be provided to the Security Domain for authentication.<p>');
+if (result.header.errorString != null)
+document.write('<img src="/ca/admin/console/img/icon_crit_update.gif">&nbsp;<font color="red">'+result.header.errorString+'</font>');
+document.write('<table class="details">');
+document.write('<tr>');
+document.write('<th>Uid:</th>');
+if (result.header.sd_uid != null)
+document.write('<td><input type="text" length="128" size="40" name="uid" value="'+result.header.sd_uid+'" /></td>');
+else
+document.write('<td><input type="text" length="128" size="40" name="uid" value="" /></td>');
+document.write('</tr>');
+document.write('</tr>');
+document.write('<th>Password:</th>');
+                                                                                
+if (result.header.sd_pwd != null)
+document.write('<td><input type="password" length="64" size="40" name="pwd" value="'+result.header.sd_pwd+'" autocomplete="off" /></td>');
+else
+document.write('<td><input type="password" length="64" size="40" name="pwd" value="" autocomplete="off" /></td>');
+document.write('</tr>');
+document.write('<input type=hidden name=url value="'+result.header.url+'">');
+document.write('</table>');
+</script>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<div align="right">
+<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> 
+</div>
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/ca/sendCookie.template b/dogtag/ca-ui/shared/webapps/ca/admin/ca/sendCookie.template
new file mode 100644
index 000000000..8f2e62e4d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/ca/sendCookie.template
@@ -0,0 +1,97 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>CA Admin Send Cookie</title>
+    <link rel="shortcut icon" href="/ca/img/favicon.ico" />
+    <link rel="stylesheet" href="/ca/css/rhn-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366" onLoad="document.cookieForm.submit()">
+
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/ca/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Sending Session ID ...
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<script language=javascript>
+document.write('<form name="cookieForm" method="post" action="'+result.header.url+'">');
+</script>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+    document.write('<tr valign="TOP">');
+    document.write('<td>');
+    document.write('<input type="hidden" name="session_id" value="'+result.header.session_id+'">');
+    document.write('</td></tr>');
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</form>
+</center>
+  <div id="footer">
+  </div>
+
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/cms-funcs.js b/dogtag/ca-ui/shared/webapps/ca/admin/cms-funcs.js
new file mode 100644
index 000000000..c8ffd51c7
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/cms-funcs.js
@@ -0,0 +1,538 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+
+function checkClientTime()
+{
+   var speed;
+   var server_date = new Date(serverdate); 
+   var client_date = new Date();
+   var zone = client_date.getTimezoneOffset(); 
+   var timediff = 0;
+
+   var serverutc = server_date.getTime();
+   var clientutc = client_date.getTime();
+
+   var offset = clientutc - serverutc;
+   if (offset >0) { 
+      speed = 'fast'; 
+      } else { 
+	  speed = 'slow'; 
+   } 
+   timediff = Math.round(Math.abs(offset/1000/60)); 
+
+    if (timediff > 10) { 
+       msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed  +
+             '\n\nYou may encounter problems using your certificate\n' +
+			 'as your clock is set incorrectly.\n\n' +
+			 'According to the server, the time is:\n  ' + server_date +
+			 '\n\nPlease correct your clock before proceeding with enrollment'+
+             '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+			 'If you change your timezone, you may need to restart your browser\n'+
+             'before continuing.';
+			 alert(msg);
+			 return false;
+       }
+	return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.E != null) {
+	    if (E.value != '') {
+		if (doubleQuotes(E.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    E.value = '';
+		    E.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+	    }
+	}
+	if (form.CN!= null) {
+	    if (CN.value != '') {
+		if (doubleQuotes(CN.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    CN.value = '';
+		    CN.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+	    }
+        }
+	if (form.UID1 != null) {
+	    if (UID1.value != '') {
+		if (doubleQuotes(UID1.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    UID1.value = '';
+		    UID1.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+	    }
+        }
+	if (form.OU != null) {
+	    if (OU.value != '') {
+		if (doubleQuotes(OU.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    OU.value = '';
+		    OU.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+	    }  
+        }
+	if (form.O != null) {
+	    if (O.value != '') {
+		if (doubleQuotes(O.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    O.value = '';
+		    O.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+	    }  
+	}
+	if (form.L != null) {
+	    if (L.value != '') {
+		if (doubleQuotes(L.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    L.value = '';
+		    L.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+	    }
+	}
+	if (form.ST != null) {
+	    if (ST.value != '') {
+		if (doubleQuotes(ST.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    ST.value = '';
+		    ST.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+	    }
+	}
+	if (form.C != null) {
+	    if (C.value != '') {
+		if (doubleQuotes(C.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    C.value = '';
+		    C.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.OU.value == '') && (form.O.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.CN.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+	// DEBUG 
+	//alert(form.subject);
+
+    with (form) {
+		if (email != null) {
+	   		if (E.value == "" && email.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (CN.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+	return true;
+    }
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day ) {
+        alert(fieldName + " is invalid");
+	return null;
+     }
+     else 
+     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (asPattern) { 
+   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+   }
+   else if (value != "")
+   	list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+    with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+    	makeComponent(result,"E",E.value,asPattern);
+    	makeComponent(result,"CN",CN.value,asPattern);
+    	makeComponent(result,"UID",UID.value,asPattern);
+    	makeComponent(result,"OU",OU.value,asPattern);
+    	makeComponent(result,"O",O.value,asPattern);
+   	makeComponent(result,"L",L.value,asPattern);
+    	makeComponent(result,"ST",ST.value,asPattern);
+	makeComponent(result,"C",C.value,asPattern);
+    }
+    if (result.length == 0)
+    	return asPattern ? "0 == 0" : "0 == 1";
+    else 
+        return "subject" + ( asPattern ? " ~= " : " == ") +
+    				escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/graphics/gray90.gif b/dogtag/ca-ui/shared/webapps/ca/admin/graphics/gray90.gif
new file mode 100644
index 000000000..c6f811102
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/graphics/gray90.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/graphics/hr.gif b/dogtag/ca-ui/shared/webapps/ca/admin/graphics/hr.gif
new file mode 100644
index 000000000..14f8acf92
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/graphics/hr.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/graphics/spacer.gif b/dogtag/ca-ui/shared/webapps/ca/admin/graphics/spacer.gif
new file mode 100644
index 000000000..13acffe53
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/graphics/spacer.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/helpfun.js b/dogtag/ca-ui/shared/webapps/ca/admin/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) { 
+
+     var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500"); 
+
+     HelpWin.location = helptopic;
+     HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+     window.status = helpline;
+
+     return true;
+
+}
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/admin/index.html b/dogtag/ca-ui/shared/webapps/ca/admin/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/admin/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenError.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenError.template
new file mode 100644
index 000000000..33133ce3d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenError.template
@@ -0,0 +1,80 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Processing Error!</TITLE>
+</HEAD>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+    document.write(result.fixed.errorDetails);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+	document.writeln('<P>');
+    document.write('Additional Information:');
+	document.writeln('<P>');
+    document.write('<BLOCKQUOTE><B><PRE>');
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].errorDescription != null) {
+			document.writeln(result.recordSet[i].errorDescription);
+		}
+	}
+	document.writeln('</UL>');
+	document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenPending.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenPending.template
new file mode 100644
index 000000000..50d23ee31
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenPending.template
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Request Pending</TITLE>
+
+</HEAD>
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null) 
+	authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.writeln('<P>');
+	document.write('Your can check on the status of your request with ');
+	document.write('an authorized agent or local administrator ');
+	document.writeln('by referring to this request ID.'); 
+} else {
+    document.write('<B>not provided.</B> ');
+    document.write('<P>');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenRejected.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenRejected.template
new file mode 100644
index 000000000..81d12641a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenRejected.template
@@ -0,0 +1,84 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Request Rejected</TITLE>
+</HEAD>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null) {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+	document.writeln('No further details provided.');
+}
+else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].policyMessage != null) {
+			document.writeln(result.recordSet[i].policyMessage);
+		}
+	}
+	document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+	document.write('<B>not provided</B>.');
+	document.writeln('<P>');
+	document.write(
+		'Please consult your local administrator for further assistance.');
+} else {
+	document.write('<B>'+result.fixed.requestId+'</B>. ');
+	document.writeln('<P>');
+	document.write(
+		'You can contact an authorized agent or local administrator for ');
+	document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenSuccess.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenSuccess.template
new file mode 100644
index 000000000..f3531f0b9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenSuccess.template
@@ -0,0 +1,46 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Generic Request Success</TITLE>
+</HEAD>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null) 
+	authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenSvcPending.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenSvcPending.template
new file mode 100644
index 000000000..584402c69
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+	document.write(result.fixed.remoteAuthorityName);
+else
+	document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.write('<P>');
+	document.write('Your can check on status of your request with an '+
+				   'authorized agent or local administrator by referring '+
+				   'to this request ID.');
+} else {
+    document.write('not provided. ');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenUnauthorized.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenUnauthorized.template
new file mode 100644
index 000000000..f0016cdfa
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenUnauthorized.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Generic Unauthorized</TITLE>
+</head>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/GenUnexpectedError.template b/dogtag/ca-ui/shared/webapps/ca/agent/GenUnexpectedError.template
new file mode 100644
index 000000000..b00295c2f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT type="text/javascript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/EnrollSuccess.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/EnrollSuccess.template
new file mode 100644
index 000000000..a2f8e499d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/EnrollSuccess.template
@@ -0,0 +1,219 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+</HEAD>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Enrollment Success
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<p>
+
+<SCRIPT type="text/javascript">
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+
+document.writeln('Congratulations a certificate has been issued and ' +
+'the administrator now has Certificate Manager Agent privileges.' +
+'You can now go to '+
+'<a href="' + result.fixed.scheme + '://' + result.fixed.host +
+':' + result.fixed.port+ '/agent/ca">' + 'the agent page</a>' +
+' to process any pending requests.');
+
+document.writeln('<P>');
+document.writeln('Issued Certificates: </font>');
+document.writeln('<P>');
+document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">');
+document.writeln('  <tr> ');
+document.writeln('    <td>&nbsp;</td>');
+document.writeln('  </tr>');
+document.writeln('</table>');
+
+if (result.recordSet == null) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+}
+else if (result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('0');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+
+			document.write('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Serial number ');
+			document.writeln('&nbsp; 0x' + result.recordSet[i].serialNo);
+			document.writeln('</font><br>');
+
+			document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+			document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+			document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+			document.writeln('Certificate contents</font></td></tr></table>');
+
+			document.writeln('<pre>');
+			document.write(result.recordSet[i].certPrettyPrint);
+			document.writeln('</pre>');
+			document.writeln('<p>');
+			document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+			document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+			document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+			document.writeln('Base 64 encoded certificate</font></td></tr></table>');
+			document.writeln('<p><pre>');
+			document.writeln(result.recordSet[i].base64Cert);
+			document.writeln('</pre>');
+		}
+	}
+	// document.writeln('</UL>');
+
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+document.writeln('<P>');
+
+// import certs if cartman.
+if (navigator.appName == 'Netscape' && 
+	typeof(crypto.version) != "undefined" &&
+	typeof(result.fixed.crmfReqId) != "undefined") {
+	
+//		window.location = result.fixed.scheme + "://" +
+//		result.fixed.host + ":" + result.fixed.port +
+//		"/ca/getAdminCertBySerial?serialNumber=" +
+//		record.serialNo +
+//		"&importCert=true";
+
+	var errors = crypto.importUserCertificates(null, 
+			result.fixed.cmmfResponse, false);
+
+	if (errors != '') {
+		document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+		document.writeln(
+			'<b>ERROR</b>Could not import the certificate into your browser '+
+			'using nickname '+result.fixed.certNickname+'.<p>');
+		document.writeln(
+			'The following error message was returned by the browser '+
+			'when importing the certificate:');
+		document.writeln('</font>');
+		document.writeln('<BLOCKQUOTE><PRE>');
+		document.writeln(errors);
+		document.writeln('</PRE></BLOCKQUOTE>');
+	}
+	else {
+		document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+		document.writeln(
+			'Your certificate was successfully imported to the browser '+
+			'with nickname '+result.fixed.certNickname);
+		document.writeln('</font>');
+	}
+
+	// crypto.importUserCertificates(result.fixed.certNickname,
+	//	result.fixed.cmmfResponse, false);
+} else if (navigator.appName == 'Netscape' && 
+                typeof(crypto.version) == "undefined") {
+        // non Cartman
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/ca/getAdminCertBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+}
+
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+	Sub ImportCertificate
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+
+	ImportCertificate()
+
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ImportCert.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ImportCert.template
new file mode 100644
index 000000000..4b828ca6f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ImportCert.template
@@ -0,0 +1,191 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+</HEAD>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate(s)
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+
+function navMajorVersion()
+{
+	return parseInt(
+		navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+	document.writeln('<B><PRE>');
+	document.writeln('No more information on your certificate is provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</B></PRE>');
+} else {
+	//document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			document.write('Serial number: ');
+			document.write('<B> 0x'+result.recordSet[i].serialNo+'</B>');
+			document.writeln('<P>');
+			document.write('Certificate in Base 64 encoded form:<BR>');
+			document.write('<PRE>');
+			document.writeln(result.recordSet[i].base64Cert);
+			document.write('</PRE>');
+			document.writeln('<P>');
+			document.write('Certificate Content: <BR>');
+			document.write('<PRE>');
+			document.writeln(result.recordSet[i].certPrettyPrint);
+			document.write('</PRE>');
+		}
+	}
+	//document.writeln('</UL>');
+}
+document.writeln('<P>');
+
+
+// NOTE: importUserCertificate should be done before this point  but 
+// it creates a javascript error that clobbers the result variable set in 
+// the template. 
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && 
+	typeof(crypto.version) != "undefined" && 
+        typeof(result.fixed.crmfReqId) != "undefined") {
+	//alert('certNickname is '+result.fixed.certNickname);
+	//alert(result.fixed.cmmfResponse);
+	var errors = crypto.importUserCertificates(null,
+				 result.fixed.cmmfResponse, false);
+	// var errors = crypto.importUserCertificates(result.fixed.certNickname,
+	//			 result.fixed.cmmfResponse, false);
+
+	// NOTE: Alpha-1 version of cartman always returns a non-empty string 
+	// from importUserCertificates() so we can only always assume succcess. 
+	// Uncomment the following line and add appropriate javascripts/messages 
+	// for use with a later version of cartman.
+	// This is fixed in Alpha-3. For use with alpha-3 uncomment the lines
+
+	if (errors != '') {
+
+		document.writeln(
+			'<b>ERROR</b>Could not import the certificate into your browser '+
+			'using nickname '+result.fixed.certNickname+'.<p>');
+		document.writeln(
+			'The following error message was returned by the browser '+
+			'when importing the certificate:');
+		document.writeln('<PRE>');
+		document.writeln(errors);
+		document.writeln('</PRE>');
+	}
+	else {
+		document.writeln(
+		'Your certificate was successfully imported to the browser '+
+		'with nickname '+result.fixed.certNickname);
+	}
+	// removed this block for use with cartman Alpha-3.
+	//{ 
+	//document.writeln(
+		//'NOTE: Although the certificate was issued, the browser '+
+		//'may or may not have successfully imported the certificate. '+
+		//'The following was returned by the browser when importing '+
+		//'the certificate:');
+	//document.writeln('<PRE>');
+	//document.writeln(errors);
+	//document.writeln('</PRE>');
+	//document.writeln(
+	//'If there was an error message you can import the certificate again '+
+	//'by going to the end entity port and list the certificate by '+
+	//'its serial number.');
+	//}
+}
+
+//-->
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+	Sub ImportCertificate
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+
+	ImportCertificate()
+-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ListRequests.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ListRequests.html
new file mode 100644
index 000000000..8043cbb3e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ListRequests.html
@@ -0,0 +1,112 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>List Certificate Service Requests</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript" SRC="/ca/agent/funcs.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+<script type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    if (form.lastEntryOnPage.value != "") {
+        if (isDecimalNumber(form.lastEntryOnPage.value) ||
+            isHexNumber(form.lastEntryOnPage.value)) {
+            form.lastEntryOnPage.value = trim(form.lastEntryOnPage.value);
+        } else {
+            alert("You must specify a hexadecimal or decimal number " +
+                  "for the starting request identifier.");
+            return;
+        }
+    }
+    form.submit();
+}
+//-->
+</script>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">List Requests<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to show a list of certificate requests.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="queryReq" METHOD=POST>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td valign="top" align="right">
+       <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Request type:</font>
+    </td>
+    <td valign="top">
+      <SELECT NAME="reqType">
+      <OPTION SELECTED VALUE="enrollment">Show enrollment requests</OPTION>
+      <OPTION VALUE="renewal">Show renewal request</OPTION>
+      <OPTION VALUE="revocation">Show revocation requests</OPTION>
+      <OPTION VALUE="showAll">Show all requests</OPTION>
+      </SELECT>
+    </td>
+  </tr>
+  <tr>
+    <td valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Request status:</font>
+    </td>
+    <td valign="top">
+      <SELECT NAME="reqState">
+      <OPTION SELECTED VALUE="showWaiting">Show pending requests</OPTION>
+      <OPTION VALUE="showCancelled">Show canceled requests</OPTION>
+      <OPTION VALUE="showRejected">Show rejected requests</OPTION>
+      <OPTION VALUE="showCompleted">Show completed requests</OPTION>
+      <OPTION VALUE="showAll">Show all requests</OPTION>
+      </SELECT>
+    </td>
+  </tr>
+  <tr>
+    <td  valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Starting request number:<br></font>
+    </td>
+    <td><INPUT TYPE="TEXT" NAME="lastEntryOnPage" VALUE="0" SIZE=10 MAXLENGTH=99></td>
+  </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%" BACKGROUND="/graphics/gray90.gif">
+  <TR>
+    <TD align="right" bgcolor="#e5e5e5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+      <INPUT TYPE="hidden" NAME="direction" VALUE="first">
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=7 MAXLENGTH=99 VALUE="20">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+      <!-- <INPUT TYPE="button" VALUE="Help" width="72"
+	    onClick="help('http://www.redhat.com/docs/manuals/cert-system#Listing Certificate Requests')">  -->
+    </TD>
+  </TR>
+</TABLE>
+ 
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileApprove.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileApprove.template
new file mode 100644
index 000000000..6e0558df9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileApprove.template
@@ -0,0 +1,165 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Manage Certificate Profiles<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a certificate profile.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+<form name="ReqForm" method="post" action="profileApprove">
+<script type="text/javascript">
+if (errorCode == 0) {
+document.writeln('<br>');
+document.writeln('<b><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information:</font></b>');
+document.writeln('<table>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Id:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Name:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<a href="profileSelect?profileId=' + profileId + '">');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileName);
+document.writeln('</font>');
+document.writeln('</a>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Description:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileIsEnable);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved By:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+if (profileEnableBy != 'null') {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileEnableBy);
+document.writeln('</font>');
+}
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<input type=hidden name=profileId value="' + 
+  profileId + '">');
+document.writeln('<p>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Policy Information:</b>');
+document.writeln('</font>');
+document.writeln('<p>');
+for (var i = 0; i < policySetListSet.length; i++) {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Policy Set: ' + policySetListSet[i].setId);
+document.writeln('</font>');
+document.writeln('<p>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=10%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>#</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Extensions / Fields</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<b>Constraints</b>');
+document.writeln('</td>');
+document.writeln('</tr>');
+  for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+  document.writeln('<tr valign=top>');
+  document.writeln('<td>');
+  document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(policySetListSet[i].policySet[j].policyId);
+  document.writeln('</font>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+  document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(policySetListSet[i].policySet[j].defDesc);
+  document.writeln('</font>');
+  document.writeln('<br>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+  document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(policySetListSet[i].policySet[j].conDesc);
+  document.writeln('</font>');
+  document.writeln('</td>');
+  document.writeln('</tr>');
+  } // for
+document.writeln('</table>');
+document.writeln('<p>');
+} // for
+document.writeln('<p>');
+document.writeln('<p>');
+if (profileIsEnable == 'true') {
+  document.writeln('<input type=submit name=Disable value="Disable">');
+} else {
+  document.writeln('<input type=submit name=Approve value="Approve">');
+}
+} else {
+  document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.write('Sorry, your operation is not successful. The error code is "' + errorReason + '".');
+  document.writeln('</font>');
+}
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileList.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileList.template
new file mode 100644
index 000000000..1514ad754
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileList.template
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Manage Certificate Profiles<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a certificate profile.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+<script type="text/javascript">
+document.writeln('<table style="font-family: PrimaSans BT, Verdana, sans-serif; font-size: 75%;">');
+document.writeln('<tr style="font-weight: bold;">');
+document.writeln('<td width=40%>');
+document.writeln('Certificate Profile Name');
+document.writeln('</td>');
+document.writeln('<td width=40%>');
+document.writeln('Description');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('End User Certificate Profile');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('Approved');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('By');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < recordSet.length; i++) {
+  document.writeln('<tr>');
+  document.writeln('<td>');
+  document.writeln('<a href="profileSelect?profileId=' + 
+    recordSet[i].profileId + '">');
+  document.writeln(recordSet[i].profileName);
+  document.writeln('</a>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+  document.writeln(recordSet[i].profileDesc);
+  document.writeln('</td>');
+  document.writeln('<td>');
+  document.writeln(recordSet[i].profileIsVisible);
+  document.writeln('</td>');
+  document.writeln('<td>');
+  document.writeln(recordSet[i].profileIsEnable);
+  document.writeln('</td>');
+  document.writeln('<td>');
+  if (recordSet[i].profileEnableBy != 'null') {
+    document.writeln(recordSet[i].profileEnableBy);
+  }
+  document.writeln('</td>');
+  document.writeln('</tr>');
+} // for
+document.writeln('</table>');
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileProcess.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileProcess.template
new file mode 100644
index 000000000..70e7b2ae8
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileProcess.template
@@ -0,0 +1,179 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+
+<script type="text/javascript">
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
+if (typeof(requestId) != "undefined") {
+    document.writeln(requestId);
+}
+document.writeln('<br></font>');
+</script>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+
+<script type="text/javascript">
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Information:</b>');
+document.writeln('</FONT>');
+document.writeln('<table border=1 width=100%>');
+if (typeof(requestId) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td width=30%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request ID:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<a href="profileReview?requestId=' + requestId + '">');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestId);
+document.writeln('</FONT>');
+document.writeln('</a>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(requestType) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Type:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestType);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(requestStatus) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Status:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestStatus);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(profileId) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Id:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(op) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Operation Requested:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(op);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(errorCode) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Error Code:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(errorCode);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+if (typeof(errorReason) != "undefined") {
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Error Reason:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(errorReason);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+}
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('</table>');
+if (typeof(requestStatus) != "undefined" && requestStatus == 'complete') {
+  document.writeln('<table width=100%>');
+for (var i = 0; i < outputListSet.length; i++) {
+    document.writeln('<tr valign=top>');
+    document.writeln('<td>');
+    document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+    document.writeln('<li>');
+    document.writeln(outputListSet[i].outputName);
+    document.writeln('</FONT>');
+    document.writeln('</td>');
+    document.writeln('<tr valign=top>');
+    document.writeln('</tr>');
+    document.writeln('<td>');
+    if (outputListSet[i].outputSyntax == 'string') {
+      document.writeln(addEscapes(outputListSet[i].outputVal));
+    } else if (outputListSet[i].outputSyntax == 'pretty_print') {
+      document.writeln('<pre>');
+      document.writeln(addEscapes(outputListSet[i].outputVal));
+      document.writeln('</pre>');
+    }
+    document.writeln('</td>');
+    document.writeln('</tr>');
+}
+   document.writeln('</table>');
+}
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileReview.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileReview.template
new file mode 100644
index 000000000..4e27f5245
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileReview.template
@@ -0,0 +1,404 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<style>
+TABLE { border-spacing: 0 0; }
+</style>
+
+<script type="text/javascript">
+function escapeValue(value)
+{
+   return value.replace(/"/g,'&quot;');
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+document.writeln('<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Request ');
+document.writeln(requestId);
+document.writeln('<br></font>');
+</script>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif"
+width="100%">
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+<script type="text/javascript">
+if (requestStatus == 'pending') {
+  document.writeln('<form method=post action="profileProcess">');
+  document.writeln('<input type=hidden name=requestId value=' + requestId + '>');
+}
+document.writeln('<p>');
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Request Information</FONT></TD></TR></TABLE>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request ID:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Type:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestType);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Request Status:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestStatus);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Requestor Host:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileRemoteHost);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Assigned To:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestOwner);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Creation Time:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestCreationTime);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Modification Time:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(requestModificationTime);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Information</FONT></TD></TR></TABLE>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Id:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Approved By:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileApprovedBy);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Name:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileName);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Description:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+if (requestStatus != 'pending') {
+  document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
+  document.writeln('<table width=100% border=1>');
+  document.writeln('<tr>');
+  document.writeln('<td>');
+  document.writeln(requestNotes);
+  document.writeln('</td>');
+  document.writeln('</tr>');
+  document.writeln('</table>');
+  document.writeln('<p>');
+}
+if (profileIsVisible == 'true') {
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Inputs</FONT></TD></TR></TABLE>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Id</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=40%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Input Names</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Input Values</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < inputListSet.length; i++) {
+  document.writeln('<tr>');
+  document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(inputListSet[i].inputId);
+document.writeln('</FONT>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(inputListSet[i].inputName);
+document.writeln('</FONT>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(addEscapes(inputListSet[i].inputVal));
+document.writeln('</FONT>');
+  document.writeln('</td>');
+  document.writeln('</tr>');
+}
+document.writeln('</table>');
+document.writeln('<p>');
+}
+if (requestStatus == 'complete') {
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate Profile Outputs</FONT></TD></TR></TABLE>');
+for (var i = 0; i < outputListSet.length; i++) {
+    document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+    document.writeln('<li>');
+    document.writeln(outputListSet[i].outputName);
+    document.writeln('</FONT>');
+    document.writeln('<p>');
+    if (outputListSet[i].outputSyntax == 'string') {
+      document.writeln(outputListSet[i].outputVal);
+    } else if (outputListSet[i].outputSyntax == 'pretty_print') {
+      document.writeln('<pre>');
+      document.writeln(outputListSet[i].outputVal);
+      document.writeln('</pre>');
+    } else if (outputListSet[i].outputSyntax == 'der_b64') {
+      document.writeln('<pre>');
+      document.writeln('-----BEGIN CERTIFICATE-----');
+      document.writeln(outputListSet[i].outputVal);
+      document.writeln('-----END CERTIFICATE-----');
+      document.writeln('</pre>');
+    }
+    document.writeln('</p>');
+}
+}
+if (requestStatus == 'pending') {
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Policy Information</FONT></TD></TR></TABLE>');
+document.writeln('<table>');
+document.writeln('<tr>');
+document.writeln('<td width=20%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Set Id:</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileSetId);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=10%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>#</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Extensions / Fields</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Constraints</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < recordSet.length; i++) {
+  document.writeln('<tr valign=top>');
+  document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(recordSet[i].policyId);
+document.writeln('</FONT>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(recordSet[i].defDesc);
+document.writeln('</FONT>');
+  document.writeln('<p>');
+  document.writeln('<table width=100%>');
+  for (var j = 0; j < recordSet[i].defListSet.length; j++) {
+    document.writeln('<tr valign=top>');
+    if (typeof(recordSet[i].defListSet[j].defName) != 'undefined') {
+      document.writeln('<td width=30%><i>');
+      document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(recordSet[i].defListSet[j].defName + ':');
+      document.writeln('</FONT>');
+      document.writeln('</i></td>');
+      document.writeln('<td width=70%>');
+      if (recordSet[i].defListSet[j].defConstraint == 'readonly') {
+          document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+          document.writeln(recordSet[i].defListSet[j].defVal);
+          document.writeln('</FONT>');
+      } else {
+        if (recordSet[i].defListSet[j].defSyntax == 'string') {
+          document.writeln('<input size=32 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + escapeValue(recordSet[i].defListSet[j].defVal) + '">');
+        } else if (recordSet[i].defListSet[j].defSyntax == 'string_list') {
+          document.writeln('<textarea cols=40 rows=5 name="' + recordSet[i].defListSet[j].defId + '">' + recordSet[i].defListSet[j].defVal + '</textarea>');
+        } else if (recordSet[i].defListSet[j].defSyntax == 'integer') {
+          document.writeln('<input size=6 type=text name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
+        } else if (recordSet[i].defListSet[j].defSyntax == 'image_url') {
+          document.writeln('<img border=0 src="' + recordSet[i].defListSet[j].defVal + '">');
+          document.writeln('<input type=hidden name="' + recordSet[i].defListSet[j].defId + '" value="' + recordSet[i].defListSet[j].defVal + '">');
+        } else if (recordSet[i].defListSet[j].defSyntax == 'choice') {
+          document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
+	  var c = recordSet[i].defListSet[j].defConstraint.split(',');
+          for(var k = 0; k < c.length; k++) {
+            if (recordSet[i].defListSet[j].defVal == c[k]) {
+              document.writeln('<option selected value=' + c[k] + '>');
+	    } else { 
+              document.writeln('<option value=' + c[k] + '>');
+            }
+            document.writeln(c[k]);
+            document.writeln('</option>');
+          }
+
+          document.writeln('</select>');
+        } else if (recordSet[i].defListSet[j].defSyntax == 'boolean') {
+          document.writeln('<select name="' + recordSet[i].defListSet[j].defId + '">');
+          if (recordSet[i].defListSet[j].defVal == 'true') {
+            document.writeln('<option selected value=true>true</option>');
+            document.writeln('<option value=false>false</option>');
+          } else {
+            document.writeln('<option value=true>true</option>');
+            document.writeln('<option selected value=false>false</option>');
+          }
+          document.writeln('</select>');
+        }
+      }
+      document.writeln('</td>');
+    }
+    document.writeln('</tr>');
+  }
+  document.writeln('</table>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(recordSet[i].conDesc);
+document.writeln('</FONT>');
+  document.writeln('</td>');
+  document.writeln('</tr>');
+} // for
+document.writeln('</table>'); 
+document.writeln('<p>');
+document.writeln('<TABLE width=100%><TR><TD valign="top" align="left" colspan="3" bgcolor="#e5e5e5"><FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">Additional Notes</FONT></TD></TR></TABLE>');
+document.writeln('<textarea cols=40 rows=5 name="requestNotes">' + requestNotes + '</textarea>');
+document.writeln('<p>');
+     document.writeln('<SELECT NAME="op">');
+     document.writeln('<OPTION VALUE="update">Update request</OPTION>');
+     document.writeln('<OPTION VALUE="validate">Validate request</OPTION>');
+     document.writeln('<OPTION SELECTED VALUE="approve">Approve request</OPTION>');
+     document.writeln('<OPTION VALUE="reject">Reject request</OPTION>');
+     document.writeln('<OPTION VALUE="cancel">Cancel request</OPTION>');
+     document.writeln('<OPTION VALUE="assign">Assign request</OPTION>');
+     document.writeln('<OPTION VALUE="unassign">Unassign request</OPTION>');
+     document.writeln('</SELECT>');
+if (typeof(nonce) != "undefined") {
+     document.writeln("<INPUT TYPE=hidden name=nonce value=\"" + nonce +"\">");
+}
+document.writeln('<input type=submit name=submit value=submit>');
+document.writeln('</form>');
+} // if
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileSelect.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileSelect.template
new file mode 100644
index 000000000..4c7139d69
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/ProfileSelect.template
@@ -0,0 +1,175 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Approve Certificate Profile<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a certificate profile.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+<form name="ReqForm" method="post" action="profileApprove">
+<script type="text/javascript">
+document.writeln('<br>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Information:</b>');
+document.writeln('</font>');
+document.writeln('<table>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Id:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileId);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile Name:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileName);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Description:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('End User Certificate Profile:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileIsVisible);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileIsEnable);
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Approved By:');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td>');
+if (profileEnableBy != 'null') {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileEnableBy);
+document.writeln('</font>');
+}
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<input type=hidden name=profileId value="' + 
+  profileId + '">');
+document.writeln('<p>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Policy Information:</b>');
+document.writeln('</font>');
+document.writeln('<p>');
+for (var i = 0; i < policySetListSet.length; i++) {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Policy Set: ' + policySetListSet[i].setId);
+document.writeln('</font>');
+document.writeln('<p>');
+document.writeln('<table border=1 width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=10%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>#</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Extensions / Fields</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('<td width=45%>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Constraints</b>');
+document.writeln('</font>');
+document.writeln('</td>');
+document.writeln('</tr>');
+  for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+  document.writeln('<tr valign=top>');
+  document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(policySetListSet[i].policySet[j].policyId);
+document.writeln('</font>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(policySetListSet[i].policySet[j].defDesc);
+document.writeln('</font>');
+  document.writeln('<br>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(policySetListSet[i].policySet[j].conDesc);
+document.writeln('</font>');
+  document.writeln('</td>');
+  document.writeln('</tr>');
+  } // for
+document.writeln('</table>');
+document.writeln('<p>');
+} // for
+document.writeln('<p>');
+document.writeln('<p>');
+if (profileIsEnable == 'true') {
+  document.writeln('<input type=submit name=Disable value="Disable">');
+} else {
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln('<input type=submit name=Approve value="Approve">');
+document.writeln('</font>');
+}
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchCert.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchCert.html
new file mode 100644
index 000000000..27350286d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchCert.html
@@ -0,0 +1,1790 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Search for Certificates</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search.  Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+    if (document.serialNumberRangeCritForm.inUse.checked) {
+      document.queryForm.serialNumberRangeInUse.value = 'on';
+    }
+    document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value;
+    document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value;
+    return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        canonicalFrom =
+            trim(document.serialNumberRangeCritForm.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isNumber(canonicalFrom,16)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+    }
+
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        canonicalTo =
+            trim(document.serialNumberRangeCritForm.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isNumber(canonicalTo,16)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+        document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Status</font></b>
+<FORM NAME="statusCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that are 
+<select NAME="status">
+<option value="VALID">VALID
+<option value="INVALID">INVALID
+<option value="REVOKED">REVOKED
+<option value="EXPIRED">EXPIRED
+<option value="REVOKED_EXPIRED">REVOKED & EXPIRED
+</select>
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function statusCritInUse()
+{
+    if (document.statusCritForm.inUse.checked) {
+      document.queryForm.statusInUse.value = 'on';
+    }
+    document.queryForm.status.value = document.statusCritForm.status.value;
+    return document.statusCritForm.inUse.checked;
+}
+function statusRangeCrit()
+{
+      return "(certStatus=" + document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank. 
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank.  Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+    if (document.subjectCritForm.inUse.checked) {
+      document.queryForm.subjectInUse.value = 'on';
+    }
+    document.queryForm.eMail.value = document.subjectCritForm.eMail.value;     document.queryForm.commonName.value = document.subjectCritForm.commonName.value;
+    document.queryForm.userID.value = document.subjectCritForm.userID.value;
+    document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value;
+    document.queryForm.org.value = document.subjectCritForm.org.value;     document.queryForm.locality.value = document.subjectCritForm.locality.value;    document.queryForm.state.value = document.subjectCritForm.state.value;
+    document.queryForm.country.value = document.subjectCritForm.country.value;
+    if (document.subjectCritForm.match[1].checked) {
+      document.queryForm.match.value = 'partial';
+    } else {
+      document.queryForm.match.value = 'exact';
+    }
+    return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+    return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by:</font>&nbsp;
+<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=8>Remove certificate from CRL
+<OPTION VALUE=9>Privilege withdrawn
+<OPTION VALUE=10>AA key compromised
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function revokedByCritInUse()
+{
+    if (document.revokedByCritForm.inUse.checked) {
+      document.queryForm.revokedByInUse.value = 'on';
+    }
+    document.queryForm.revokedBy.value = document.revokedByCritForm.revokedBy.value;
+    return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+    if (document.revokedByCritForm.revokedBy.value.length == 0) {
+        alert("User id in 'revoked by' filter is empty");
+    	return null;
+    }
+    return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+    if (document.revokedOnCritForm.inUse.checked) {
+      document.queryForm.revokedOnInUse.value = 'on';
+    }
+    d = convertToTime(document.revokedOnFrom);
+    if (d != null) {
+      document.queryForm.revokedOnFrom.value = d;
+    }
+    d = convertToTime(document.revokedOnTo);
+    if (d != null) {
+      document.queryForm.revokedOnTo.value = d;
+    }
+    return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.revokedOnFrom)) {
+    	from = convertDate(document.revokedOnFrom, 
+			"Start date for revocation time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certRevokedOn>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.revokedOnTo)) {
+    	to = convertDate(document.revokedOnTo, 
+			"End date for revocation time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certRevokedOn<=" + to + ")";
+    }
+  
+    if (from == null && to == null) {
+        alert("You must enter a date for revocation time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Revocation time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+    if (document.revocationReasonCritForm.inUse.checked) {
+      document.queryForm.revocationReasonInUse.value = 'on';
+    }
+    var values = new Array();
+    var next = 0;     for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {         if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+          values[next++] = i;
+        }
+    }
+    document.queryForm.revocationReason.value = values;
+    return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+    var crit = new Array();
+    var sum = null;
+    var next = 0;
+
+    for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+        if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+            crit[next++] = "(x509cert.certRevoInfo="+i+")";
+        }
+    }
+    sum = nsjoin(crit,"");
+    if (next > 1) {
+        sum = "(|" + sum + ")"
+    } else if (next < 1) {
+        alert("You must select at least one revocation reason.");
+        return null;
+    }
+    return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="profileCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued according to the profile:</font>&nbsp;
+<INPUT TYPE="text" NAME="profile" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+    if (document.issuedByCritForm.inUse.checked) {
+      document.queryForm.issuedByInUse.value = 'on';
+    }
+    document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value;
+    return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+    if (document.issuedByCritForm.issuedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+    	return null;
+    }
+    return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function profileCritInUse()
+{
+    if (document.profileCritForm.inUse.checked) {
+      document.queryForm.profileInUse.value = 'on';
+    }
+    document.queryForm.profile.value = document.profileCritForm.profile.value;
+    return document.profileCritForm.inUse.checked;
+}
+function profileCrit()
+{
+    if (document.profileCritForm.profile.value.length == 0) {
+        alert("Profile id in 'issued according to the profile' filter is empty");
+    	return null;
+    }
+    return "(certMetaInfo=profileId:"+ document.profileCritForm.profile.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+    if (document.issuedOnCritForm.inUse.checked) {
+      document.queryForm.issuedOnInUse.value = 'on';
+    }
+    d = convertToTime(document.issuedOnFrom);
+    if (d != null) {
+      document.queryForm.issuedOnFrom.value = d;
+    }
+    d = convertToTime(document.issuedOnTo);
+    if (d != null) {
+      document.queryForm.issuedOnTo.value = d;
+    }
+    return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.issuedOnFrom)) {
+    	from = convertDate(document.issuedOnFrom, 
+			"Start date for issue time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certCreateTime>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.issuedOnTo)) {
+    	to = convertDate(document.issuedOnTo, 
+			"End date for issue time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certCreateTime<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for issue time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Issue time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+    if (document.validNotBeforeCritForm.inUse.checked) {
+      document.queryForm.validNotBeforeInUse.value = 'on';
+    }
+    d = convertToTime(document.validNotBeforeFrom);
+    if (d != null) {
+      document.queryForm.validNotBeforeFrom.value = d;
+    }
+    d = convertToTime(document.validNotBeforeTo);
+    if (d != null) {
+      document.queryForm.validNotBeforeTo.value = d;
+    }
+    return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotBeforeFrom)) {
+    	from = convertDate(document.validNotBeforeFrom, 
+		"Start date for the validity beginning time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotBeforeTo)) {
+    	to = convertDate(document.validNotBeforeTo, 
+		"End date for the validity beginning time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for validity beginning range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Validity beginning time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+    if (document.validNotAfterCritForm.inUse.checked) {
+      document.queryForm.validNotAfterInUse.value = 'on';
+    }
+    d = convertToTime(document.validNotAfterFrom);
+    if (d != null) {
+      document.queryForm.validNotAfterFrom.value = d;
+    }
+    d = convertToTime(document.validNotAfterTo);
+    if (d != null) {
+      document.queryForm.validNotAfterTo.value = d;
+    }
+    return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotAfterFrom)) {
+    	from = convertDate(document.validNotAfterFrom, 
+		"Start date for the expiration time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509cert.notAfter>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotAfterTo)) {
+    	to = convertDate(document.validNotAfterTo, 
+		"End date for the expiration time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509cert.notAfter<=" + to + ")";
+    }
+    
+    if (from == null && to == null) {
+        alert("You must enter a date for expiration time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Expiration time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a validity period:</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> 
+<OPTION VALUE="31536000000">Year(s)</OPTION> 
+</SELECT> 
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+    if (document.validityLengthCritForm.inUse.checked) {
+      document.queryForm.validityLengthInUse.value = 'on';
+    }
+    document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value;
+    document.queryForm.count.value = document.validityLengthCritForm.count.value;
+    document.queryForm.unit.value = document.validityLengthCritForm.unit.value;
+    return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+   with(document.validityLengthCritForm) {
+	if(!isNumber(count.value,10)) {
+	       alert("Invalid number specified in validity length criterion");
+	       return null;
+	}
+ 
+    return "(x509cert.duration" + 
+    		validityOp.options[validityOp.selectedIndex].value +
+			(count.value * unit.options[unit.selectedIndex].value) +")";
+    }
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Basic Constraints</b></font>
+
+<FORM NAME="basicConstraintsForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show CA certificates (based on Basic Constraints extension).</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<SCRIPT type="text/javascript">
+<!--
+function basicConstraintsInUse()
+{
+    if (document.basicConstraintsForm.inUse.checked) {
+      document.queryForm.basicConstraintsInUse.value = 'on';
+    }
+    return document.basicConstraintsForm.inUse.checked;
+}
+
+function basicConstraints()
+{
+    var result = '(x509cert.BasicConstraints.isCA=on)';
+
+    return result;
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT type="text/javascript">
+<!--
+function certTypeCritInUse()
+{
+    if (document.certTypeCritForm.inUse.checked) {
+      document.queryForm.certTypeInUse.value = 'on';
+    }
+    document.queryForm.SSLClient.value = document.certTypeCritForm.SSLClient.value;
+    document.queryForm.SSLServer.value = document.certTypeCritForm.SSLServer.value;
+    document.queryForm.SecureEmail.value = document.certTypeCritForm.SecureEmail.value;
+    document.queryForm.SubordinateSSLCA.value = document.certTypeCritForm.SubordinateSSLCA.value;
+    document.queryForm.SubordinateEmailCA.value = document.certTypeCritForm.SubordinateEmailCA.value;
+    return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+    var result = '';
+    var count = 0;
+
+    for (var i = 1; i < document.certTypeCritForm.length; i++) {
+        var sel = document.certTypeCritForm[i].selectedIndex;
+        if (sel > 0) {
+            count++;
+            result += '(x509cert.nsExtension.' +
+                      document.certTypeCritForm[i].name + '='+
+                      document.certTypeCritForm[i].options[sel].value + ')';
+        }
+    }
+    if (count == 0) {
+        alert("At least one of the certificate types must be selected");
+        return null;
+    }
+
+    return result;
+}
+//-->
+</SCRIPT>
+
+
+<br>
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    if (serialNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+            return;
+    }	
+    if (statusCritInUse()) {
+        if ((andFilter[critCount++] = statusRangeCrit()) == null)
+            return;
+    }	
+    if (subjectCritInUse()) {
+        if ((andFilter[critCount++] = subjectCrit()) == null)
+            return;
+    }
+
+    if (revokedOnCritInUse()) {
+        if ((andFilter[critCount++] = revokedOnCrit()) == null)
+            return;
+    }
+    if (revokedByCritInUse()) {
+        if ((andFilter[critCount++] = revokedByCrit()) == null)
+            return;
+    }
+    if (revocationReasonCritInUse()) {
+        if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+            return;
+    }
+    if (issuedOnCritInUse()) {
+        if ((andFilter[critCount++] = issuedOnCrit()) == null)
+            return;
+    }
+    if (issuedByCritInUse()) {
+        if ((andFilter[critCount++] = issuedByCrit()) == null)
+            return;
+    }
+    if (profileCritInUse()) {
+        if ((andFilter[critCount++] = profileCrit()) == null)
+            return;
+    }
+    if (validNotBeforeCritInUse()) {
+        if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+            return;
+    }
+    if (validNotAfterCritInUse()) {
+        if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+            return;
+    }
+    if (validityLengthCritInUse()) {
+        if ((andFilter[critCount++] = validityLengthCrit()) == null)
+            return;
+    }
+    if (certTypeCritInUse()) {
+        if ((andFilter[critCount++] = certTypeCrit()) == null)
+            return;
+    }
+    if (basicConstraintsInUse()) {
+        if ((andFilter[critCount++] = basicConstraints()) == null)
+            return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+    }
+
+    var f = nsjoin(andFilter,"");
+    if (f.length == 0) f = "(certRecordId=*)";
+    form.queryCertFilter.value = "(&"+f+")";
+
+    form.op.value = "srchCerts";
+
+    form.submit();	
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="statusInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="status" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="eMail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="commonName" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="userID" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="org" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="locality" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="state" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="country" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="match" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReasonInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReason" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="profileInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="profile" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="basicConstraintsInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="count" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="unit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="certTypeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateEmailCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateSSLCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SecureEmail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLClient" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLServer" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Maximum results:</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Time limit (in seconds):</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#Advanced Certificate Search')"> -->
+	</td>
+  </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchRequests.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchRequests.html
new file mode 100644
index 000000000..8565b1b90
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchRequests.html
@@ -0,0 +1,384 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Search for Requests</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Requests
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the request.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search.  Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Request ID Range</font></b>
+<FORM NAME="requestNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest request id:</font></td>
+<td><INPUT TYPE="TEXT" NAME="requestFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest request id:</font></td>
+<td><INPUT TYPE="TEXT" NAME="requestTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of request IDs in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function requestNumberRangeCritInUse()
+{
+    return document.requestNumberRangeCritForm.inUse.checked;
+}
+
+function requestNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.requestNumberRangeCritForm.requestFrom.value != "") {
+        canonicalFrom =
+            trim(document.requestNumberRangeCritForm.requestFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            alert("You must specify a decimal value " + 
+              "for the low end of the request number range.");
+            return null;
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the request number range.");
+            return null;
+        }
+        crit[next++] = "(requestId>=" + canonicalFrom + ")";
+    }
+
+    if (document.requestNumberRangeCritForm.requestTo.value != "") {
+        canonicalTo =
+            trim(document.requestNumberRangeCritForm.requestTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            alert("You must specify a decimal value " + 
+              "for the high end of the request number range.");
+            return null;
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the request number range.");
+            return null;
+        }
+        crit[next++] = "(requestId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.requestNumberRangeCritForm.requestFrom.value != "" &&
+        document.requestNumberRangeCritForm.requestTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Request Type</font></b>
+<FORM NAME="typeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that are of
+<select NAME="type">
+<option value="ENROLLMENT">enrollment
+<option value="RENEWAL">renewal
+<option value="REVOCATION">revocation
+<option value="ALL">any
+</select>
+type
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function typeCritInUse()
+{
+    return document.typeCritForm.inUse.checked;
+}
+function typeRangeCrit()
+{
+      if (document.typeCritForm.type.options[document.typeCritForm.type.selectedIndex].value == "ALL")
+          return "(requesttype=*)";
+      else
+          return "(requesttype=" + document.typeCritForm.type.options[document.typeCritForm.type.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Request Status</font></b>
+<FORM NAME="statusCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" CHECKED NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that are in
+<select NAME="status">
+<option value="PENDING">pending
+<option value="CANCELED">canceled
+<option value="REJECTED">rejected
+<option value="COMPLETE">completed
+<option value="ALL">any
+</select>
+status
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function statusCritInUse()
+{
+    return document.statusCritForm.inUse.checked;
+}
+function statusRangeCrit()
+{
+      if (document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value == "ALL")
+          return "(requeststate=*)";
+      else
+          return "(requeststate=" + document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+
+<br>
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    if (requestNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = requestNumberRangeCrit()) == null)
+            return;
+    }	
+    if (typeCritInUse()) {
+        if ((andFilter[critCount++] = typeRangeCrit()) == null)
+            return;
+    }	
+    if (statusCritInUse()) {
+        if ((andFilter[critCount++] = statusRangeCrit()) == null)
+            return;
+    }	
+
+    if (ownerCritInUse()) {
+        critCount++;
+        if (checkEmptyField() == null)
+            return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+    }
+
+    var f = nsjoin(andFilter,"");
+    if (f.length == 0) f = "(requestId=*)";
+    form.queryRequestFilter.value = "(&"+f+")";
+
+    form.op.value = "srchRequests";
+
+    form.submit();	
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="searchReqs" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryRequestFilter" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Request Owner</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" CHECKED NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show requests that belong to the user specified as below:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="owner" VALUE="self"> self </font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="owner" VALUE="others"> uid=
+<INPUT TYPE="TEXT" NAME="uid" SIZE=10 MAXLENGTH=99></font>
+</td>
+</tr>
+</table>
+<br>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Maximum results:</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Time limit (in seconds):</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+</table>
+<br>
+
+
+
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+	</td>
+  </tr>
+</table>
+
+</form>
+<SCRIPT type="text/javascript">
+//<!--
+function ownerCritInUse()
+{
+    if (!document.queryForm.inUse.checked) {
+        document.queryForm.owner[0].value = "";
+        document.queryForm.owner[1].value = "";
+        document.queryForm.uid.value = "";
+    }
+    return document.queryForm.inUse.checked;
+}
+function checkEmptyField()
+{
+    if (document.queryForm.owner[1].checked) {
+        if (document.queryForm.uid.value.length == 0) {
+            alert("uid field cannot be empty.");
+            return null;
+        }
+    }
+
+    return "";
+}
+
+</SCRIPT>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchRevokeCert.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchRevokeCert.html
new file mode 100644
index 000000000..71384109d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/SrchRevokeCert.html
@@ -0,0 +1,1209 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Revoke Certificates</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke Certificates</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to revoke a set of certificates determined by one
+or more properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the set of certificates to be revoked.
+Check the box at the top of the section if you want to use that
+filter in your search, then complete the fields.  Leave a box
+unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+<p>
+You will be given a chance to examine the certificates before
+they are revoked.
+</font>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+    if (document.serialNumberRangeCritForm.inUse.checked) {
+      document.queryForm.serialNumberRangeInUse.value = 'on';
+    }
+    document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value;
+    document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value;
+    return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        canonicalFrom =
+            trim(document.serialNumberRangeCritForm.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isNumber(canonicalFrom,16)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+    }
+
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        canonicalTo =
+            trim(document.serialNumberRangeCritForm.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isNumber(canonicalTo,16)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+        document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank. 
+<br><br>
+Exact match method revokes certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank.  Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method revokes certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+    if (document.subjectCritForm.inUse.checked) {
+        document.queryForm.subjectInUse.value = 'on';
+    }
+    document.queryForm.eMail.value = document.subjectCritForm.eMail.value;
+    document.queryForm.commonName.value = document.subjectCritForm.commonName.value;
+    document.queryForm.userID.value = document.subjectCritForm.userID.value;
+    document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value;
+    document.queryForm.org.value = document.subjectCritForm.org.value;
+    document.queryForm.locality.value = document.subjectCritForm.locality.value;
+    document.queryForm.state.value = document.subjectCritForm.state.value;
+    document.queryForm.country.value = document.subjectCritForm.country.value;
+    if (document.subjectCritForm.match[1].checked) {
+        document.queryForm.match.value = 'partial';
+    } else {
+        document.queryForm.match.value = 'exact';
+    }
+    return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+    return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse">
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued during the period:</font>
+</td>
+</FORM>
+<tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+    if (document.issuedByCritForm.inUse.checked) {
+      document.queryForm.issuedByInUse.value = 'on';
+    }
+    document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value;
+    return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+    if (document.issuedByCritForm.issuedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+        return null;
+    }
+    return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+    if (document.issuedOnCritForm.inUse.checked) {
+        document.queryForm.issuedOnInUse.value = 'on';
+    }
+    d = convertToTime(document.issuedOnFrom);
+    if (d != null) {
+        document.queryForm.issuedOnFrom.value = d;
+    }
+    d = convertToTime(document.issuedOnTo);
+    if (d != null) {
+        document.queryForm.issuedOnTo.value = d;
+    }
+    return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.issuedOnFrom)) {
+        from = convertDate(document.issuedOnFrom, 
+                           "Start date for issue time range criterion");
+        if (from == null) return null;
+        crit[next++] = "(certCreateTime>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.issuedOnTo)) {
+        to = convertDate(document.issuedOnTo, 
+                         "End date for issue time range criterion");
+        if (to == null) return null;
+        crit[next++] = "(certCreateTime<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for issue time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+        alert("Invalid issuance time range");
+		return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates effective during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+    if (document.validNotBeforeCritForm.inUse.checked) {
+        document.queryForm.validNotBeforeInUse.value = 'on';
+    }
+    d = convertToTime(document.validNotBeforeFrom);
+    if (d != null) {
+        document.queryForm.validNotBeforeFrom.value = d;
+    }
+    d = convertToTime(document.validNotBeforeTo);
+    if (d != null) {
+        document.queryForm.validNotBeforeTo.value = d;
+    }
+    return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotBeforeFrom)) {
+        from = convertDate(document.validNotBeforeFrom, 
+               "Start date for the validity beginning time range criterion");
+        if (from == null) return null;
+        crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotBeforeTo)) {
+        to = convertDate(document.validNotBeforeTo, 
+             "End date for the validity beginning time range criterion");
+        if (to == null) return null;
+        crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for validity beginning range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+        alert("Invalid effective time range");
+		return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates expire during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+    if (document.validNotAfterCritForm.inUse.checked) {
+        document.queryForm.validNotAfterInUse.value = 'on';
+    }
+    d = convertToTime(document.validNotAfterFrom);
+    if (d != null) {
+        document.queryForm.validNotAfterFrom.value = d;
+    }
+    d = convertToTime(document.validNotAfterTo);
+    if (d != null) {
+        document.queryForm.validNotAfterTo.value = d;
+    }
+    return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotAfterFrom)) {
+        from = convertDate(document.validNotAfterFrom, 
+               "Start date for the expiration time range criterion");
+        if (from == null) return null;
+        crit[next++] = "(x509cert.notAfter>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotAfterTo)) {
+        to = convertDate(document.validNotAfterTo, 
+             "End date for the expiration time range criterion");
+        if (to == null) return null;
+        crit[next++] = "(x509cert.notAfter<=" + to + ")";
+    }
+    
+    if (from == null && to == null) {
+        alert("You must enter a date for the expiration time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+        alert("Expiration time range specified is empty");
+        return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a validity period:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> 
+<OPTION VALUE="31536000000">Year(s)</OPTION> 
+</SELECT> 
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+    if (document.validityLengthCritForm.inUse.checked) {
+        document.queryForm.validityLengthInUse.value = 'on';
+    }
+    document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value;
+    document.queryForm.count.value = document.validityLengthCritForm.count.value;
+    document.queryForm.unit.value = document.validityLengthCritForm.unit.value;
+    return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+    with(document.validityLengthCritForm) {
+
+    if (!isNumber(count.value,10)) {
+        alert("Invalid number specified in validity length criterion");
+        return null;
+    }
+ 
+    return "(x509cert.duration" + 
+           validityOp.options[validityOp.selectedIndex].value +
+           (count.value * unit.options[unit.selectedIndex].value) +")";
+    }
+}
+//-->
+</SCRIPT>
+
+
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    if (serialNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+            return;
+    }	
+    if (subjectCritInUse()) {
+        if ((andFilter[critCount++] = subjectCrit()) == null)
+            return;
+    }
+    if (issuedOnCritInUse()) {
+        if ((andFilter[critCount++] = issuedOnCrit()) == null)
+            return;
+    }
+    if (issuedByCritInUse()) {
+        if ((andFilter[critCount++] = issuedByCrit()) == null)
+            return;
+    }
+    if (validNotBeforeCritInUse()) {
+        if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+            return;
+    }
+    if (validNotAfterCritInUse()) {
+        if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+        return;
+    }
+    if (validityLengthCritInUse()) {
+        if ((andFilter[critCount++] = validityLengthCrit()) == null)
+            return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+    }
+
+    andFilter[critCount++] = "(certStatus=VALID)";
+
+    form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+    form.revokeAll.value = form.queryCertFilter.value;
+
+    form.op.value = "srchCerts";
+    form.submit();
+}
+//-->
+</SCRIPT>
+
+<br>&nbsp;
+
+<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokeAll" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="statusInUse" VALUE="on">
+<INPUT TYPE="HIDDEN" NAME="status" VALUE="VALID">
+<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="eMail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="commonName" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="userID" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="org" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="locality" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="state" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="country" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="match" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="count" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="unit" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Maximum results:</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Time limit (in seconds):</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+     <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#Searching for Certificates to Revoke')"> -->
+	</td>
+  </tr>
+</table>
+
+</form>
+
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/UpdateDir.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/UpdateDir.html
new file mode 100644
index 000000000..1d50f2507
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/UpdateDir.html
@@ -0,0 +1,367 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+   <TITLE>Update Directory Server</TITLE>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/funcs.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+
+<script type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    if ((!form.updateAll.checked) && (!form.updateCRL.checked) &&
+        (!form.updateCA.checked) && (!form.updateValid.checked) &&
+        (!form.updateExpired.checked) && (!form.updateRevoked.checked)) {
+        alert("You must choose at least one updating selection on this form.");
+        return;
+    }
+
+    if (form.updateAll.checked || form.updateValid.checked) {
+    	var canonicalFrom = "", canonicalTo = "";
+    
+    	if ( form.validFrom.value!= "") {
+    	    canonicalFrom = 
+    		trim(form.validFrom.value);
+    	}
+    
+    	if (canonicalFrom != "") {
+	    if (!isDecimalNumber(canonicalFrom)) {
+		if (isNumber(canonicalFrom, 16)) {
+		    canonicalFrom = "0x" +
+			removeColons(stripPrefix(canonicalFrom));
+		} else {
+		    alert("You must specify a decimal or hexadecimal value" + 
+			"for the low end of the serial number range of valid certificates.");
+		    return;
+		}
+	    }
+	    if (isNegative(canonicalFrom)) {
+		alert("You must specify a positive value for the low " +
+		       "end of the serial number range of valid certificates.");
+		return;
+	    }
+	    form.validFrom.value = canonicalFrom;
+    	}
+    	
+    	if ( form.validTo.value!= "") {
+	    canonicalTo = 
+		trim(form.validTo.value);
+    	}
+    	
+    	if (canonicalTo != "") {
+	    if (!isDecimalNumber(canonicalTo)) {
+		if (isNumber(canonicalTo, 16)) {
+		    canonicalTo = "0x" +
+			removeColons(stripPrefix(canonicalTo));
+		} else {
+		    alert("You must specify a decimal or hexadecimal value" + 
+			"for the high end of the serial number range of valid certificates.");
+		    return;
+		}
+	    }
+	    if (isNegative(canonicalTo)) {
+		alert("You must specify a positive value for the high " +
+		       "end of the serial number range of valid certificates.");
+		return;
+	    }
+	    form.validTo.value = canonicalTo;
+    	}
+    	
+    	/* Can't do this using parseInt*/
+    	/*
+    	if (form.validFrom.value != "" && form.validTo.value != "" ) {
+	    if (parseInt(form.validFrom.value) > parseInt(form.validTo.value)) {
+		alert("The low end of the range is larger than the high end.");
+		return;
+	    }
+        }
+        */
+    }
+
+    if (form.updateAll.checked || form.updateExpired.checked) {
+    	var canonicalFrom = "", canonicalTo = "";
+    
+    	if ( form.expiredFrom.value!= "") {
+    	    canonicalFrom = 
+    		trim(form.expiredFrom.value);
+    	}
+    
+    	if (canonicalFrom != "") {
+	    if (!isDecimalNumber(canonicalFrom)) {
+		if (isNumber(canonicalFrom, 16)) {
+		    canonicalFrom = "0x" +
+			removeColons(stripPrefix(canonicalFrom));
+		} else {
+		    alert("You must specify a decimal or hexadecimal value" + 
+			"for the low end of the serial number range of expired certificates.");
+		    return;
+		}
+	    }
+	    if (isNegative(canonicalFrom)) {
+		alert("You must specify a positive value for the low " +
+		       "end of the serial number range of expired certificates.");
+		return;
+	    }
+	    form.expiredFrom.value = canonicalFrom;
+    	}
+    	
+    	if ( form.expiredTo.value!= "") {
+	    canonicalTo = 
+		trim(form.expiredTo.value);
+    	}
+    	
+    	if (canonicalTo != "") {
+	    if (!isDecimalNumber(canonicalTo)) {
+		if (isNumber(canonicalTo, 16)) {
+		    canonicalTo = "0x" +
+			removeColons(stripPrefix(canonicalTo));
+		} else {
+		    alert("You must specify a decimal or hexadecimal value" + 
+			"for the high end of the serial number range of expired certificates.");
+		    return;
+		}
+	    }
+	    if (isNegative(canonicalTo)) {
+		alert("You must specify a positive value for the high " +
+		       "end of the serial number range of expired certificates.");
+		return;
+	    }
+	    form.expiredTo.value = canonicalTo;
+    	}
+    	
+    	/* Can't do this using parseInt*/
+    	/*
+        if (form.expiredFrom.value != "" && form.expiredTo.value != "") {
+            if (parseInt(form.expiredFrom.value) > parseInt(form.expiredTo.value)) {
+                alert("The low end of the range for expired certificates " +
+                      "is larger than the high end.");
+                return;
+            }
+        }
+        */
+    }
+
+    if (form.updateAll.checked || form.updateRevoked.checked) {
+    	var canonicalFrom = "", canonicalTo = "";
+    
+    	if ( form.revokedFrom.value!= "") {
+    	    canonicalFrom = 
+    		trim(form.revokedFrom.value);
+    	}
+    
+    	if (canonicalFrom != "") {
+	    if (!isDecimalNumber(canonicalFrom)) {
+		if (isNumber(canonicalFrom, 16)) {
+		    canonicalFrom = "0x" +
+			removeColons(stripPrefix(canonicalFrom));
+		} else {
+		    alert("You must specify a decimal or hexadecimal value" + 
+			"for the low end of the serial number range of revoked certificates.");
+		    return;
+		}
+	    }
+	    if (isNegative(canonicalFrom)) {
+		alert("You must specify a positive value for the low " +
+		       "end of the serial number range of revoked certificates.");
+		return;
+	    }
+	    form.revokedFrom.value = canonicalFrom;
+    	}
+    	
+    	if ( form.revokedTo.value!= "") {
+	    canonicalTo = 
+		trim(form.revokedTo.value);
+    	}
+    	
+    	if (canonicalTo != "") {
+	    if (!isDecimalNumber(canonicalTo)) {
+		if (isNumber(canonicalTo, 16)) {
+		    canonicalTo = "0x" +
+			removeColons(stripPrefix(canonicalTo));
+		} else {
+		    alert("You must specify a decimal or hexadecimal value" + 
+			"for the high end of the serial number range of revoked certificates.");
+		    return;
+		}
+	    }
+	    if (isNegative(canonicalTo)) {
+		alert("You must specify a positive value for the high " +
+		       "end of the serial number range of revoked certificates.");
+		return;
+	    }
+	    form.revokedTo.value = canonicalTo;
+    	}
+    	
+    	/* Can't do this using parseInt*/
+    	/*
+        if (form.revokedFrom.value != "" && form.revokedTo.value != "") {
+            if (parseInt(form.revokedFrom.value) > parseInt(form.revokedTo.value)) {
+                alert("The low end of the range for revoked certificates " +
+                      "is larger than the high end.");
+                return;
+            }
+        }
+        */
+    }
+
+    form.submit();
+}
+//-->
+</script>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Update Directory Server</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+In most cases, the directory is updated automatically with
+the latest changes to certificates and certificate revocation lists.
+In a few situations, however, you may need to update the directory manually.
+Use this form to make updates manually.
+<p>
+<b>Note:</b>&nbsp; Any certificates issued or revoked during
+the update may not be reflected in the directory.
+You can use this form again to update those certificates.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="updateDir" METHOD=POST>
+<table>
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="checkFlag" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Skip certificates already marked as updated.</font></td>
+</tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Check one or more of these boxes.</font>
+
+<table>
+<tr>
+<td VALIGN=topline><INPUT TYPE="CHECKBOX" NAME="updateAll" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update everything in the database to the directory.
+<br>(This will include all selections below.)</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateCRL" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update the certificate revocation list to the directory.</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateCA" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update Certificate Manager certificate to the directory.</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateValid" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Update valid certificates to the directory.</font></td>
+</tr>
+
+<tr> <td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+From serial number:</font></td>
+<td><input type=text size=10 name=validFrom>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr> 
+
+<tr> <td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To serial number:</font></td>
+<td><input type=text size=10 name=validTo>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateExpired" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Remove expired certificates from the directory.</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+From serial number:</font></td>
+<td><input type=text size=10 name=expiredFrom>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To serial number:</font></td>
+<td><input type=text size=10 name=expiredTo>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+
+<tr>
+<td valign = topline><INPUT TYPE="CHECKBOX" NAME="updateRevoked" VALUE="yes"></td>
+<td colspan=2><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Remove revoked certificates from the directory.</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+From serial number:</font></td>
+<td><input type=text size=10 name=revokedFrom>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+
+<tr><td></td>
+<td align="right"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To serial number:</font></td>
+<td><input type=text size=10 name=revokedTo>&nbsp;
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+
+<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <INPUT TYPE="button" VALUE="Update Directory" width="72" onClick="doSubmit(this.form);">&nbsp;
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#Manual Directory Updates')"> -->
+	</td>
+  </tr>
+</table>
+
+</form>
+
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/blank.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/blank.html
new file mode 100644
index 000000000..e41af69c4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/blank.html
@@ -0,0 +1,27 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC">
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/bulkissuance.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/bulkissuance.template
new file mode 100644
index 000000000..01f57455d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/bulkissuance.template
@@ -0,0 +1,24 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+</HEAD>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/cloneRedirect.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/cloneRedirect.template
new file mode 100644
index 000000000..ef763e83f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/cloneRedirect.template
@@ -0,0 +1,41 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Feature Unavailable to Clones</TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Feature Unavailable to Clones
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<SCRIPT LANGUAUGE="JavaScript">
+    document.writeln('This is a clone CA.  The feature you want is not available.<br>');
+    document.writeln('You might find the information on the \<a href=\"'+result.header.masterURL+'\" target=\"_top\"\>master CA\<\/a\>');
+</SCRIPT>
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/confirmRevocation.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/confirmRevocation.template
new file mode 100644
index 000000000..c1061affa
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/confirmRevocation.template
@@ -0,0 +1,212 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<TITLE>Certificate Revocation Confirmation</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript">
+//<!--
+function validate(form)
+{
+    with (form) {
+		return true;
+	}
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+    sign = "-";
+    number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+    absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year;
+}
+//-->
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Revocation Confirmation</font><br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Please confirm certificate revocation by selecting appropriate revocation reason(s) and submitting the form.</font><br><br>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP">
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this
+      request you must use the browser environment in which you have access to your authentication certificate and key. </font></td>
+  </tr>
+</table>
+<br><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<b>Certificate Details</b><br>
+The details of the certificate being revoked are below:
+</font>
+<br><br>
+
+<table border="0" cellspacing="2">
+  <tr valign="TOP">
+    <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">Serial Number:</font></td>
+    <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">
+<SCRIPT type="text/javascript">
+		  document.write(toHex(result.header.serialNumber));
+</SCRIPT>
+        </font></td>
+  </tr>
+  <tr valign="TOP">
+    <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">Subject Name:</font></td>
+    <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">
+<SCRIPT type="text/javascript">
+		  document.write( result.header.subjectName);
+</SCRIPT>
+        </font></td>
+  </tr>
+  <tr valign="TOP">
+    <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">Valid:</font></td>
+    <td><font size="-2" face="PrimaSans BT, Verdana, sans-serif">
+<SCRIPT type="text/javascript">
+document.write('not before: '+ renderDateFromSecs(result.header.validNotBefore) +' and not after' + renderDateFromSecs(result.header.validNotAfter));
+</SCRIPT>
+        </font></td>
+  </tr>
+</table>
+
+
+<form method="post" action="doRevoke" onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+	<tr>
+      <td valign="TOP" colspan="2"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Select Revocation Reason<br>
+        </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Please select one or more reasons for revocation.</font></td>
+    </tr>
+    <tr>
+      <td>
+        <table border="0" cellspacing="0" cellpadding="0">
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" checked name="revocationReason" value="0">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Unspecified</font></td>
+		  </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="1">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key compromised</font></td>
+		  </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="2">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">CA Key Compromised</font></td>
+		  </tr>
+		  </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="3">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Affiliation changed</font></td>
+	    </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="4">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate superceded</font></td>
+	    </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="5">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Cessation of operation</font></td>
+	    </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="6">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate is on hold</font></td>
+	    </tr>
+		<tr>
+		  <td width="1%">
+            <input type="RADIO" name="revocationReason" value="9">
+		  </td>
+		  <td width="99%"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Privilege withdrawn</font></td>
+	    </tr>
+        </table>
+      </td>
+    </tr>
+    <tr>
+      <td colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional
+        comments if any, regarding this request</b><br>
+        Please write any additional comments directed to the person who will process
+        your certificate request. </font></td>
+    </tr>
+    <tr>
+      <td> 
+        <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr>
+      <td colspan="2">
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc">
+          <tr>
+            <td>
+              <div> 
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="op" value="DoRevocation">
+				<input type="hidden" name="templateType" value="RevocationSuccess">
+                <input type="reset" value="Reset" name="reset" width="72">
+                <!-- <input type="button" value="Help" 
+					onclick="help('http://www.redhat.com/docs/manuals/cert-system#Confirming a Revocation')" name="button" width="72"> -->
+<SCRIPT type="text/javascript">
+document.write("<INPUT TYPE=hidden name=serialNumber value=\"" + 
+result.header.serialNumber +"\">");
+</SCRIPT>
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayBySerial.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayBySerial.template
new file mode 100644
index 000000000..4f2d6f2d5
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayBySerial.template
@@ -0,0 +1,298 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display Certificate</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<CMS_TEMPLATE>
+</head>
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+
+function getReason(reasonId)
+{
+    var reason = "";
+    reasonDescription = new Array("unspecified",
+                                  "key compromised",
+                                  "CA key compromised",
+                                  "affiliation changed",
+                                  "certificate superceded",
+                                  "cessation of operation",
+                                  "certificate is on hold",
+                                  "unspecified",
+                                  "remove from CRL",
+                                  "privilege withdrawn",
+                                  "AA key compromised");
+
+    if (reasonId >= 0 && reasonId < reasonDescription.length) {
+        reason = reasonDescription[reasonId];
+    } else {
+        reason = "Unknown reason";
+    }
+
+    return reason;
+}
+
+function doReload()
+{
+    if (navigator.appName == "Netscape") {
+        document.reloadForm.submit();
+    }
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+//-->
+</SCRIPT>
+
+<body onResize=doReload() bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT type="text/javascript">
+//<!--
+document.write('&nbsp; 0x0' + result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+	typeof(crypto.version) != "undefined") {
+	document.write(
+		'<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT type="text/javascript">
+document.write(addEscapes(result.header.certPrettyPrint));
+</SCRIPT>
+</pre>
+
+<SCRIPT type="text/javascript">
+//<!--
+if (result.header.revocationReason != null) {
+    Reason = new Array("Unspecified", "Key Compromise", "CA Compromise", "Affiliation Changed");
+    document.write('<p>\n');
+    document.write('<table border="0" cellspacing="2" cellpadding="2" width="100%">\n');
+    document.write('<tr align="left" bgcolor="#e5e5e5"><td align="left">\n');
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">\n');
+    document.write('Certificate revocation reason</font></td></tr></table>\n');
+    document.write('<p><font size=-1 face="PrimaSans BT, Verdana, sans-serif">\n');
+    document.write('This certificate is revoked from the following reason:&nbsp;');
+    document.write('</font>\n');
+    document.write('<font size=-1 face="PrimaSans BT, Verdana, sans-serif" color="red">\n');
+    document.write(getReason(result.header.revocationReason)+'\n');
+    document.write('</font>\n');
+
+    if (result.header.revocationReason == 6) {  // on hold
+        document.write("<center>");
+        var loc = 'doUnrevoke?serialNumber=0x'+ result.header.serialNumber;
+        loc = loc + '&cmmfResponse=true';
+        document.write('<form>\n'+
+                       '<INPUT TYPE=\"button\" VALUE=\"Take Certificate Off Hold\"'+
+                       ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+                       '</form>\n');
+        document.write("</center><br>");
+    } else {
+        document.write('<br>&nbsp;\n');
+    }
+}
+//-->
+</SCRIPT>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT type="text/javascript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<p>
+Base 64 encoded certificate with CA certificate chain in pkcs7 format
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE CHAIN-----
+<SCRIPT type="text/javascript">
+document.write(result.header.pkcs7ChainBase64);
+</SCRIPT>
+-----END CERTIFICATE CHAIN-----
+</pre>
+
+<br><p>
+
+<SCRIPT type="text/javascript">
+//<!--
+if (result.header.noCertImport != null && result.header.noCertImport == false) {
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Importing this certificate</font></td></tr></table>');
+    document.writeln('<p><font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('To import the certificate into your client, click the following button.');
+    document.writeln('</font><p>');
+}
+//-->
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+    Sub ImportCertificate_OnClick
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+-->
+</SCRIPT>
+
+<SCRIPT type="text/javascript">
+document.write("<center>");
+var loc = 'getBySerial?serialNumber='+ result.header.serialNumber;
+if (navigator.appName == "Netscape") {
+	loc = loc + '&importCert=true';
+	if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+		loc = loc + '&cmmfResponse=true';
+	}
+}
+if (result.header.noCertImport != null && result.header.noCertImport == false) {
+    document.write('<form>\n'+
+            '<INPUT TYPE=\"button\" VALUE=\"Import Your Certificate\"'+
+            ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+            '</form>\n');
+}
+
+if (navigator.appName == "Netscape" &&
+    result.header.emailCert != null &&
+    result.header.emailCert == true &&
+    result.header.noCertImport != null &&
+    result.header.noCertImport == false) {
+    var loc1 = '/ca/getBySerial?serialNumber='+ result.header.serialNumber;
+	if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+		loc1 = loc1 + '&cmmfResponse=true';
+	}
+	else {
+		loc1 = loc1 + '&importCert=true&emailCert=true';
+	}
+	document.write('<form>\n'+
+					'<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+
+					' onClick=\"location.href=\''+ loc1 + '\'\">\n'+
+					'</form>\n');
+}
+
+document.write("</center>");
+
+document.write('<form name=reloadForm action=displayBySerial>\n'+
+               '<INPUT TYPE="HIDDEN" NAME="serialNumber" VALUE="'+
+               '0x'+result.header.serialNumber+'">\n</form>\n');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayBySerial2.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayBySerial2.template
new file mode 100644
index 000000000..5c700da66
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayBySerial2.template
@@ -0,0 +1,131 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display Certificate</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<CMS_TEMPLATE>
+</head>
+
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT type="text/javascript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+    navMajorVersion() > 3 &&
+	typeof(crypto.version) != "undefined") {
+	document.write(
+		'<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="art/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT type="text/javascript">
+document.write(result.header.certPrettyPrint);
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE CHAIN-----
+<SCRIPT type="text/javascript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE CHAIN-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Downloading this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To download the certificate into your system, click the following button.
+</font>
+<p>
+
+<SCRIPT type="text/javascript">
+document.write("<center>");
+var loc = '/ca/getBySerial?serialNumber='+ result.header.serialNumber;
+document.write('<form>\n'+
+			   '<INPUT TYPE=\"button\" VALUE=\"Download This Certificate\"'+
+			   ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+			   '</form>\n');
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayCRL.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayCRL.template
new file mode 100644
index 000000000..b3f0a50a0
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayCRL.template
@@ -0,0 +1,217 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<SCRIPT type="text/javascript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Certificate Revocation List
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT type="text/javascript">
+<!--
+if (result.header.crlNumber != null &&
+    result.header.crlSize != null &&
+    result.header.crlIssuingPoint != null) {
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate revocation list summary</font></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('CRL issuing point:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.crlIssuingPoint+'</font></td></tr>');
+
+    if (result.header.crlDisplayType != null &&
+        result.header.crlDisplayType == "deltaCRL" &&
+        result.header.deltaCRLSize == null &&
+        result.header.error != null) {
+        document.writeln('<tr><td align="right" width="40%">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Status:</font></td>');
+        document.writeln('<td align="left">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln(result.header.error+'</font></td></tr>');
+    } else {
+        document.writeln('<tr><td align="right" width="40%">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('CRL number:</font></td>');
+        document.writeln('<td align="left">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln(result.header.crlNumber+'</font></td></tr>');
+        document.writeln('<tr><td align="right" width="40%">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Number of CRL entries:</font></td>');
+        document.writeln('<td align="left">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (result.header.deltaCRLSize != null) {
+            document.writeln(result.header.deltaCRLSize+'</font></td></tr>');
+        } else {
+            document.writeln(result.header.crlSize+'</font></td></tr>');
+        }
+        if (result.header.crlDescription != null) {
+            document.writeln('<tr><td align="right" width="40%">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('CRL issuing point description:</font></td>');
+            document.writeln('<td align="left">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln(result.header.crlDescription+'</font></td></tr>');
+        }
+    }
+    document.writeln('</table><br>');
+
+    if (result.header.crlPrettyPrint != null) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list contents</font></td></tr></table>');
+        document.writeln('<pre>');
+        document.writeln(result.header.crlPrettyPrint);
+        document.writeln('</pre>');
+    }
+    if (result.recordSet.length > 0) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+        document.writeln('<pre>');
+        document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+        for (var i = 0; i < result.recordSet.length; i++) {
+            document.writeln(result.recordSet[i].crlBase64Encoded);
+        }
+        document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+        document.writeln('</pre>');
+    } else if (result.header.crlBase64 != null) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+        document.writeln('<pre>');
+        document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+        document.writeln(result.header.crlBase64);
+        document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+        document.writeln('</pre>');
+    }
+} else {
+    document.writeln('Certificate revocation list is not found');
+    if (result.header.error != null) {
+        document.write('\nAdditional information:\n    ');
+        document.writeln(result.header.error);
+    }
+}
+
+function doNext()
+{
+    var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+             result.header.crlIssuingPoint: "MasterCRL";
+    var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+             result.header.crlDisplayType: "entireCRL";
+    var loc = location.protocol + '//' + location.hostname + ':' +
+              location.port + '/ca/agent/ca/displayCRL?crlIssuingPoint='+ip+
+              '&crlDisplayType='+dt+'&pageStart='+
+              (parseInt(result.header.pageStart)+parseInt(document.displayCRLForm.pageSize.value))+
+              '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+    location.href = loc;
+}
+
+function doPrevious()
+{
+    var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+             result.header.crlIssuingPoint: "MasterCRL";
+    var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+             result.header.crlDisplayType: "entireCRL";
+    var loc = location.protocol + '//' + location.hostname + ':' +
+              location.port + '/ca/agent/ca/displayCRL?crlIssuingPoint='+ip+
+              '&crlDisplayType='+dt+'&pageStart='+
+              (parseInt(result.header.pageStart)-parseInt(document.displayCRLForm.pageSize.value))+
+              '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+    location.href = loc;
+}
+
+if (result.header.crlSize != null &&
+    result.header.pageSize != null &&
+    result.header.pageStart != null &&
+    (parseInt(result.header.crlSize) > parseInt(result.header.pageSize))) {
+    document.writeln('<FORM NAME="displayCRLForm" ACTION="/ca/agent/ca/displayCRL" METHOD=POST>');
+    document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+    document.writeln('<tr><td ALIGN=LEFT BGCOLOR="#E5E5E5">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    var upperLimit = 0;
+    if (parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1 >
+        parseInt(result.header.crlSize)) {
+        upperLimit = parseInt(result.header.crlSize);
+    } else {
+        upperLimit = parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1;
+    }
+    document.writeln(result.header.pageStart+'-'+upperLimit+
+                     ' of '+result.header.crlSize+' CRL entries');
+    document.writeln('</font></td>');
+    document.writeln('<td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+    var n = 0;
+    if (parseInt(result.header.pageStart) > 1) {
+        document.writeln('<INPUT TYPE="button" VALUE="Previous" width="72"'+
+                         ' onClick="doPrevious();">&nbsp;');
+        n++;
+    }
+    if (parseInt(result.header.pageStart) + parseInt(result.header.pageSize) - 1 <
+        parseInt(result.header.crlSize)) {
+        document.writeln('<INPUT TYPE="button" VALUE="Next" width="72"'+
+                         ' onClick="doNext();">&nbsp;');
+        n++;
+    }
+    if (n > 0) {
+        document.writeln('<INPUT TYPE=text SIZE=4 MAXLENGTH=8 NAME=pageSize VALUE='+
+                         result.header.pageSize+'>&nbsp;');
+    }
+
+    document.writeln('</td></tr></table>');
+    document.writeln('</FORM>');
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayCertFromRequest.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayCertFromRequest.template
new file mode 100644
index 000000000..13bbb166b
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/displayCertFromRequest.template
@@ -0,0 +1,197 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<script type="text/javascript">
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+
+function displayCert(cert)
+{
+	document.writeln(
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="+1">'+
+		'Certificate 0x'+cert.serialNo+
+		'</font><br>');
+	document.writeln(
+		'<table border="0" cellspacing="0" cellpadding="0" '+
+		'background="/ca/agent/graphics/hr.gif" width="100%">'+
+		'<tr>'+
+		'<td>&nbsp;</td>'+
+		'</tr>'+
+		'</table>');
+
+	document.writeln(
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Certificate contents</font></td></tr></table>'+
+		'<pre>'+
+		cert.certPrettyPrint+
+		'</pre>');
+
+	document.writeln('<p>'+
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Certificate fingerprint</font></td></tr></table>'+
+		'<pre>'+
+		cert.certFingerprint+
+		'</pre>'+
+		'</font>');
+
+		document.writeln('<p>'+
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Installing this certificate in a server</font></td></tr></table>'+
+		'<p>'+
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+		'The following format can be used to install this certificate '+
+		'into a server.'+
+                '<p>' +
+                'Base 64 encoded certificate'+
+		'</font>'+
+		'<p><pre>'+
+		//'-----BEGIN CERTIFICATE-----'+
+		cert.base64Cert+
+		//'-----END CERTIFICATE-----'+
+		'</pre>');
+		document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+		'<p>'+
+		'Base 64 encoded certificate with CA certificate chain in pkcs7 format'+
+		'</font>'+
+		'<p><pre>'+
+		'-----BEGIN CERTIFICATE CHAIN-----');
+		document.writeln(cert.pkcs7ChainBase64);
+		document.writeln('-----END CERTIFICATE CHAIN-----'+
+		'</pre>');
+
+}
+
+function importCertificates(numCerts, requestId)
+{
+	var grammar = 'this';
+	var plural = '';
+	if (numCerts > 1) {
+		grammar = 'these';
+		plural = 's'
+	}
+	document.writeln( '<p>'+
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Importing certificate</font></td></tr></table>'+
+		'<p>'+
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+		'To import '+grammar+' certificate'+plural+' into your client, '+
+		'click the following button.'+
+		'</font>'+
+		'<p>');
+
+	var loc = '/ca/getCertFromRequest?requestId='+result.header.requestId;
+	if (navigator.appName == "Netscape") {
+		if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") 
+			loc = loc+'&cmmfResponse=true';
+		else 
+			loc = loc + '&importCert=true';
+	}
+
+	document.writeln('<center>');
+	document.writeln('<form>\n'+
+					 '<INPUT TYPE=\"button\" VALUE=\"Import Certificate(s)\"'+
+					 ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+					 '</form>\n');
+
+	if (navigator.appName == "Netscape" &&
+		result.header.emailCert != null &&
+		result.header.emailCert == true) {
+		var loc1 = '/ca/getCertFromRequest?requestId='+result.header.requestId;
+		if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+			loc1 = loc1 + '&cmmfResponse=true';
+		}
+		else {
+			loc1 = loc1 + '&importCert=true&emailCert=true';
+		}
+
+		document.write('<form>\n'+
+				'<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+
+				' onClick=\"location.href=\''+ loc1 + '\'\">\n'+
+				'</form>\n');
+	}
+
+	document.writeln('</center>');
+}
+</script>
+
+<!--BODY bgcolor="white"-->
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+
+
+<SCRIPT type="text/javascript">
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			displayCert(result.recordSet[i]);
+		}
+	}
+	if (result.header.noCertImport != null &&
+		result.header.noCertImport == false) {
+		importCertificates(result.recordSet.length, result.header.requestId);
+	}
+
+}
+document.writeln('<P>');
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/error.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/error.template
new file mode 100644
index 000000000..b1940a820
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/error.template
@@ -0,0 +1,56 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<CMS_TEMPLATE>
+<TITLE>Certificate Service Error</TITLE>
+</HEAD>
+<BODY bgcolor="white">
+<center><h2><b>Problem Processing Your Request</b></h2></center>
+<p>
+The certificate service encountered a problem when processing your 
+request. This problem may indicate a flaw in the form used to 
+submit your request or the values that were entered into the form. 
+The following message supplies more information about the error 
+that occurred.
+<p>
+<blockquote><b><pre>
+<SCRIPT type="text/javascript">
+if (result.header.errorDetails != null) {
+    document.write(result.header.errorDetails);
+} else {
+    document.write('Unable to provide details.  Contact Administrator.');
+}
+</SCRIPT>
+</pre></b></blockquote>
+
+<SCRIPT type="text/javascript">
+if (result.header.errorDescription != null) {
+    document.write('<p>Additional Information:<p>');
+    document.write('<blockquote><b>');
+	document.write(result.header.errorDescription);
+	document.write('</b></blockquote>');
+}
+</SCRIPT>
+<p>
+Please consult your local administrator for further assistance. 
+The certificate server's log may provide further information.
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameCRL.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameCRL.html
new file mode 100644
index 000000000..a0483c7e4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameCRL.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuCRL.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="getInfo?template=/agent/ca/toUpdateCRL" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameDir.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameDir.html
new file mode 100644
index 000000000..bcf5df10e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameDir.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuDir.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="updateDir.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameDisplayCRL.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameDisplayCRL.html
new file mode 100644
index 000000000..79a11aab6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameDisplayCRL.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuDisplayCRL.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="getInfo?template=/agent/ca/toDisplayCRL" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameList.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameList.html
new file mode 100644
index 000000000..98f514696
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameList.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuList.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="queryBySerial.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameListReq.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameListReq.html
new file mode 100644
index 000000000..c4b3d1e62
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameListReq.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuListReq.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="listRequests.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameOCSP.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameOCSP.html
new file mode 100644
index 000000000..8cc976d02
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameOCSP.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuOCSP.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="getOCSPInfo" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameProfile.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameProfile.html
new file mode 100644
index 000000000..2a15bae4c
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameProfile.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuProfile.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameRevoke.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameRevoke.html
new file mode 100644
index 000000000..ebaee6df8
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameRevoke.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuRevoke.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="srchRevokeCert.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameSearch.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameSearch.html
new file mode 100644
index 000000000..b75a6272b
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameSearch.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuSearch.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="srchCert.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameSrchRequests.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameSrchRequests.html
new file mode 100644
index 000000000..0e73ea82f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameSrchRequests.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuSrchRequests.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="SrchRequests.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameStats.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameStats.html
new file mode 100644
index 000000000..75a4dbebb
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/frameStats.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuStats.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="getStats" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/getOCSPInfo.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/getOCSPInfo.template
new file mode 100644
index 000000000..46e4ccf32
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/getOCSPInfo.template
@@ -0,0 +1,117 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+<CMS_TEMPLATE>
+</head>
+
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+OCSP Service
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT type="text/javascript">
+<!--
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Detailed Information (Since Startup)</font></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('OCSP Responses:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.numReq+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Total Signed Response Data (in bytes):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.totalData+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Processing Time (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln((result.header.totalSec-result.header.totalSignSec)+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Signing Time (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.totalSignSec+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Total Time (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.totalSec+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Signing Time Per Response (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.numReq == '0') {
+      document.writeln(result.header.numReq+'</font></td></tr>');
+    } else {
+      document.writeln((result.header.totalSignSec/result.header.numReq)+'</font></td></tr>');
+    }
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Total Time Per Response (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.numReq == '0') {
+      document.writeln(result.header.numReq+'</font></td></tr>');
+    } else {
+      document.writeln((result.header.totalSec/result.header.numReq)+'</font></td></tr>');
+    }
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Responses Per Second:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.ReqSec+'</font></td></tr>');
+    document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/getStats.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/getStats.template
new file mode 100644
index 000000000..59c59eea5
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/getStats.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT type="text/javascript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+<CMS_TEMPLATE>
+</head>
+
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Statistics
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT type="text/javascript">
+<!--
+    document.writeln('<table border="0" cellspacing="0" cellpadding="0" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Detailed Information (Start Time <b>' + header.startTime + '</b>, Current Time: <b>' + header.curTime + '</b>)</font></td><td align=right><a href="getStats?op=clear">Clear Statistics</a></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr>');
+    document.writeln('<td width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Action</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b># of operations</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Time Taken (in msec)</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Min</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Max</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Std Dev</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Avg</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Percentage</b></font></td>');
+    document.writeln('</tr>');
+    for (var i = 0; i <=  recordCount; i++) {
+      if (result.recordSet[i].name.charAt(0) == '-') {
+        document.writeln('<tr><td>');
+      } else {
+        document.writeln('<tr bgcolor="#cccccc"><td>');
+      }
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].name + '</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].noOfOp+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].timeTaken+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].min+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].max+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].stddev == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].stddev+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].avg))/100);
+      }
+      document.writeln('</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].percentage))/100 + '%');
+      }
+      document.writeln('</font></td>');
+      document.writeln('</tr>');
+    }
+    document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/index.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/index.html
new file mode 100644
index 000000000..05756ed3a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/index.html
@@ -0,0 +1,33 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>CA Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/ca/agent/graphics/favicon.ico" />
+</head>
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> 
+  <frame src="/ca/agent/header?selected=ca" name="top" frameborder="NO" noresize scrolling="NO" marginwidth="0" marginheight="0">
+  <frame src="frameListReq.html" scrolling="NO" noresize frameborder="NO" marginwidth="0" marginheight="0" name="middle">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuCRL.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuCRL.html
new file mode 100644
index 000000000..2c4984e9e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuCRL.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b><font color=black>Update Revocation List</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuDir.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuDir.html
new file mode 100644
index 000000000..7fa9f658d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuDir.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b><font color=black>Update Directory Server</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuDisplayCRL.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuDisplayCRL.html
new file mode 100644
index 000000000..de76603c4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuDisplayCRL.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b><font color=black>Display Revocation List</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuList.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuList.html
new file mode 100644
index 000000000..21452599d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuList.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><font color=black><b>List Certificates</b></font></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuListReq.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuListReq.html
new file mode 100644
index 000000000..f3b541962
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuListReq.html
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b><font color=black>List Requests</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuOCSP.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuOCSP.html
new file mode 100644
index 000000000..0b73aa60e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuOCSP.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b><font color=black>OCSP Service</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuProfile.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuProfile.html
new file mode 100644
index 000000000..a7bcd66df
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuProfile.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b><font color=black>Manage Certificate Profiles</font></b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuRevoke.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuRevoke.html
new file mode 100644
index 000000000..1148bf7c4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuRevoke.html
@@ -0,0 +1,70 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b><font color=black>Revoke Certificates</font></b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuSearch.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuSearch.html
new file mode 100644
index 000000000..a088ef030
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuSearch.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b><font color=black>Search for Certificates</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuSrchRequests.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuSrchRequests.html
new file mode 100644
index 000000000..3b16a1a20
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuSrchRequests.html
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b><font color=black>Search for Requests</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b>View Server Statistics</b></a></font></td>
+    </tr>
+
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuStats.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuStats.html
new file mode 100644
index 000000000..c251356bd
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/menuStats.html
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListReq.html" target="middle"><b>List Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSrchRequests.html" target="middle"><b>Search for Requests</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameList.html" target="middle"><b>List Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameSearch.html" target="middle"><b>Search for Certificates</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameRevoke.html" target="middle"><b>Revoke Certificates</b></a></font></td>
+    </tr>
+    <tr>
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDisplayCRL.html" target="middle"><b>Display Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCRL.html" target="middle"><b>Update Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameDir.html" target="middle"><b>Update Directory Server</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameProfile.html" target="middle"><b>Manage Certificate Profiles</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><font color="black"><b>Statistics</b></font></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/monitor.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/monitor.html
new file mode 100644
index 000000000..a5ee3db8f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/monitor.html
@@ -0,0 +1,77 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Performance Monitor</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Performance Monitor</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to query performance of this authority within a specified time range.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<form ACTION="monitor" METHOD=POST>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0>
+  <tr>
+    <td ALIGN=RIGHT><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      Start time:&nbsp;</font>
+	</td>
+    <td><input TYPE="TEXT" NAME="startTime" SIZE=15 MAXLENGTH=14></td>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+	  &nbsp;(use one of two formats YYYYMMDDHHMMSS or -S)</font>
+	</td>
+  </tr>
+  <tr>
+    <td ALIGN=RIGHT><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      Interval length:&nbsp;</font>
+    </td>
+    <td><input TYPE="TEXT" NAME="interval" SIZE=15 MAXLENGTH=14></td>
+    <td>&nbsp;</td>
+  </tr>
+  <tr>
+    <td ALIGN=RIGHT><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      &nbsp;&nbsp;&nbsp;&nbsp;Number of intervals:&nbsp;</font>
+    </td>
+    <td><input TYPE="TEXT" NAME="numberOfIntervals" SIZE=15 MAXLENGTH=14></td>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+	  <input TYPE="submit" VALUE="Display" width="72">&nbsp;&nbsp;
+	</td>
+  </tr>
+</table>
+</form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/monitor.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/monitor.template
new file mode 100644
index 000000000..1d84f9f20
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/monitor.template
@@ -0,0 +1,200 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE>Monitor</TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Monitor
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.error != null) {
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('CS monitor encountered the following error:'+result.header.error);
+    document.writeln('</font>');
+} else if (result.header.issuerName != null &&
+           result.header.startDate != null &&
+           result.header.interval != null &&
+           result.header.numberOfIntervals != null &&
+           result.header.totalNumberOfRequests != null &&
+           result.header.totalNumberOfCertificates != null) {
+    var timeRange = result.header.interval * result.header.numberOfIntervals;
+
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+
+    document.write('The following authority: '+result.header.issuerName+
+                   ' during <b>'+timeRange+' seconds</b>, starting from '+
+                   result.header.startDate+', processed <b>'+
+                   result.header.totalNumberOfRequests+' requests</b>');
+    if (result.header.totalNumberOfCertificates > 0)
+        document.write(' and generated <b>'+result.header.totalNumberOfCertificates+
+                       ' certificates</b>');
+    document.writeln('.<br>&nbsp;');
+    document.writeln('</font>');
+
+    if ((typeof(result.recordSet) != "undefined") && (result.recordSet.length > 0)) {
+        var addCerts = 0;
+        if (result.recordSet[0].numberOfCertificates != null)
+            addCerts = 1;
+        
+        document.writeln('<table BORDER=1 CELLSPACING=0 CELLPADDING=4 align="center">');
+        document.writeln('<tr>');
+        document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Interval number</font></td>');
+        document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Number of requests</font></td>');
+        if (addCerts == 1) {
+            document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Number of certificates</font></td>');
+        }
+        document.writeln('</tr>');
+
+        var maxCerts = 0;
+        var maxReqs = 0;
+        for (var i = 0; i < result.recordSet.length; i++) {
+            document.writeln('<tr>');
+            document.writeln('<td align="center">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+(i+1)+' </font></td>');
+            document.writeln('<td align="center">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.recordSet[i].numberOfRequests != null &&
+                result.recordSet[i].numberOfRequests > 0 &&
+                result.recordSet[i].firstRequest != null) {
+                document.write('<a href="queryReq?seqNumFrom='+result.recordSet[i].firstRequest+
+                               '&reqType=showAll&reqState=showAll&maxCount='+
+                               result.recordSet[i].numberOfRequests+
+                               '&totalRecordCount='+result.recordSet[i].numberOfRequests+'">'+
+                               result.recordSet[i].numberOfRequests+'</a>');
+            } else if (result.recordSet[i].numberOfRequests != null) {
+                document.write(' '+result.recordSet[i].numberOfRequests);
+            } else {
+                document.write(' 0');
+            }
+            document.writeln('</font></td>');
+            if (result.recordSet[i].numberOfRequests > maxReqs)
+                maxReqs = result.recordSet[i].numberOfRequests;
+            if (addCerts == 1) {
+                document.writeln('<td align="center">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                if (result.recordSet[i].numberOfCertificates != null &&
+                    result.recordSet[i].numberOfCertificates > 0 &&
+                    result.recordSet[i].startTime != null &&
+                    result.recordSet[i].endTime != null) {
+                    document.write('<a href="srchCerts?queryCertFilter=(%26(requestCreateTime%3e%3d'+
+                                   result.recordSet[i].startTime+
+                                   ')(requestCreateTime%3c%3d'+
+                                   result.recordSet[i].endTime+'))&maxResults='+
+                                   (result.recordSet[i].numberOfCertificates+1)+'">'+
+                                   result.recordSet[i].numberOfCertificates+'</a>');
+                    if (result.recordSet[i].numberOfCertificates > maxCerts)
+                        maxCerts = result.recordSet[i].numberOfCertificates;
+                } else if (result.recordSet[i].numberOfCertificates != null) {
+                    document.write(' '+result.recordSet[i].numberOfCertificates);
+                } else {
+                    document.write(' 0');
+                }
+                document.writeln('</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        if (result.header.totalNumberOfRequests != null) {
+            document.writeln('<tr>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Total</font></td>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+result.header.totalNumberOfRequests+' </font></td>');
+            if (addCerts == 1) {
+                document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                if (result.header.totalNumberOfCertificates != null) {
+                    document.write(' '+result.header.totalNumberOfCertificates);
+                } else {
+                    document.write('0');
+                }
+                document.writeln('</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        if (result.recordSet.length > 0) {
+            document.writeln('<tr>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Average</font></td>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+result.header.totalNumberOfRequests+' / '+timeRange+'s = '+
+                             (result.header.totalNumberOfRequests/timeRange)+'</font></td>');
+            if (addCerts == 1) {
+                document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.write(' '+result.header.totalNumberOfCertificates+' / '+timeRange+'s = '+
+                             (result.header.totalNumberOfCertificates/timeRange)+'</font></td>');
+            }
+            document.writeln('</tr>');
+
+            document.writeln('<tr>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Max</font></td>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+maxReqs+' / '+result.header.interval+'s = '+
+                             (maxReqs/result.header.interval)+'</font></td>');
+            if (addCerts == 1) {
+                document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.write(' '+maxCerts+' / '+result.header.interval+'s = '+
+                             (maxCerts/result.header.interval)+'</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        document.writeln('</table><br>');
+
+        document.writeln('<DIV ALIGN="CENTER">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('This table presents authority activity in the time range of '+
+                         timeRange+' seconds divided into '+result.header.numberOfIntervals+
+                         ' intervals ('+result.header.interval+' seconds each).');
+        document.writeln('</font>');
+        document.writeln('</DIV>');
+    }
+} else {
+    document.writeln('Error');
+}
+
+
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/notImplemented.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/notImplemented.html
new file mode 100644
index 000000000..cbdd43f6a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/notImplemented.html
@@ -0,0 +1,30 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Not implemented</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Not Implemented</font><br>
+<!--
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">This will be completed on next beta release.</font><br><br>
+-->
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/processCertReq.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/processCertReq.template
new file mode 100644
index 000000000..437895934
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/processCertReq.template
@@ -0,0 +1,228 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT type="text/javascript">
+<!--
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + number;
+}
+
+function renderFoot()
+{
+        document.writeln("");	
+		document.writeln('<FORM ACTION= 'processCertReq?seqNum='+result.header.seqNum+
+						 ' METHOD=POST>');
+        document.writeln('<INPUT TYPE="HIDDEN" NAME="seqNum" VALUE="'+result.header.seqNum +'">');
+
+        document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+        document.writeln('<tr><td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+        if (result.header.assignedTo == null  ||
+            result.header.assignedTo == result.header.callerName) {
+            document.writeln('<SELECT NAME="toDo">');
+            document.writeln('<OPTION VALUE="clone">Clone this request</OPTION>');
+            document.writeln('</SELECT>&nbsp;&nbsp;');
+            document.writeln('<INPUT TYPE="submit" Value="Do It" width="72">&nbsp;&nbsp;');
+            //document.writeln('<INPUT TYPE="reset" VALUE="Reset" width="72">&nbsp;&nbsp;');
+        }
+        // document.writeln('<INPUT TYPE="button" VALUE="Help" width="72"');
+        // document.writeln('onClick="help(\'http://www.redhat.com/docs/manuals/cert-system#1005417\')">');
+        document.writeln('</td></tr></table>');
+		document.writeln('</form>');
+}
+
+if (result.header.seqNum == null) {
+    document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Problem Processing Your Request</font>');
+    document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif">');
+    agent/document.writeln('<tr><td>&nbsp;</td></tr></table>');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.write('<P>The Certificate Manager encountered a problem while processing your request.');
+    document.writeln('&nbsp;&nbsp;The following is a detailed message of the error that occurred.');
+    if (result.header.errors != null || result.header.errorDetails != null) {
+        document.writeln('<blockquote><B><pre>');
+        if (result.header.errors != null) document.writeln(result.header.errors);
+        if (result.header.errorDetails != null) document.writeln(result.header.errorDetails);
+        document.writeln('</pre></B></blockquote>');
+    }
+    document.write('<P>Please consult your local administrator for further assistance.');
+    document.write('&nbsp;&nbsp;The Certificate System logs may provide further information.');
+    document.writeln('</font>');
+} else {
+    document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Request <b>' + result.header.seqNum + '</b></font>');
+    document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif">');
+    document.writeln('<tr><td>&nbsp;</td></tr></table>');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+
+    if ((result.header.toDo == 'accept' || result.header.toDo == 'reject' ||
+         result.header.toDo == 'cancel') && result.header.status == 'pending') {
+         if (result.header.toDo == 'accept') {
+            document.writeln('<P>Request has not been accepted.');
+         }
+         if (result.header.toDo == 'reject') {
+            document.writeln('<P>Request has not been rejected.');
+         }
+         if (result.header.toDo == 'cancel') {
+            document.writeln('<P>Request has not been canceled.');
+         }
+         if (result.header.errors != null) {
+            document.writeln('<P>Additional information:');
+            document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+         }
+    }
+
+    if ((result.header.toDo == 'accept' || result.header.toDo == 'reject' ||
+         result.header.toDo == 'cancel') &&
+        (result.header.status == 'approved' || result.header.status == 'svc_pending')) {
+        document.writeln('<P>Request has been submitted.');
+    }
+
+    if ((result.header.toDo == 'accept' || result.header.toDo == 'reject') &&
+         result.header.status == 'rejected') {
+        document.writeln('<P>Request has been rejected.');
+        if (result.header.toDo == 'accept' && result.header.errors != null) {
+            document.writeln('<P>Additional information:');
+            document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+        }
+    }
+    if ((result.header.toDo == 'accept' || result.header.toDo == 'cancel') &&
+         result.header.status == 'canceled') {
+        document.writeln('<P>Request has been canceled.');
+        if (result.header.toDo == 'accept' && result.header.errors != null) {
+            document.writeln('<P>Additional information:');
+            document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+        }
+    }
+
+    if (result.header.toDo == 'clone') {
+		var cloneRequestLoc = '/' + result.header.authorityid + 
+						 '/processReq?seqNum='+
+						 result.header.clonedRequestId;
+		var backRequestLoc = '/' + result.header.authorityid + 
+						 '/processReq?seqNum='+
+						 result.header.seqNum;
+		document.writeln('<P>Request has been cloned as '+
+			'<a href="'+cloneRequestLoc+'">request '+
+			result.header.clonedRequestId+'</a>.');
+		document.writeln('<P>Go back to '+
+			'<a href="'+backRequestLoc+'">request '+
+			result.header.seqNum+'</a>.');
+	}
+
+	// XXX set repeat record of issued certs.
+    if (result.header.toDo == 'accept' &&
+        result.header.status == 'complete') {
+        if (result.header.requestType == 'enrollment' ||
+            result.header.requestType == 'renewal') {
+            if (result.header.serialNumber != null &&
+                result.header.authorityid != null) {
+                document.write('<P>Generated certificate(s) with serial number(s): ');
+                document.writeln('0x'+result.header.serialNumber+'&nbsp;&nbsp;&nbsp;');
+			    if (typeof(result.header.grantError) != "undefined") {
+				    document.writeln('<P>');
+				    if (result.header.grantError == 'SUCCESS') {
+					    document.writeln('User ID '+result.header.grantUID+
+						    ' has been created using this certificate with '+
+						    result.header.grantPrivilege+
+						    ' privileges.');
+				    }
+				    else {
+						var grantAccess = "trusted manager or agent";
+						if (typeof(result.header.grantPrivilege) != "undefined")
+							grantAccess = result.header.grantPrivilege;
+
+						document.writeln('However, a '+grantAccess+
+							' was not created from this request in the'+
+							' user and group database.<br>');
+						document.writeln(
+							'Error details: <b>'+result.header.grantError+'</b>');
+						document.writeln(
+							'<p>You can still create a '+grantAccess+
+							' with this certificate through the Console.');
+				    }
+			    }
+
+                document.writeln('<FORM METHOD=post ACTION="/'+ result.header.authorityid +
+                                 '/displayCertFromRequest">\n');
+                document.writeln('<INPUT TYPE=hidden NAME="requestId" VALUE="'+
+                                 result.header.seqNum +'">\n');
+                document.writeln('<INPUT TYPE=hidden NAME="op" VALUE="displayBySerial">\n');
+                document.writeln('<INPUT TYPE=hidden NAME="serialNumber" VALUE="'+
+                                 '0x'+result.header.serialNumber +'">\n');
+                document.writeln('<INPUT TYPE=submit VALUE="Show Certificate" width="72"></FORM>\n');
+/*
+                if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+                    if (result.header.certsUpdated > 0) {
+                        document.writeln('<P>The certificate(s) have been successfully published.');
+                    } else {
+                        document.writeln('<P>One or more certificates could not be published.  See log files for more details.');
+                    }
+                }
+*/
+            } else {
+                document.writeln('<P>Request has been completed but no certificate has been generated.');
+                if (result.header.errors != null) {
+                    document.writeln('<P>Additional information:');
+                    document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+                }
+                document.write('<P>The Certificate System logs may provide further information.');
+			    document.write('<P>');
+			    renderFoot();
+            }
+        } else {
+            document.writeln('<P>Request has been completed.');
+            if (result.header.errors != null) {
+                document.writeln('<P>Additional information:');
+                document.writeln('<blockquote><B><pre>'+result.header.errors+'</pre></B></blockquote>');
+                document.write('<P>The Certificate System logs may provide further information.');
+            }
+        }
+    }
+
+    document.writeln('</font>');
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/processReq.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/processReq.template
new file mode 100644
index 000000000..2f8fc7778
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/processReq.template
@@ -0,0 +1,1415 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display Request</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/funcs.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+<SCRIPT type="text/javascript" SRC="/ca/agent/dynamicVars.js"></SCRIPT>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/javascript">
+<!--
+if (header.profile == 'true') {
+  document.location="profileReview?requestId=" + header.seqNum;
+}
+var lengthOptions = new Array(0, "",
+                              86400, "1 Day",
+                              604800, "1 Week",
+                              1209600, "2 Weeks",
+                              2592000, "1 Month (30 days)",
+                              15552000, "6 Months (180 days)",
+                              31536000, "1 Year (365 days)",
+                              46656000, "18 Months (540 days)",
+                              63072000, "2 Years (730 days)");
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var str0 = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            str0 += str.substring(i0, i1);
+            str0 += " ";
+            i0 = i1;
+        } else {
+            str0 += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    i0 = 0;
+    i1 = 0;
+    while (i1 < str0.length) {
+        i1 = str0.indexOf('+', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str0.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str0.substring(i0, str0.length);
+            i1 = str0.length;
+        }
+    }
+
+    return outStr;
+}
+
+function renderRequestInfo()
+{
+    document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Request</font></td></tr>');
+
+    document.writeln('<tr><td valign="top" align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     'Status:</font></td>');
+    document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     result.header.status + '</font></td></tr>');
+
+    document.writeln('<tr><td valign="top" align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     'Type:</font></td>');
+    document.write('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.requestType != null) {
+        document.write(result.header.requestType);
+    } else {
+        document.write('unknown');
+    }
+    document.writeln('</font></td></tr>');
+
+    if (result.header.status == 'pending') {
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Assigned to:</font></td>');
+        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         ((result.header.assignedTo != null)? result.header.assignedTo: 'unassigned')+
+                         '&nbsp;&nbsp;&nbsp;');
+        if (result.header.assignedTo == null) {
+            document.write('<a href="processReq?doAssign=toMe&seqNum='+
+                           result.header.seqNum + '"' +
+                           'onMouseOver="return helpstatus(\'Click to assign the '+
+                           'request to yourself\')" '+
+                           'onMouseOut="return helpstatus(\'\')">'+
+                           'assign to me</a>');
+        } else if (result.header.assignedTo != result.header.callerName) {
+            document.write('<a href="processReq?doAssign=reassignToMe&seqNum=' +
+                           result.header.seqNum +  '"' + 
+                           'onMouseOver=" return helpstatus(\'Click to re-assign the '+
+                           'request to yourself\')" '+
+                           'onMouseOut="return helpstatus(\'\')">'+
+                           're-assign to me</a>');
+        } else if (result.header.assignedTo == result.header.callerName) {
+            document.write('<a href="processReq?doAssign=reassignToNobody&seqNum=' +
+                           result.header.seqNum + '"' + 
+                           'onMouseOver=" return helpstatus(\'Click to cancel request '+
+                           'assignment\')" '+
+                           'onMouseOut="return helpstatus(\'\')">'+
+                           'cancel request assignment</a>');
+        }
+        document.writeln('</font></td></tr>');
+
+//        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+//                         ((result.header.assignedTo != null)? result.header.assignedTo: 'unassigned')+
+//                         '</font></td></tr>');
+    }
+
+    if (result.header.certType != null) {
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Certificate type:</font></td>');
+        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         result.header.certType + '</font></td></tr>');
+    }
+
+    if (result.header.status == 'complete' && result.header.Result != null && 
+        result.header.Result == '2' && result.header.errors != null) {
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Error:</font></td>');
+        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         result.header.errors + '</font></td></tr>');
+    }
+}
+
+function renderRequesterInfo()
+{
+    if (result.header.requestType != 'revocation' &&
+        result.header.requestType != 'unrevocation' &&
+        result.header.requestType != 'getCertificates' &&
+        (result.header.csrRequestorName != null ||
+         result.header.csrRequestorEmail != null ||
+         result.header.csrRequestorPhone != null ||
+         result.header.subject != null)) {
+
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Subject (requester)</font></td></tr>');
+
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Subject name:</font></td>');
+        if (result.header.status == 'pending') {
+            document.writeln('<td valign="top" colspan="2">'+
+                             '<INPUT TYPE="TEXT" NAME="subject" SIZE=40 MAXLENGTH=254 VALUE="'+
+                             ((result.header.subject != null)? result.header.subject: '') +
+                             '"></font></td></tr>');
+        } else {
+            document.writeln('<td valign="top" colspan="2">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             ((result.header.subject != null)? addSpaces(result.header.subject): '') +
+                             '</font></td></tr>');
+        }
+
+        if (result.header.csrRequestorName != null &&
+            result.header.csrRequestorName != "") {
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Name:</font></td>');
+            document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             result.header.csrRequestorName + '</font></td></tr>');
+        }
+
+        if (result.header.csrRequestorEmail != null &&
+            result.header.csrRequestorEmail != "") {
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Email:</font></td>');
+            document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             result.header.csrRequestorEmail + '</font></td></tr>');
+        }
+
+        if (result.header.csrRequestorPhone != null &&
+            result.header.csrRequestorPhone != "") {
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Phone:</font></td>');
+            document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             result.header.csrRequestorPhone + '</font></td></tr>');
+        }
+    }
+
+    if (result.header.csrRequestorComments != null &&
+        result.header.csrRequestorComments != "") {
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Comments:</font></td>');
+        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         result.header.csrRequestorComments + '</font></td></tr>');
+    }
+}
+
+function renderPublicKeyInfo()
+{
+    if (result.header.requestType == 'Enrollment' ||
+		result.header.requestType == 'enrollment' ||
+        result.header.requestType == 'renewal') {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Subject public key</font></td></tr>');
+
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Algorithm:</font></td>');
+        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         result.header.subjectPublicKeyInfo + '</font></td></tr>');
+
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Public key:</font></td>');
+        document.writeln('<td valign="top" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         result.header.subjectPublicKey.replace(/\n/g, "<br>") + '</font></td></tr>');
+
+        //if (result.header.status == 'pending') {
+            //document.writeln('<tr><td valign="top" align="right"></td>');
+            //document.writeln('<td valign="top">'+
+                             //'<INPUT TYPE="checkbox" NAME="checkPubKeyUniqueness" VALUE="no">'+
+                             //'</td>');
+            //document.writeln('<td valign="top" align=left>'+
+                             //'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             //'Override public key uniqueness requirement'+
+                             //'</font></td>');
+        //}
+    }
+}
+
+function renderSelectionWithNames(name, from, to, selected, names)
+{
+    document.writeln('<SELECT NAME="'+name+'" onChange="checkValidityLength()">');
+    for (var i = from; i < to; i++) {
+        if (i == selected) {
+            document.writeln('<OPTION VALUE='+i+' SELECTED>'+names[i]);
+        } else {
+            document.writeln('<OPTION VALUE='+i+'>'+names[i]);
+        }
+    }
+    document.writeln('</SELECT>');
+}
+
+function renderSelection(name, from, to, selected)
+{
+    document.writeln('<SELECT NAME="'+name+'" onChange="checkValidityLength()">');
+    for (var i = from; i < to; i++) {
+        if (i == selected) {
+            document.writeln('<OPTION VALUE='+i+' SELECTED>'+i);
+        } else {
+            document.writeln('<OPTION VALUE='+i+'>'+i);
+        }
+    }
+    document.writeln('</SELECT>');
+}
+
+function checkValidityLength()
+{
+    var i;
+    var fromDate;
+    i = document.forms[0].fromDay.selectedIndex;
+    var day = document.forms[0].fromDay.options[i].value;
+    i = document.forms[0].fromMonth.selectedIndex;
+    var month = document.forms[0].fromMonth.options[i].value;
+    i = document.forms[0].fromYear.selectedIndex;
+    var year = document.forms[0].fromYear.options[i].value;
+    i = document.forms[0].fromHour.selectedIndex;
+    var hour = document.forms[0].fromHour.options[i].value;
+    i = document.forms[0].fromMinute.selectedIndex;
+    var minute = document.forms[0].fromMinute.options[i].value;
+    i = document.forms[0].fromSecond.selectedIndex;
+    var second = document.forms[0].fromSecond.options[i].value;
+
+    fromDate = new Date(year,month,day,hour,minute,second);
+    if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return;
+    }
+    var fromTime = fromDate.getTime();
+
+    var toDate;
+    i = document.forms[0].toDay.selectedIndex;
+    day = document.forms[0].toDay.options[i].value;
+    i = document.forms[0].toMonth.selectedIndex;
+    month = document.forms[0].toMonth.options[i].value;
+    i = document.forms[0].toYear.selectedIndex;
+    year = document.forms[0].toYear.options[i].value;
+    i = document.forms[0].toHour.selectedIndex;
+    hour = document.forms[0].toHour.options[i].value;
+    i = document.forms[0].toMinute.selectedIndex;
+    minute = document.forms[0].toMinute.options[i].value;
+    i = document.forms[0].toSecond.selectedIndex;
+    second = document.forms[0].toSecond.options[i].value;
+
+    toDate = new Date(year,month,day,hour,minute,second);
+    if (toDate.getMonth() != month || toDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return;
+    }
+    var toTime = toDate.getTime();
+
+    var len = (toTime - fromTime)/1000;
+
+	for (i=2; i < lengthOptions.length; i+=2) {
+		if (lengthOptions[i] == len) {
+			document.forms[0].validityLength.selectedIndex = i/2;
+            break;
+        }
+	}
+
+    if (i >= lengthOptions.length)
+        document.forms[0].validityLength.selectedIndex = 0;
+
+    if (len < 0)
+        alert("NOT VALID AFTER date should not be earlier than NOT VALID BEFORE date.");
+
+    return;
+}
+
+function updateEndDate()
+{
+    var i;
+    var fromDate;
+    i = document.forms[0].fromDay.selectedIndex;
+    var day = document.forms[0].fromDay.options[i].value;
+    i = document.forms[0].fromMonth.selectedIndex;
+    var month = document.forms[0].fromMonth.options[i].value;
+    i = document.forms[0].fromYear.selectedIndex;
+    var year = document.forms[0].fromYear.options[i].value;
+    i = document.forms[0].fromHour.selectedIndex;
+    var hour = document.forms[0].fromHour.options[i].value;
+    i = document.forms[0].fromMinute.selectedIndex;
+    var minute = document.forms[0].fromMinute.options[i].value;
+    i = document.forms[0].fromSecond.selectedIndex;
+    var second = document.forms[0].fromSecond.options[i].value;
+
+    fromDate = new Date(year,month,day,hour,minute,second);
+    if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return;
+    }
+    var fromTime = fromDate.getTime();
+
+    i = document.forms[0].validityLength.selectedIndex;
+    var len = document.forms[0].validityLength.options[i].value;
+    var toDate = new Date(fromTime + len*1000);
+
+    document.forms[0].toDay.selectedIndex = toDate.getDate() - 1;
+    document.forms[0].toMonth.selectedIndex = toDate.getMonth();
+    document.forms[0].toHour.selectedIndex = toDate.getHours();
+    document.forms[0].toMinute.selectedIndex = toDate.getMinutes();
+    document.forms[0].toSecond.selectedIndex = toDate.getSeconds();
+    i = document.forms[0].fromYear.options[0].value;
+    document.forms[0].toYear.selectedIndex = toDate.getFullYear() - i;
+}
+
+function getNotValidBefore()
+{
+    var i;
+    var fromDate;
+    i = document.forms[0].fromDay.selectedIndex;
+    var day = document.forms[0].fromDay.options[i].value;
+    i = document.forms[0].fromMonth.selectedIndex;
+    var month = document.forms[0].fromMonth.options[i].value;
+    i = document.forms[0].fromYear.selectedIndex;
+    var year = document.forms[0].fromYear.options[i].value;
+    i = document.forms[0].fromHour.selectedIndex;
+    var hour = document.forms[0].fromHour.options[i].value;
+    i = document.forms[0].fromMinute.selectedIndex;
+    var minute = document.forms[0].fromMinute.options[i].value;
+    i = document.forms[0].fromSecond.selectedIndex;
+    var second = document.forms[0].fromSecond.options[i].value;
+
+    fromDate = new Date(year,month,day,hour,minute,second);
+    if (fromDate.getMonth() != month || fromDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return null;
+    }
+    return (fromDate.getTime())/1000;
+}
+
+function getNotValidAfter()
+{
+    var i;
+    var toDate;
+    i = document.forms[0].toDay.selectedIndex;
+    var day = document.forms[0].toDay.options[i].value;
+    i = document.forms[0].toMonth.selectedIndex;
+    var month = document.forms[0].toMonth.options[i].value;
+    i = document.forms[0].toYear.selectedIndex;
+    var year = document.forms[0].toYear.options[i].value;
+    i = document.forms[0].toHour.selectedIndex;
+    var hour = document.forms[0].toHour.options[i].value;
+    i = document.forms[0].toMinute.selectedIndex;
+    var minute = document.forms[0].toMinute.options[i].value;
+    i = document.forms[0].toSecond.selectedIndex;
+    var second = document.forms[0].toSecond.options[i].value;
+
+    toDate = new Date(year,month,day,hour,minute,second);
+    if (toDate.getMonth() != month || toDate.getDate() != day || year == 0) {
+        alert((++month)+"/"+day+"/"+year+" is invalid");
+        return null;
+    }
+    return (toDate.getTime())/1000;
+}
+
+function renderValidityInfo()
+{
+    if ((result.header.requestType == 'Enrollment' ||
+		 result.header.requestType == 'enrollment' ||
+         result.header.requestType == 'renewal') &&
+        result.header.status == 'pending') {
+
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Validity</font></td></tr>');
+
+
+        var months = new Array("January", "February", "March", "April",
+                               "May", "June", "July", "August",
+                               "September", "October", "November", "December");
+
+        var sel = -1;
+	    if (result.header.validityLength != null) {
+            if (result.header.validityLength == 0 &&
+                result.header.defaultValidityLength != null &&
+                result.header.defaultValidityLength > 0) {
+                result.header.validityLength = result.header.defaultValidityLength;
+            }
+		    for (i=0; i < lengthOptions.length; i+=2) {
+			    if (lengthOptions[i] == result.header.validityLength) {
+				    sel = i;
+                    break;
+                }
+		    }
+	    }
+        if (sel <= 0 && result.header.validityLength == 0) {
+            sel = 10; // 6 Months (180 days)
+            result.header.validityLength = lengthOptions[sel];
+        } else if (sel < 0 && result.header.validityLength > 0) {
+            sel = 0;
+        }
+
+        var startDay = new Date(serverdate);
+        var year = startDay.getFullYear();
+        var time = startDay.getTime();
+        time += 1000*result.header.validityLength;
+        var endDay = new Date(time);
+
+
+        document.writeln('<tr><td align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Not valid before:</font></td>');
+        document.writeln('<td valign="top" colspan="2">');
+
+        renderSelection("fromDay", 1, 32, startDay.getDate());
+        renderSelectionWithNames("fromMonth", 0, months.length, startDay.getMonth(), months);
+        renderSelection("fromYear", year-2, year+10, year);
+        document.writeln('&nbsp;&nbsp;');
+        renderSelection("fromHour", 0, 24, startDay.getHours());
+        renderSelection("fromMinute", 0, 60, startDay.getMinutes());
+        renderSelection("fromSecond", 0, 60, startDay.getSeconds());
+
+        document.writeln('</td></tr>');
+
+
+        document.writeln('<tr><td align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Not valid after:</font></td>');
+
+        document.writeln('<td valign="top" colspan="2">');
+
+        renderSelection("toDay", 1, 32, endDay.getDate());
+        renderSelectionWithNames("toMonth", 0, months.length, endDay.getMonth(), months);
+        renderSelection("toYear", year-2, year+10, endDay.getFullYear());
+        document.writeln('&nbsp;&nbsp;');
+        renderSelection("toHour", 0, 24, endDay.getHours());
+        renderSelection("toMinute", 0, 60, endDay.getMinutes());
+        renderSelection("toSecond", 0, 60, endDay.getSeconds());
+
+        document.writeln('</td></tr>');
+
+
+
+        document.writeln('<tr><td valign="top" align="right">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Length of validity period:</font></td>');
+
+        document.writeln('<td valign="top" colspan="2">');
+        
+
+
+	    // Output a selection menu with the requested value selected
+	    document.writeln('<SELECT NAME="validityLength" onChange="updateEndDate()">');
+	    for (i=0; i < lengthOptions.length; i+=2) {
+            if (i == sel) {
+                document.writeln('<OPTION VALUE='+lengthOptions[i]+' SELECTED>'+lengthOptions[i+1]);
+            } else {
+                document.writeln('<OPTION VALUE='+lengthOptions[i]+'>'+lengthOptions[i+1]);
+            }
+	    }
+	    document.writeln('</SELECT>');
+
+        document.writeln('</td></tr>');
+
+
+//        document.writeln('<tr><td valign="top" align="right"></td>');
+//        document.writeln('<td valign="top">'+
+//                         '<INPUT TYPE="checkbox" NAME="checkValidityNesting" VALUE="no">'+
+//                         '</td>');
+//        document.writeln('<td valign="top" aligh=left>'+
+//                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+//                         'Override validity nesting requirement'+
+//                         '</font></td></tr>');
+    }
+}
+
+function renderExtensionsInfo()
+{
+    if ((result.header.requestType == 'Enrollment' ||
+		 result.header.requestType == 'enrollment' ||
+         result.header.requestType == 'renewal') &&
+        result.header.status == 'pending') {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Extensions</font></td></tr>');
+
+		// NS Cert Type Extension
+
+		var clientcert = "";
+		var servercert = "";
+		var emailcert = "";
+		var objectsigningcert = "";
+		var cacert = "";
+		var sslcacert = "";
+		var emailcacert = "";
+		var objectsigningcacert = "";
+
+		if (result.header.ext_ssl_client != null && result.header.ext_ssl_client == "true") {
+			clientcert = "CHECKED";
+		}
+		if (result.header.ext_ssl_server != null && result.header.ext_ssl_server == "true") {
+			servercert = "CHECKED";
+		}
+		if (result.header.ext_email != null && result.header.ext_email == "true") {
+			emailcert = "CHECKED";
+		}
+		if (result.header.ext_object_signing != null && result.header.ext_object_signing == "true") {
+			objectsigningcert = "CHECKED";
+		}
+		if (result.header.ext_ssl_ca != null && result.header.ext_ssl_ca == "true") {
+			sslcacert = "CHECKED";
+		}
+		if (result.header.ext_email_ca != null && result.header.ext_email_ca == "true") {
+			emailcacert = "CHECKED";
+		}
+		if (result.header.ext_object_signing_ca != null && result.header.ext_object_signing_ca == "true") {
+			objectsigningcacert = "CHECKED";
+		}
+		if (result.header.certType == 'ca') {
+			cacert = "CHECKED";
+		}
+
+		if (result.header.certType == "ca") {
+            document.writeln('<tr><td valign="top" align="right" rowspan="7">');
+        } else {
+            document.writeln('<tr><td valign="top" align="right" rowspan="4">');
+        }
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         'Netscape certificate type (usage):</font></td>');
+
+        document.writeln('<td valign="top">'+
+		                 '<INPUT TYPE=CHECKBOX ' + clientcert +
+                         ' NAME="certTypeSSLClient" VALUE="yes">'+
+						 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+						 ' SSL Client</font></td></tr>'); 
+		document.writeln('<tr><td valign="top">'+
+		                 '<INPUT TYPE=CHECKBOX ' + servercert +
+                         ' NAME="certTypeSSLServer" VALUE="yes">'+
+						 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+						 ' SSL Server</font></td></tr>');
+		document.writeln('<tr><td valign="top">'+
+		                 '<INPUT TYPE=CHECKBOX ' + emailcert +
+                         ' NAME="certTypeEmail" VALUE="yes">'+
+						 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+						 ' Secure Email</font></td></tr>');
+		if (result.header.certType == "client") {
+        	document.writeln(
+						 '<tr><td valign="top">'+
+		                 '<INPUT TYPE=CHECKBOX ' + objectsigningcert +
+                         ' NAME="certTypeObjSigning" VALUE="yes">'+
+						 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+						 ' Object Signing</font></td></tr>');
+		}
+
+		if (result.header.certType == "ca") {
+            document.writeln('<tr><td valign="top">'+
+                             '<INPUT TYPE=CHECKBOX ' + sslcacert +
+                             ' NAME="certTypeSSLCA" VALUE="yes">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             ' Subordinate SSL CA</font></td></tr>');
+            document.writeln('<tr><td valign="top">'+
+                             '<INPUT TYPE=CHECKBOX ' + emailcacert +
+                             ' NAME="certTypeEmailCA" VALUE="yes">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             ' Subordinate Email CA</font></td></tr>');
+            document.writeln('<tr><td valign="top">'+
+                             '<INPUT TYPE=CHECKBOX ' + objectsigningcacert +
+                             ' NAME="certTypeObjSigningCA" VALUE="yes">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             ' Subordinate Executable Object Signing CA</font></td></tr>');
+        }
+        document.writeln('<tr><td valign="top" colspan="3"></td></tr>');
+
+
+        // Basic Constraints Extension
+        if (result.header.pathLenBasicConstraints != null) {
+            document.writeln('<tr><td valign="top" align="right">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Basic Constraints:</font></td>');
+            document.write('<td valign="top" colspan="2">' +
+                     '<INPUT TYPE="TEXT" NAME="pathLenBasicConstraint" SIZE=8 MAXLENGTH=10');
+            if (result.header.pathLenBasicConstraints  >= 0 &&
+                result.header.caPathLen != null && (result.header.caPathLen < 0 ||
+                (result.header.caPathLen > 0 &&
+                 result.header.pathLenBasicConstraints < result.header.caPathLen))) {
+                document.writeln(' VALUE="'+ result.header.pathLenBasicConstraints + '">');
+            } else if (result.header.caPathLen != null && result.header.caPathLen > 0) {
+                document.writeln(' VALUE="'+ (result.header.caPathLen-1) + '">');
+            } else if (result.header.caPathLen != null && result.header.caPathLen == 0) {
+                document.writeln(' VALUE="0">');
+            } else {
+                document.writeln(' VALUE="">');
+            }
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             '&nbsp;Path Length Constraint</font>');
+            document.writeln('<INPUT TYPE="HIDDEN" NAME="pathLenConstraint" VALUE="">');
+            document.writeln('</td></tr>');
+        }
+        document.writeln('<tr><td valign="top" colspan="3"></td></tr>');
+
+
+        // handle Presence Server Extension
+    if (result.header.PresenceServerExtension != null) {
+        document.writeln('<tr><td valign="top" align="right">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+ 'Presence Server Extension:</font></td>');
+        document.write('<td valign="top" colspan="2">');
+        document.write('<input type=checkbox name="PSE_Enable" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Enable</font><br>');
+        document.write('<input type=checkbox name="PSE_Critical" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Critical</font><br>');
+        document.write('<input type=text name="PSE_Version" value=""><font size= "-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Version (Integer)</font><br>');
+        document.write('<input type=text name="PSE_StreetAddress" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Street Address (String)</font><br>');
+        document.write('<input type=text name="PSE_TelephoneNumber" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Telephone Number (String)</font><br>');
+        document.write('<input type=text name="PSE_RFC822Name" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;RFC822 Name (String)</font><br>');
+        document.write('<input type=text name="PSE_IMID" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;IM ID (String)</font><br>');
+        document.write('<input type=text name="PSE_HostName" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Host Name (String)</font><br>');
+        document.write('<input type=text name="PSE_PortNumber" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Port Number (Integer)</font><br>');
+        document.write('<input type=text name="PSE_MaxUsers" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Max Users (Integer)</font><br>');
+        document.write('<input type=text name="PSE_ServiceLevel" value=""><font size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;Service Level (Integer)</font><br>');
+        document.write('</td>');
+        document.writeln('<tr><td valign="top" colspan="3"></td></tr>');
+        }
+        // Other extensions
+
+        if (result.recordSet.length > 0) {
+            var nRows = 0;
+            for (var i = 0; i < result.recordSet.length; i++) {
+                if (typeof(result.recordSet[i].ext_prettyprint) == "undefined") 
+                    continue;
+                else
+                    nRows++;
+            }
+            nRows++;
+            document.writeln('<tr><td valign="top" align="right" rowspan="'+nRows+'">'+
+                '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                'Other Extensions:</font></td></tr>');
+            for (var i = 0; i < result.recordSet.length; i++) {
+                if (typeof(result.recordSet[i].ext_prettyprint) == "undefined") 
+                    continue;
+                document.writeln('<tr><td valign="top" align="left" >'+
+                    '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                    '<pre>'+ result.recordSet[i].ext_prettyprint+
+                    '</pre></font></td><td></td><td></td></tr>');
+            }
+		}
+        document.writeln('<tr><td valign="top" align="right">'+
+            '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+            'Additional Extensions:</font></td>\n<td valign="top" colspan="2">'+
+            '<textarea name="addExts" rows="5" cols="40"></textarea></td></tr>');
+    }
+}
+
+function renderSignatureInfo()
+{
+    if ((result.header.requestType == 'Enrollment' ||
+		 result.header.requestType == 'enrollment' ||
+         result.header.requestType == 'renewal') &&
+        result.header.status == 'pending' &&
+        result.header.validAlgorithms != null) {
+
+        algorithmName = result.header.validAlgorithms.split('+');
+        if (algorithmName.length > 0) {
+            document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('Signature</font></td></tr>');
+
+            document.writeln('<tr><td align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Algorithm:</font></td>');
+
+            document.writeln('<td valign="top" colspan="2">');
+            document.writeln('<SELECT NAME="signatureAlgorithm">');
+
+            var signingAlgorithm;
+            if (result.header.caSigningAlgorithm != null)
+                signingAlgorithm = result.header.caSigningAlgorithm;
+            else
+                signingAlgorithm = result.header.signatureAlgorithmName;
+
+            var i;
+            for (i = 0; i < algorithmName.length; i++) {
+                document.write('<OPTION VALUE="' + algorithmName[i] + '"');
+                if (signingAlgorithm == algorithmName[i])
+                    document.write(' SELECTED');
+                document.writeln('>' + algorithmName[i] + '</OPTION>');
+            }
+
+            document.writeln('</SELECT>');
+            document.writeln('</td></tr>');
+        }
+    }
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = number;
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderCertificateInfo()
+{
+    if ((result.header.status == 'complete' &&
+         (result.header.requestType == 'Enrollment' ||
+		  result.header.requestType == 'enrollment' ||
+          result.header.requestType == 'renewal')) ||
+        result.header.requestType == 'getRevocationInfo') {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        if (result.header.requestType == 'getRevocationInfo') {
+            document.writeln('Certificate</font></td></tr>');
+        } else {
+            document.writeln('Issued certificate</font></td></tr>');
+        }
+
+        if (result.header.serialNumber != null) {
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Serial number:</font></td>');
+            document.writeln('<td valign="top" colspan="2">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('<a href="displayBySerial?serialNumber='+
+                             '0x'+result.header.serialNumber + '"' +
+                             ' onMouseOver=" return helpstatus(\'Click to display this '+
+                             'certificate \')" onMouseOut="return helpstatus(\'\')">');
+            document.write(renderHexNumber(result.header.serialNumber,8));
+			if (result.header.serialNumber2 != null) {
+		        document.writeln('</a>&nbsp;');
+			    document.writeln('<a href="displayBySerial?serialNumber='+
+                             '0x'+result.header.serialNumber2 + '"' +
+                             ' onMouseOver=" return helpstatus(\'Click to display this '+
+                             'certificate \')" onMouseOut="return helpstatus(\'\')">');
+				document.write(renderHexNumber(result.header.serialNumber2,8));
+			}
+			document.writeln('</a></font></td></tr>');			
+			
+            if (result.header.requestType == 'getRevocationInfo' &&
+                result.header.status == 'complete') {
+                document.writeln('<tr><td valign="top" align="right">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                                 'Verified</font></td>');
+                document.writeln('<td valign="top" colspan="2">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                if (result.header.reason == null) {
+                    document.writeln('as not revoked');
+                } else {
+                    document.write('as revoked with the reason:&nbsp;'+
+                                    result.header.reason);
+                }
+                document.writeln('</font></td></tr>');
+            }
+        } else {
+            if (result.header.requestType == 'getRevocationInfo') {
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             '</font></td>');
+            document.writeln('<td valign="top" colspan="2">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                document.writeln('');
+            } else {
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Error:</font></td>');
+            document.writeln('<td valign="top" colspan="2">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                document.writeln('Certificate not issued');
+            }
+            document.writeln('</font></td></tr>');
+
+            if (result.header.errors != null) {
+                document.writeln('<tr><td valign="top" align="right">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                                 'Additional information:</font></td>');
+                document.writeln('<td valign="top" colspan="2">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                                 result.header.errors + '</font></td></tr>');
+            }
+        }
+    }
+
+    if (result.header.requestType == 'revocation' ||
+        result.header.requestType == 'unrevocation' ||
+        result.header.requestType == 'getCertificates' ||
+        result.header.requestType == 'getCAChain') {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        if (result.recordSet.length > 0) {
+            if (result.header.requestType == 'getCAChain') {
+                document.writeln('Certificate Chain</font></td></tr>');
+            } else if (result.recordSet.length > 1) {
+                document.writeln('Certificates</font></td></tr>');
+            } else {
+                document.writeln('Certificate</font></td></tr>');
+            }
+            for (var i = 0; i < result.recordSet.length; i++) {
+                document.writeln('<tr><td valign="top" align="right">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                                 'Serial number:</font></td>');
+                document.writeln('<td valign="top" colspan="2">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                if (result.header.requestType != 'getCAChain') {
+                    document.writeln('<a href="displayBySerial?serialNumber='+
+                                     '0x'+result.recordSet[i].serialNumber + '"' +
+                                     ' onMouseOver=" return helpstatus(\'Click to display this '+
+                                     'certificate \')" onMouseOut="return helpstatus(\'\')">');
+                }
+                document.writeln(renderHexNumber(result.recordSet[i].serialNumber,8) +
+                                 '</font></a></td></tr>');
+                if (result.recordSet[i].reason != null) {
+                    document.writeln('<tr><td valign="top" align="right">'+
+                                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                                     'Reason:</font></td>');
+                    document.writeln('<td valign="top" colspan="2">'+
+                                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                    document.writeln(result.recordSet[i].reason +'</font></a></td></tr>');
+                }
+            }
+        } else {
+            if (result.header.requestType == 'getCAChain') {
+                document.writeln('Certificate Chain</font></td></tr>');
+            } else {
+                document.writeln('Certificates</font></td></tr>');
+            }
+            document.writeln('<tr><td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Error:</font></td>');
+            document.writeln('<td valign="top" colspan="2">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('Request contains no certificate to revoke.</font></a></td></tr>');
+        }
+    }
+}
+
+function renderFingerprints()
+{
+    if (result.header.fingerprints  != null) {
+
+        fingerprintValues = result.header.fingerprints.split('+');
+        if (fingerprintValues.length > 0) {
+            document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('Fingerprints</font></td></tr>');
+
+            var i;
+	        for (i = 0; i < fingerprintValues.length; i += 2) {
+                document.writeln('<tr><td valign="top" align="right">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                                 fingerprintValues[i] + ':</font></td>');
+                document.writeln('<td valign="top" colspan="2">'+
+                                 '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                document.writeln(fingerprintValues[i+1] +'</font></a></td></tr>');
+            }
+        }
+    }
+}
+
+function renderPolicyInfo()
+{
+    if ((result.header.status == 'rejected' || result.header.status == 'canceled') && 
+         result.header.errors != null) {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Policy information</font></td></tr>');
+
+        document.writeln('<tr><td valign="top" align="left" colspan="3">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><pre>');
+        document.writeln(result.header.errors);
+        document.writeln('</pre></font></td></tr>');
+    }
+}
+
+function renderLongStrings(value)
+{
+    var len = value.toString().length;
+    if (len > 64 && value.toString().indexOf("\n") > 0) {
+        document.writeln(value.toString().replace(/\n/g, "<br>"));
+    } else if (len > 64) {
+        for (var i = 0; i < len; i += 64) {
+            var n = len;
+            var b = "";
+            if (i+64 < len) {
+                n = i + 64;
+                b = "<br>";
+            }
+            document.writeln(value.toString().substring(i, n)+b);
+        }
+    } else {
+        document.writeln(value);
+    }
+}
+
+function renderNameAndValue(name, value)
+{
+    document.writeln('<tr><td valign="top" align="right">');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(name);
+    document.writeln('</font></td>');
+    document.writeln('<td valign="top" align="left" colspan="2">');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    renderLongStrings(value);
+    document.writeln('</font></td></tr>');
+}
+
+function renderRequestAttrs()
+{
+	document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+	document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+	document.writeln('Unauthenticated Request Attributes</font></td></tr>');
+
+	if (result.header.HTTP_PARAMS.length > 0) {
+		for (var i = 0; i < result.header.HTTP_PARAMS.length; i++) {
+			renderNameAndValue("HTTP_PARAMS."+result.header.HTTP_PARAMS[i].name+":", result.header.HTTP_PARAMS[i].value);
+		}
+	}
+	if (result.header.HTTP_HEADERS.length > 0) {
+		document.writeln("");
+		for (var j = 0; j < result.header.HTTP_HEADERS.length; j++) {
+			renderNameAndValue("HTTP_HEADERS."+result.header.HTTP_HEADERS[j].name+":", result.header.HTTP_HEADERS[j].value);
+		}
+	}
+
+	document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+	document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+	document.writeln('Authenticate Request Attributes (from authentication, policy and other server modules)</font></td></tr>');
+	if (result.header.AUTH_TOKEN.length > 0) {
+		document.writeln("");
+		for (var k = 0; k < result.header.AUTH_TOKEN.length; k++) {
+			if (result.header.AUTH_TOKEN[k].name == 'authtime') {
+				renderNameAndValue("AUTH_TOKEN."+result.header.AUTH_TOKEN[k].name+":",
+					new Date(parseInt(result.header.AUTH_TOKEN[k].value)));
+			} else if (result.header.AUTH_TOKEN[k].name == 'authTime') {
+				continue;
+			} else {
+				renderNameAndValue("AUTH_TOKEN."+result.header.AUTH_TOKEN[k].name+":",
+					result.header.AUTH_TOKEN[k].value);
+			}
+		}
+	}
+	if (result.header.SERVER_ATTRS.length > 0) {
+		document.writeln("");
+		for (var l = 0; l < result.header.SERVER_ATTRS.length; l++) {
+			//if (result.header.SERVER_ATTRS[l].name != 'CERT_INFO')
+			renderNameAndValue(result.header.SERVER_ATTRS[l].name+":", result.header.SERVER_ATTRS[l].value);
+		}
+	}
+
+}
+
+
+function getValue(str, name)
+{
+    var i = str.indexOf(name);
+    var s = "";
+    if (i > -1) {
+        var j = str.indexOf(",", i);
+        if (j > -1) {
+            s += str.substring(i+name.length, j);
+        } else {
+            s += str.substring(i+name.length);
+        }
+        j = s.indexOf("@");
+        if (j > -1) {
+            s = s.substring(0, j);
+        }
+    }
+    return s;
+}
+
+function renderGrantPrivileges()
+{
+    if ((result.header.requestType != 'Enrollment' &&
+         result.header.requestType != 'enrollment') ||
+        result.header.status != 'pending' ||
+        (result.header.ext_ssl_client != "true" &&
+         result.header.ext_ssl_server != "true" &&
+         result.header.ext_email != "true" &&
+         result.header.ext_object_signing != null &&
+         result.header.ext_object_signing == "true"))
+        return;
+
+    var id = "";
+    if (result.header.subject != null) {
+        id = getValue(result.header.subject, "UID=");
+        if (id.length < 1)
+            id = getValue(result.header.subject, "E=");
+    }
+
+	if (result.header.certType == 'ra') {
+		if (result.header.requestTrustedManagerPrivilege != "undefined"  &&
+			result.header.requestTrustedManagerPrivilege == "true") 
+			checked = "CHECKED";
+		else
+			checked = "UNCHECKED";
+
+		document.writeln(
+			'<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+		document.writeln(
+			'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+		document.writeln('Privileges</font></td></tr>');
+		document.writeln('<tr><td valign=top align=right></td>');
+		document.writeln('<td valign="top">'+
+			'<input type=checkbox '+checked+
+				' name="grantTrustedManagerPrivilege">'+
+			'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+			' This certificate is for a Trusted Manager'+
+			'</font></td></tr>');
+		if (id.length < 1) id = "ra" + result.header.seqNum;
+		document.writeln('<tr>'+
+			'<td valign="top" align="right">'+
+			'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+			'New User ID for the Trusted Manager:'+'</font></td>'+ 
+			'<td valign="top" align="left">'+
+			'<input type=text name=grantUID size=15 value="'+id+'">'+
+			'</td></tr>');
+	}
+	else if (result.header.certType == 'client') {
+		document.writeln(
+			'<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+		document.writeln(
+			'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+		document.writeln('Privileges</font></td></tr>');
+		if (typeof(result.header.localca) != "undefined") {
+			document.writeln('<tr><td valign=top align=right></td>'+
+				'<td valign="top">'+
+				'<input type=checkbox name="grantCMAgentPrivilege">'+
+				'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+				' This certificate is for a Certificate Manager agent'+
+				'</font></td></tr>');
+		}
+		if (typeof(result.header.localkra) != "undefined") {
+			document.writeln('<tr><td valign=top align=right></td>'+
+				'<td valign="top">'+
+				'<input type=checkbox name="grantDRMAgentPrivilege">'+
+				'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+				' This certificate is for a Data Recovery Manager agent'+
+				'</font></td></tr>');
+		}
+		if (typeof(result.header.localra) != "undefined") {
+			document.writeln('<tr><td valign=top align=right></td>'+
+				'<td valign="top">'+
+				'<input type=checkbox name="grantRMAgentPrivilege">'+
+				'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+				' This certificate is for a Registration Manager agent'+
+				'</font></td></tr>');
+		}
+		if (id.length < 1) id = "u" + result.header.seqNum;
+		document.writeln('<tr>'+
+			'<td valign="top" align="right">'+
+			'<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+			'New User ID for the agent:'+'</font></td>'+ 
+			'<td valign="top" align="left">'+
+			'<input type=text name="grantUID" size=30 value="'+id+'">'+
+			'</td></tr>');
+	}
+}
+
+function renderFoot()
+{
+    document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+    document.writeln('<tr><td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+
+    document.writeln('<SELECT NAME="toDo">');
+    if (result.header.status == 'pending' &&
+        (result.header.assignedTo == null  ||
+         result.header.assignedTo == result.header.callerName)) {
+        document.writeln('<OPTION VALUE="accept">Accept this request</OPTION>');
+        document.writeln('<OPTION VALUE="cancel">Cancel this request</OPTION>');
+        document.writeln('<OPTION VALUE="reject">Reject this request</OPTION>');
+    } else if (result.header.status == 'svc_pending') {
+        document.writeln('<OPTION VALUE="cancel">Cancel this request</OPTION>');
+    }
+    document.writeln('<OPTION VALUE="clone">Clone this request</OPTION>');
+    document.writeln('</SELECT>&nbsp;&nbsp;');
+
+    document.writeln('<INPUT TYPE="submit" Value="Do It" width="72">&nbsp;&nbsp;');
+
+    // document.writeln('<INPUT TYPE="button" VALUE="Help" width="72"');
+    // document.writeln('onClick="help(\'http://www.redhat.com/docs/manuals/cert-system#Approving Requests\')">');
+    document.writeln('</td></tr></table>');
+}
+
+
+function isblank(s)
+{
+	for (var i=0; i<s.length; i++) {
+		var c = s.charAt(i)
+		if ((c != ' ') && (c != '\n') && (c != '\t') ) return false
+	}
+	return true
+}
+
+function checkSubject()
+{
+    if (document.forms[0].subject != null &&
+        document.forms[0].subject.value != null &&
+        document.forms[0].subject.value.length > 0) {
+
+        var outStr = "";
+        var str = "";
+        var subject = document.forms[0].subject.value;
+        var i0 = subject.indexOf('=');
+        var i1 = 0;
+        var i2 = 0;
+        var i3 = 0;
+        var i4 = 0;
+
+        if (i0 > -1) i0++;
+
+        while (i0 > -1 && i1 > -1) {
+            i1 = subject.indexOf('=', i0+1);
+            if (i1 > -1) {
+                str = subject.substring(i0, i1);
+                i2 = str.indexOf(',');
+                i3 = 0;
+                while (i2 > -1 && i3 > -1) {
+                    i3 = str.indexOf(',', i2+1);
+                    if (i3 > -1 && (i2 < 1 || str.charAt(i2-1) != "\\")) {
+                        outStr += subject.substring(i4, i0+i2);
+                        outStr += "\\";
+                        i4 = i0+i2;
+                    }
+                    i2 = i3;
+                }
+                i0 = i1++;
+            } else {
+                str = subject.substring(i0, subject.length);
+                i2 = str.indexOf(',');
+                while (i2 > -1) {
+                    if (i2 < 1 || str.charAt(i2-1) != "\\") {
+                        outStr += subject.substring(i4, i0+i2);
+                        outStr += "\\";
+                        i4 = i0+i2;
+                    }
+                    i2++;
+                    i2 = str.indexOf(',', i2);
+                }
+            }
+        }
+
+        if (i4 > 0) {
+            outStr += subject.substring(i4, subject.length);
+            document.forms[0].subject.value = outStr;
+        }
+    }
+}
+
+
+function uid_check()
+{
+    if ((result.header.requestType == 'Enrollment' ||
+        result.header.requestType == 'enrollment' ||
+        result.header.requestType == 'renewal') &&
+        result.header.status == 'pending') {
+
+        var t1 = getNotValidBefore();
+        if (t1 == null) return false;
+        var t2 = getNotValidAfter();
+        if (t2 == null) return false;
+        if (t1 > t2) {
+            alert("NOT VALID AFTER date should not be earlier than NOT VALID BEFORE date.");
+            return false;
+        }
+        document.forms[0].notValidBefore.value = t1;
+        document.forms[0].notValidAfter.value = t2;
+
+        if (result.header.pathLenBasicConstraints != null) {
+            if (result.header.caPathLen != null && result.header.caPathLen == 0 &&
+                document.forms[0].toDo.selectedIndex == 0) {
+                alert("This CA is not allowed to sign subordinate CA certificate. "+
+                      "This request has to be canceled or rejected.")
+                return false
+            }
+            if (typeof(document.forms[0].pathLenBasicConstraint) != "undefined") {
+                document.forms[0].pathLenConstraint.value = 
+                    document.forms[0].pathLenBasicConstraint.value;
+                if (document.forms[0].pathLenConstraint.value != "") {
+                    if (isDecimalNumber(document.forms[0].pathLenConstraint.value)) {
+                        document.forms[0].pathLenConstraint.value =
+                            trim(document.forms[0].pathLenConstraint.value);
+                        if (result.header.caPathLen != null && result.header.caPathLen > 0 &&
+                            parseInt(document.forms[0].pathLenConstraint.value) >= result.header.caPathLen) {
+                            alert("Choose integer number from 0 to "+
+                                  (result.header.caPathLen-1)+" for Path Length Constraint")
+                            return false
+                        }
+                    } else {
+                        alert("You must provide non-negative integer number for "+
+                              "Path Length Constraint or leave it empty")
+                        return false
+                    }
+                } else {
+                    if (result.header.caPathLen != null && result.header.caPathLen > 0) {
+                        alert("Choose integer number from 0 to "+
+                              (result.header.caPathLen-1)+" for Path Length Constraint")
+                        return false
+                    } else {
+                        document.forms[0].pathLenConstraint.value = "-1";
+                    }
+                }
+            }
+        }
+
+        checkSubject();
+
+	    if ( result.header.certType == 'ra') {
+		    if (typeof(document.forms[0].grantTrustedManagerPrivilege.checked) != 
+			    "undefined" &&
+		      document.forms[0].grantTrustedManagerPrivilege.checked &&
+		      (document.forms[0].grantUID.value == "" ||
+		       document.forms[0].grantUID.value == null ||
+		       isblank(document.forms[0].grantUID.value)) ) {
+			    alert("You must provide a non-empty UID for the new trusted manager!")
+			    return false
+		    }
+	    } else if (result.header.certType == 'client') {
+		    if (typeof(result.header.localca) != "undefined") {
+			    if (
+			      typeof(document.forms[0].grantCMAgentPrivilege) != "undefined" &&
+			      document.forms[0].grantCMAgentPrivilege.checked &&
+			      (document.forms[0].grantUID.value == "" ||
+			       document.forms[0].grantUID.value == null ||
+			       isblank(document.forms[0].grantUID.value)) ) {
+				    alert("You must provide a non-empty UID for the new Certificate Manager agent!")
+				    return false
+			    } 
+		    } 
+		    if (typeof(result.header.localkra) != "undefined") {
+			    if (
+			      typeof(document.forms[0].grantDRMAgentPrivilege) != "undefined" &&
+			      document.forms[0].grantDRMAgentPrivilege.checked  &&
+			      (document.forms[0].grantUID.value == "" ||
+			       document.forms[0].grantUID.value == null ||
+			       isblank(document.forms[0].grantUID.value)) ) {
+				    alert("You must provide a non-empty UID for the new Data Recovery Manager agent!")
+				    return false
+                            }
+		    }
+		    if (typeof(result.header.localra) != "undefined") {
+              if (
+			      typeof(document.forms[0].grantRMAgentPrivilege) != "undefined" &&
+			      document.forms[0].grantRMAgentPrivilege.checked &&
+			      document.forms[0].grantRMAgentPrivilege.checked && 
+			      (document.forms[0].grantUID.value == "" ||
+			       document.forms[0].grantUID.value == null ||
+			       isblank(document.forms[0].grantUID.value)) ) {
+				    alert("You must provide a non-empty UID for the new Registration Manager agent!")
+				    return false
+			    }
+		    }
+	    }
+    }
+
+	return true
+}
+document.writeln('<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">');
+document.writeln('<font size=+1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Request <a href="/ca/agent/ca/processReq?seqNum='+
+				 result.header.seqNum + '"' +
+				 'onMouseOver=" return helpstatus(\'Click to redisplay this '+
+				 'request \')" onMouseOut="return helpstatus(\'\')">'+
+				 result.header.seqNum + '</a></font>');
+
+document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif">');
+document.writeln('<tr><td>&nbsp;</td></tr></table>');
+
+document.writeln('<FORM ACTION=/ca/processCertReq METHOD=POST ' +
+'onSubmit="return uid_check()">');
+
+document.writeln('<INPUT TYPE="HIDDEN" NAME="seqNum" VALUE="' +
+                 result.header.seqNum + '">');
+
+document.writeln('<INPUT TYPE="HIDDEN" NAME="notValidBefore" VALUE="">');
+document.writeln('<INPUT TYPE="HIDDEN" NAME="notValidAfter" VALUE="">');
+
+if (result.header.csrRequestorName != null) {
+	document.writeln('<INPUT TYPE="HIDDEN" NAME="csrRequestorName" VALUE="' +
+			result.header.csrRequestorName + '">');
+}
+if (result.header.csrRequestorEmail != null) {
+	document.writeln('<INPUT TYPE="HIDDEN" NAME="csrRequestorEmail" VALUE="' +
+			result.header.csrRequestorEmail + '">');
+}
+if (result.header.csrRequestorPhone != null) {
+	document.writeln('<INPUT TYPE="HIDDEN" NAME="csrRequestorPhone" VALUE="' +
+			result.header.csrRequestorPhone + '">');
+}
+
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr align="left">'+
+                 '<td width="15%"></td>'+
+                 '<td width="1%"></td>'+
+                 '<td width="60%"></td></tr>');
+
+renderRequestInfo();
+
+renderRequesterInfo();
+
+renderPublicKeyInfo();
+
+renderValidityInfo();
+
+renderExtensionsInfo();
+
+renderSignatureInfo();
+
+renderFingerprints();
+
+renderRequestAttrs();
+
+renderGrantPrivileges();
+
+renderCertificateInfo();
+
+renderPolicyInfo();
+
+document.writeln('</table><br>&nbsp;');
+
+//renderFoot();
+
+
+document.writeln('</FORM>');
+document.writeln('</BODY>');
+
+//-->
+</SCRIPT>
+
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryBySerial.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryBySerial.html
new file mode 100644
index 000000000..95f8ed653
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryBySerial.html
@@ -0,0 +1,186 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>List Certificates Within a Serial Number Range</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+
+<script type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    var canonicalFrom = "", canonicalTo = "";
+
+    if ( form.serialFrom.value!= "") {
+        canonicalFrom = 
+            trim(form.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isNumber(canonicalFrom, 16)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return;
+        }
+        form.serialFrom.value = canonicalFrom;
+    }
+
+    if ( form.serialTo.value!= "") {
+        canonicalTo = 
+            trim(form.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isNumber(canonicalTo, 16)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return;
+        }
+        form.serialTo.value = canonicalTo;
+    }
+
+    /* Can't do this using parseInt*/
+    /*
+    if (form.serialFrom.value != "" && form.serialTo.value != "" ) {
+        if (parseInt(form.serialFrom.value) > parseInt(form.serialTo.value)) {
+            alert("The low end of the range is larger than the high end.");
+            return;
+        }
+    }
+    */
+
+    if (!form.skipRevoked.checked && !form.skipNonValid.checked) {
+        form.queryCertFilter.value = "(certStatus=*)";
+    } else if (form.skipRevoked.checked && form.skipNonValid.checked) {
+        form.queryCertFilter.value = "(certStatus=VALID)";
+    } else if (form.skipRevoked.checked) {
+        form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+    } else if (form.skipNonValid.checked) {
+        form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))";
+    }
+
+    if (form.serialFrom.value == "") {
+    	form.querySentinelDown.value = "0";
+    } else {
+    	form.querySentinelDown.value = form.serialFrom.value;
+    	form.querySentinelUp.value = form.serialFrom.value;
+    	form.direction.value = "down";
+    }
+    form.op.value = "listCerts";
+    form.submit();
+}
+//-->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">List Certificates</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to list certificates whose serial numbers fall within a specified range.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<form ACTION="listCerts" METHOD=POST>
+  <input TYPE="HIDDEN" NAME="op" VALUE="">
+  <input TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<p>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0>
+  <tr>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      Lowest serial number</font>
+	</td>
+    <td><input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+	  (leave blank for no lower limit)</font>
+	</td>
+  </tr>
+  <tr>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      Highest serial number</font></font></td>
+    <td><input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+	  (leave blank for no upper limit)</font>
+	</td>
+  </tr>
+</table>
+
+<p>
+<input TYPE="CHECKBOX" NAME="skipRevoked">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have been revoked</font>
+<br>
+<input TYPE="CHECKBOX" CHECKED NAME="skipNonValid">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have expired or are not yet valid</font>
+<br>&nbsp;
+<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+	  <input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+      <INPUT TYPE="hidden" NAME="querySentinelDown" VALUE="">
+      <INPUT TYPE="hidden" NAME="querySentinelUp" VALUE="">
+      <INPUT TYPE="hidden" NAME="direction" VALUE="begin">
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="20">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+	  <!-- <input TYPE="button" VALUE="Help" width="72"
+	    onClick="help('http://www.redhat.com/docs/manuals/cert-system#Basic Certificate Listing')"> -->
+	</td>
+  </tr>
+</table>
+</form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryCert.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryCert.html
new file mode 100644
index 000000000..73d59ef30
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryCert.html
@@ -0,0 +1,1543 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Search for Certificates</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search.  Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+    return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        canonicalFrom =
+            trim(document.serialNumberRangeCritForm.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isNumber(canonicalFrom,16)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+    }
+
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        canonicalTo =
+            trim(document.serialNumberRangeCritForm.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isNumber(canonicalTo,16)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+        document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Status</font></b>
+<FORM NAME="statusCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that are 
+<select NAME="status">
+<option value="VALID">VALID
+<option value="INVALID">INVALID
+<option value="REVOKED">REVOKED
+<option value="EXPIRED">EXPIRED
+<option value="REVOKED_EXPIRED">REVOKED & EXPIRED
+</select>
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+<SCRIPT type="text/javascript">
+//<!--
+function statusCritInUse()
+{
+    return document.statusCritForm.inUse.checked;
+}
+function statusRangeCrit()
+{
+      return "(certStatus=" + document.statusCritForm.status.options[document.statusCritForm.status.selectedIndex].value + ")";
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank. 
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank.  Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+    return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+    return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by:</font>&nbsp;
+<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=8>Remove certificate from CRL
+<OPTION VALUE=9>Privilege withdrawn
+<OPTION VALUE=10>AA key compromised
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function revokedByCritInUse()
+{
+    return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+    if (document.revokedByCritForm.revokedBy.value.length == 0) {
+        alert("User id in 'revoked by' filter is empty");
+    	return null;
+    }
+    return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+    return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.revokedOnFrom)) {
+    	from = convertDate(document.revokedOnFrom, 
+			"Start date for revocation time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certRevokedOn>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.revokedOnTo)) {
+    	to = convertDate(document.revokedOnTo, 
+			"End date for revocation time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certRevokedOn<=" + to + ")";
+    }
+  
+    if (from == null && to == null) {
+        alert("You must enter a date for revocation time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Revocation time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+    return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+    var crit = new Array();
+    var sum = null;
+    var next = 0;
+
+    for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+        if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+            crit[next++] = "(x509cert.certRevoInfo="+i+")";
+        }
+    }
+    sum = nsjoin(crit,"");
+    if (next > 1) {
+        sum = "(|" + sum + ")"
+    } else if (next < 1) {
+        alert("You must select at least one revocation reason.");
+        return null;
+    }
+    return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+    return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+    if (document.issuedByCritForm.issuedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+    	return null;
+    }
+    return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+    return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.issuedOnFrom)) {
+    	from = convertDate(document.issuedOnFrom, 
+			"Start date for issue time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certCreateTime>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.issuedOnTo)) {
+    	to = convertDate(document.issuedOnTo, 
+			"End date for issue time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certCreateTime<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for issue time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Issue time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+    return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotBeforeFrom)) {
+    	from = convertDate(document.validNotBeforeFrom, 
+		"Start date for the validity beginning time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotBeforeTo)) {
+    	to = convertDate(document.validNotBeforeTo, 
+		"End date for the validity beginning time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for validity beginning range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Validity beginning time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+    return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotAfterFrom)) {
+    	from = convertDate(document.validNotAfterFrom, 
+		"Start date for the expiration time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509cert.notAfter>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotAfterTo)) {
+    	to = convertDate(document.validNotAfterTo, 
+		"End date for the expiration time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509cert.notAfter<=" + to + ")";
+    }
+    
+    if (from == null && to == null) {
+        alert("You must enter a date for expiration time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Expiration time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a validity period:</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> 
+<OPTION VALUE="31536000000">Year(s)</OPTION> 
+</SELECT> 
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+    return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+   with(document.validityLengthCritForm) {
+	if(!isNumber(count.value,10)) {
+	       alert("Invalid number specified in validity length criterion");
+	       return null;
+	}
+ 
+    return "(x509cert.duration" + 
+    		validityOp.options[validityOp.selectedIndex].value +
+			(count.value * unit.options[unit.selectedIndex].value) +")";
+    }
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT type="text/javascript">
+<!--
+function certTypeCritInUse()
+{
+    return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+    var result = '';
+    var count = 0;
+
+    for (var i = 1; i < document.certTypeCritForm.length; i++) {
+        var sel = document.certTypeCritForm[i].selectedIndex;
+        if (sel > 0) {
+            count++;
+            result += '(x509cert.nsExtension.' +
+                      document.certTypeCritForm[i].name + '='+
+                      document.certTypeCritForm[i].options[sel].value + ')';
+        }
+    }
+    if (count == 0) {
+        alert("At least one of the certificate types must be selected");
+        return null;
+    }
+
+    return result;
+}
+//-->
+</SCRIPT>
+
+<br>
+<SCRIPT type="text/javascript">
+<!--
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    andFilter[critCount++] = "(certRecordId=*)";
+
+    if (serialNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+            return;
+    }	
+    if (statusCritInUse()) {
+        if ((andFilter[critCount++] = statusRangeCrit()) == null)
+            return;
+    }	
+    if (subjectCritInUse()) {
+        if ((andFilter[critCount++] = subjectCrit()) == null)
+            return;
+    }
+
+    if (revokedOnCritInUse()) {
+        if ((andFilter[critCount++] = revokedOnCrit()) == null)
+            return;
+    }
+    if (revokedByCritInUse()) {
+        if ((andFilter[critCount++] = revokedByCrit()) == null)
+            return;
+    }
+    if (revocationReasonCritInUse()) {
+        if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+            return;
+    }
+    if (issuedOnCritInUse()) {
+        if ((andFilter[critCount++] = issuedOnCrit()) == null)
+            return;
+    }
+    if (issuedByCritInUse()) {
+        if ((andFilter[critCount++] = issuedByCrit()) == null)
+            return;
+    }
+    if (validNotBeforeCritInUse()) {
+        if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+            return;
+    }
+    if (validNotAfterCritInUse()) {
+        if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+            return;
+    }
+    if (validityLengthCritInUse()) {
+        if ((andFilter[critCount++] = validityLengthCrit()) == null)
+            return;
+    }
+    if (certTypeCritInUse()) {
+        if ((andFilter[critCount++] = certTypeCrit()) == null)
+            return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+    }
+
+    form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+
+    form.op.value = "listCerts";
+
+    form.submit();	
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="listCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#1009897')"> -->
+	</td>
+  </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryCert.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryCert.template
new file mode 100644
index 000000000..32f30d226
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryCert.template
@@ -0,0 +1,527 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Query Certificate</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 300px;
+  top: 50px;
+  width: 400px;
+  padding: 3px;
+  border: solid;
+  border-width: 2px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+
+
+table#t td {
+  font-size: 0.8em;
+  padding: 0px;
+  margin: 0px;
+}
+
+.r {
+  visibility: visible;
+  background-color: pink;
+}
+
+
+.h {
+  background-color: #eeeeee;
+  font-color: #606060;
+  font-weight: bold;
+}
+
+</STYLE>
+
+<CMS_TEMPLATE>
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function revokeCert(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else if (oid == "1.2.840.10040.4.1")
+	   return "DSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = number;
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+            (dateTmp.getHours()<10?" ;":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+            dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+	return "<FORM METHOD=post "+
+"ACTION='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+serialNumber +"'>\n"+
+"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n";
+}
+
+function renderRevokeButton(serialNumberDecimal)
+{
+	return "<FORM METHOD=post "+
+//"onSubmit='return revokeCert("+serialNumberDecimal+");' "+
+"ACTION='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumberDecimal +"'>\n"+
+"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumberDecimal+"))'>\n"+
+"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+
+"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+
+"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+
+"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+
+"</FORM>\n";
+}
+
+function renderOffHoldButton(serialNumberDecimal)
+{
+	return "<FORM METHOD=post "+
+"ACTION='"+ "doUnrevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "doUnrevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumberDecimal +"'>\n"+
+"<INPUT TYPE=hidden NAME='cmmfResponse' VALUE='true'>\n"+
+"<INPUT TYPE=submit VALUE='Off Hold' width='72'></FORM>\n";
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    return outStr;
+}
+
+function getRevocationReason(revocationReason)
+{
+    var reasons = new Array("Unspecified",
+                            "Key compromised",
+                            "CA key compromised",
+                            "Affiliation changed",
+                            "Certificate superceded",
+                            "Cessation of operation",
+                            "Certificate is on hold",
+                            "Unspecified", // value 7 is not used
+                            "Remove from CRL",
+                            "Privilege withdrawn",
+                            "AA key compromise");
+    if (revocationReason < 0 || revocationReason >= reasons.length)
+        revocationReason = 0;
+    return reasons[revocationReason];
+}
+
+function isRevoked(index)
+{
+  return (recordSet[index].revokedOn != null);
+}
+
+function setNode(table,desc,content,style)
+{
+  var row = table.insertRow(-1);
+  if (style)  {
+    row.className = style;
+  }
+  var cell1 = row.insertCell(-1);
+  var desc_text = document.createTextNode(desc);
+  cell1.appendChild(desc_text); 
+  var cell2 = row.insertCell(-1);
+  var content_text = document.createTextNode(content);
+  cell2.appendChild(content_text);
+}
+
+
+ 
+function mouseover(element,event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var index= element.getAttribute("index");
+  if (index == null) { return false; }
+  var cert = recordSet[index];
+
+  element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+  var v;
+  var e = document.getElementById("certMetaDatadiv");
+
+  var t = document.getElementById("t");
+
+  // delete all the rows in the table
+  var i=0;
+  while (i < t.rows.length) {
+    t.deleteRow(0);
+  }
+
+  setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h");
+  setNode(t,"Version:", cert.version+1);
+  setNode(t,"Certificate Type:",cert.type);
+  setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+
+              " with "+ cert.subjectPublicKeyLength+"-bit key");
+  setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore));
+  setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter));
+  setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn));
+  setNode(t,"Issued By:", cert.issuedBy);
+
+  if (isRevoked(index)) {
+    setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r");
+    setNode(t,"Revoked by:", cert.revokedBy, "r");
+    setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r");
+    assumedheight = 210;
+  } else {
+    assumedheight = 180;
+  }
+
+  e.style.left = x+30 + 'px'; // x-offset of floating div
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px';
+
+  // unhide the window
+  e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+//	window.setTimeout("hide",1);
+  var index= element.getAttribute("index");
+  if (recordSet[index].revokedOn != null) {
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE";
+  } else {
+//     element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE";
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+  }
+        hide();
+}
+
+function hide()
+{
+	document.getElementById("certMetaDatadiv").style.display ="none";
+}
+
+
+function displayCertificateRecord(i, cert)
+{
+	document.write(
+   "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+
+//    "<td width=10%>"+
+//	((cert.serialNumber == result.header.caSerialNumber)? "":
+//	"<input TYPE='CHECKBOX'  NAME=" + cert.serialNumber + ">")+
+//	"</td>" +
+     "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+     renderHexNumber(cert.serialNumber,0) +
+     "</font></td>\n"+
+     "<td width=16%>"+(cert.revokedOn != null ?"revoked":"valid")+"</td>\n"+
+     "<td style='overflow: hidden; white-space: nowrap;'>"+
+     "     <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+     "   <div style='overflow: hidden; white-space: nowrap;'>"+
+     " <a index='"+i+"' href='displayBySerial?op=displayBySerial&serialNumber=0x"+
+           cert.serialNumber+"' onmouseover='mouseover(this,event);' "+
+           "onmouseout='mouseout(this);'>"+
+         cert.subject+"</a></div></font>"+
+     "</td>"+
+     "</tr>\n"
+
+	);
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+	document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n"
+	);
+} else {
+
+	document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>Issuer: " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+	);
+
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+	displayNextForm();
+
+	document.write(
+"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+
+"<tr><td width=18%><td width=16%>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td></tr>\n"+
+
+"<tr bgcolor='#e5e5e5' style='font-weight: bold'>"+
+"<td>\n"+
+//"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+// "Select</font></td>\n"+
+//"<td>\n"+
+ "<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ "Serial number</font></td>\n"+
+
+"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Status</td>\n"+
+
+"<td>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Subject name</font></td>"+
+"</tr>\n");
+
+
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayCertificateRecord(i, result.recordSet[i]);
+	}
+document.write("</table>\n");
+
+	if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) ||
+        (result.header.querySentinelDown != null)) {
+        document.write("<br>&nbsp;\n" +
+            "<table border='0' cellspacing='0' cellpadding='0' background='/graphics/hr.gif' width='100%'>\n"+
+            "<tr><td>&nbsp;</td></tr></table>\n");
+    }
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+
+	if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+		displayRevokeAllForm(result.header.totalRecordCount);
+		document.write("</td><td>\n");
+	}
+
+//	if (result.header.querySentinel != null) {
+		displayNextForm();
+//	}
+
+	document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+	return 	"<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+/*
+* begin - scroll to beginning
+* end - scroll to end
+* down - page down
+* up - page up
+*/
+function doNext(element)
+{
+	var form = element.form;
+//	form.action = "/"+result.header.op;
+        form.action = "/ca/agent/ca/listCerts";
+	form.op.value = result.header.op;
+        form.queryCertFilter.value = result.header.queryCertFilter;
+        form.direction.value= "down";
+
+	if (element.name == "begin") {
+	  form.querySentinelDown.value = 0;
+	  form.direction.value = "begin";
+        } else if (element.name == "end") {
+	  form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1;
+	  form.direction.value = "end";
+        } else if (element.name == "down") {
+	  form.querySentinelDown.value = result.header.querySentinelDown;
+	  form.querySentinelUp.value = result.header.querySentinelUp;
+	  form.direction.value = "down";
+        } else if (element.name == "up") {
+	  form.querySentinelUp.value = result.header.querySentinelUp;
+	  form.querySentinelDown.value = result.header.querySentinelDown;
+	  form.direction.value = "up";
+        }
+
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	if (result.header.revokeAll != null) {
+		form.revokeAll.value = result.header.revokeAll;
+	}
+    if (result.header.queryFilterHash != null) {
+        form.queryFilterHash.value = result.header.queryFilterHash;
+    }
+ form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+//"<div align=center> \n"+
+"<FORM NAME ='nextForm' METHOD=POST ACTION=''>\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+	document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+    document.write(renderHidden("queryFilterHash"));
+}
+var disabledDown = ((result.header.querySentinelDown == null) ||
+                    (result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : "";
+var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME=up onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+
+result.header.queryCertFilter+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+
+result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+
+result.header.querySentinelUp+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
+result.header.serialTo+ "'>\n"+
+"<INPUT TYPE=hidden NAME=direction VALUE='"+
+result.header.direction+ "'>\n"+
+"<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.header.maxCount+ "'>\n"+
+
+"<button "+disabledDown+" NAME=down onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME=end onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+
+function doRevokeAll(form)
+{
+//	form.action =  result.header.serviceURL;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.revokeAll.value = result.header.revokeAll;
+	form.submit();
+}
+
+function displayRevokeAllForm(recordCount)
+{
+//	document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+
+	document.write("<FORM NAME ='revokeAllForm' "+
+		"METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+
+		"ACTION='"+ "/ca/reasonToRevoke" +"'>\n"+
+		"<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+
+		"<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+
+		"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+
+		"<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+
+		"</FORM>\n");
+//		"</FORM></DIV>\n");
+}
+
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+
+<div id="certMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryReq.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryReq.template
new file mode 100644
index 000000000..9fb63a109
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/queryReq.template
@@ -0,0 +1,453 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Request Queue</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 300px;
+  top: 50px;
+  width: 400px;
+  padding: 3px;
+  border: solid;
+  border-width: 2px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+
+
+table#t td {
+  font-size: 0.8em;
+  padding: 0px;
+  margin: 0px;
+}
+
+DIV.subject  A:link {text-decoration: none;}     
+DIV.subject  A:visited {text-decoration: none;}     
+DIV.subject  A:hover {text-decoration: underline;}
+
+.h {
+  background-color: #eeeeee;
+  font-color: #606060;
+  font-weight: bold;
+}
+
+</STYLE>
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Request Queue</font>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/javascript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+            (dateTmp.getHours()<10?" ;":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+            dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function stateCodeToColor(code)
+{
+    if (code == "waiting")
+        return "darkgreen";
+    else if (code == "cancelled" || code == "rejected")
+        return "red";
+    else if (code == "complete")
+        return "black";
+    else 
+        return "magenta";
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var str0 = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            str0 += str.substring(i0, i1);
+            str0 += " ";
+            i0 = i1;
+        } else {
+            str0 += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    i0 = 0;
+    i1 = 0;
+    while (i1 < str0.length) {
+        i1 = str0.indexOf('+', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str0.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str0.substring(i0, str0.length);
+            i1 = str0.length;
+        }
+    }
+
+    return outStr;
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+function renderDetailsButtonForProfile(serialNumber)
+{
+        return '<form method=post '+
+                'action="'+
+                'profileReview' +'">\n'+
+                '<input type=hidden name="requestId" value="'+
+                serialNumber +
+                '">\n'+
+                '<input type=submit value="Details"></form>\n';
+}
+
+function renderDetailsButton(serialNumber)
+{
+        return '<form method=post '+
+                'action="'+
+                '/ca/agent/ca/processReq' +'">\n'+
+                '<input type=hidden name="seqNum" value="'+
+                serialNumber +
+                '">\n'+
+                '<input type=submit value="Details"></form>\n';
+}
+
+function setNode(table,desc,content,style)
+{
+  var row = table.insertRow(-1);
+  if (style)  {
+    row.className = style;
+  }
+  var cell1 = row.insertCell(-1);
+  var desc_text = document.createTextNode(desc);
+  cell1.appendChild(desc_text); 
+  var cell2 = row.insertCell(-1);
+  var content_text = document.createTextNode(content);
+  cell2.appendChild(content_text);
+}
+
+function mouseover(element,event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var index= element.getAttribute("index");
+  if (index == null) { return false; }
+  var req = recordSet[index];
+
+  element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+  var v;
+  var e = document.getElementById("reqMetaDatadiv");
+
+  var t = document.getElementById("t");
+
+  // delete all the rows in the table
+  var i=0;
+  while (i < t.rows.length) {
+    t.deleteRow(0);
+  }
+
+  setNode(t,"Request details for request #", req.seqNum,"h");
+  setNode(t,"Request Type:",req.requestType);
+  setNode(t,"Submitted On:", renderDateFromSecs(req.createdOn));
+  setNode(t,"Updated On:", renderDateFromSecs(req.updatedOn));
+  setNode(t,"Updated By:", req.updatedBy);
+  assumedheight = 120;
+  e.style.left = x+30 + 'px'; // x-offset of floating div
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  e.style.top = y+ offset + window.pageYOffset+ document.body.scrollTop + 'px';
+
+  // unhide the window
+  e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+//	window.setTimeout("hide",1);
+  var index= element.getAttribute("index");
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+
+        hide();
+}
+
+function hide()
+{
+	document.getElementById("reqMetaDatadiv").style.display ="none";
+}
+
+
+function displayRequest(i, req)
+{
+    // request table items
+
+    var url= "";
+    if (req.profile != null && req.profile == 'true') {
+	// profile
+        url = "profileReview?requestId=";
+    } else {
+	// policy
+        url = "/ca/agent/ca/processReq?seqNum=";
+    }
+
+    var link = "<a index='"+i+"' href='"+url+ req.seqNum + "'" +
+ 	" onmouseover='mouseover(this,event);' "+
+           "onmouseout='mouseout(this);'>";
+
+    // request number
+    document.write("<tr><td align=right>"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">"+
+	link + req.seqNum +"</a></font></td>\n");
+
+    //State
+    document.write("<td>"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\" color=\""+
+        stateCodeToColor(req.status) +"\">"+req.status);
+    if (req.status == "complete" && req.Result != null && req.Result != "1") {
+        document.write("d with error");
+    }
+    document.write("</font></td>\n");
+
+    // Assigned to
+    document.write("<td><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\""+
+                   (req.assignedTo == null? " color=\"magenta\"": "")+ ">\n"+
+                   ((req.status != "pending")? "":
+                       (req.assignedTo == null? "unassigned":req.assignedTo))+
+                   "</font></td>");
+
+    //Subject
+    if (req.subject != null) {
+        document.write("<TD colspan=2>\n"+
+            "<div class='subject'><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+	    link+
+            addSpaces(addEscapes(req.subject)) + "</a></font></div></td></tr>\n");
+    } else {
+        document.write("<TD></TD><TD></TD></tr>\n");
+    }
+
+//    document.write("</table>\n");
+}
+
+function displayRequestList()
+{
+    document.write("<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+    if (result.header.error != null) {
+        document.write(result.header.error + "</font>\n");
+    } else if (result.recordSet.length == 0) {
+        document.write("No Matching Request Records Found</font>\n");
+    } else {
+        document.write("Total Number of Records Found : " +
+            result.header.totalRecordCount + "</font></br>\n");
+//            result.header.totalRecordCount + "</font></br>&nbsp;\n");
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+	displayNextForm();
+
+        document.write(
+            "<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+            "<tr><td width=10%>&nbsp;</td>"+
+                "<td width=10%>&nbsp;</td>"+
+                "<td width=20%>&nbsp;</td>"+
+                "<td width=60%>&nbsp;</td>"+
+                "</tr>\n");
+
+    document.write(
+//        "<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+//        "<tr><td width=5%>&nbsp;</td><td width=25%>&nbsp;</td><td width=25%>&nbsp;</td>\n"+
+//        "<td width=25%>&nbsp;</td><td width=20%>&nbsp;</td></tr>\n"+
+        "<TR BGCOLOR=\"#E5E5E5\">\n"+
+        "<TD align=right width=10%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "#</font></TD>\n"+
+        "<TD width=10%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "Status</font></TD>\n"+
+        "<TD width=20%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "Assigned to</font></TD>\n"+
+        "<TD width=60%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "Subject</font></TD></TR>\n"
+    );
+
+	    for(var i = 0; i < result.recordSet.length; ++i ) {
+		    displayRequest(i, result.recordSet[i]);
+	    }
+	    document.write("</table>");
+	    displayNextForm();
+}
+}
+
+function renderHidden(name,value)
+{
+	return 	"<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+
+function doNext(element)
+{
+	var form = element.form;
+        form.action = "queryReq";
+	form.op.value = result.header.op;
+
+	form.direction.value = element.name;
+	form.firstEntryOnPage.value = result.header.firstEntryOnPage;
+	form.lastEntryOnPage.value = result.header.lastEntryOnPage;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+
+	form.submit();
+}
+
+function displayNextForm()
+{
+if (typeof(result.fixed.maxCount) != "undefined") {
+var seqNum=parseInt(result.recordSet[result.recordSet.length-1].seqNum) + 1;
+//alert("in displayNextForm seqNum="+seqNum);
+	document.write(
+//"<div align=center> \n"+
+"<FORM NAME='nextForm' METHOD='POST' ACTION=''>\n"+ renderHidden("op"));
+
+var disabledDown = ((result.fixed.maxCount > result.header.currentRecordCount) ||
+                    (result.header.currentRecordCount == result.header.totalRecordCount)) ?
+                    "disabled='true'" : "";
+var disabledUp = (result.header.firstEntryOnPage != null &&
+                  result.header.firstEntryOnPage <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME='begin' onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME='previous' onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE='hidden' NAME='totalRecordCount' VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='op' VALUE='"+ "queryReq"+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='querySentinelDown' VALUE='"+
+  result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='querySentinelUp' VALUE='"+
+  result.header.querySentinelUp+ "'>\n"+
+
+"<INPUT TYPE='hidden' NAME='firstEntryOnPage' VALUE='"+ 
+  result.header.querySentinelUp +"'>\n"+
+"<INPUT TYPE='hidden' NAME='lastEntryOnPage' VALUE='"+ 
+  result.header.querySentinelDown +"'>\n"+
+"<INPUT TYPE='hidden' NAME='direction' VALUE='"+
+  result.header.direction+ "'>\n");
+
+    if (result.fixed.reqType != null)
+        document.write("<INPUT TYPE='hidden' NAME='reqType' VALUE='" + result.fixed.reqType + "'>\n");
+
+    if (result.fixed.reqState != null)
+        document.write("<INPUT TYPE='hidden' NAME='reqState' VALUE='" + result.fixed.reqState + "'>\n");
+
+    document.write("<INPUT TYPE=\"hidden\" NAME=\"totalRecordCount\" VALUE=\"" + 
+        result.header.totalRecordCount + "\">\n");
+
+    document.write("<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.fixed.maxCount+ "'>\n"+
+"<button "+disabledDown+" NAME='next' onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME='end' onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+}
+
+
+displayRequestList();
+
+//-->
+</SCRIPT>
+
+<div id="reqMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/reasonToRevoke.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/reasonToRevoke.template
new file mode 100644
index 000000000..12c14dfda
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/reasonToRevoke.template
@@ -0,0 +1,481 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<TITLE>Certificate Revocation Confirmation</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+
+<SCRIPT type="text/javascript">
+//<!--
+function validate()
+{
+    var caCert = -1;
+    var filter = "(|";
+    var n = 0;
+
+    if (!dateIsEmpty(document.forms[0])) {
+        var d = convertDate(document.forms[0], "Invalidity Date");
+        if (d == null) return false;
+        document.forms[0].invalidityDate.value = d;
+    }
+
+    for (var i = 0; i < result.recordSet.length; ++i ) {
+        if (result.recordSet[i].serialNumber != null) {
+            for (var j = 0; j < document.forms[0].length; j++) {
+                if (result.recordSet[i].serialNumber ==
+                    document.forms[0].elements[j].name) {
+                    if (document.forms[0].elements[j].checked) {
+                        n++;
+                        filter += "(certRecordId="+
+                                  result.recordSet[i].serialNumberDecimal+")";
+                        if (result.header.caSerialNumber != null &&
+                            result.recordSet[i].serialNumber ==
+                            result.header.caSerialNumber) {
+                            caCert = result.header.caSerialNumber;
+                        }
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    if (n > 0) {
+        filter += ")";
+        document.forms[0].revokeAll.value = filter;
+    } else {
+        alert("No certificate has been selected.");
+        return false;
+    }
+
+    if (caCert > -1) {
+        return confirm("WARNING!!!\n"+
+                       "You are about to do an irreversible operation.\n"+
+                       "Certificate #"+toHex(caCert)+
+                       " belongs to your Certificate Authority.\n"+
+                       "Do you really want to revoke this certificate?");
+    }
+    return true;
+}
+
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+    sign = "-";
+    number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+    absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + '0' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + '0' + number;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year;
+}
+
+function renderCell(cellData)
+{
+    return ("<td><font size=\"-2\" face=\"PrimaSans BT, Verdana, sans-serif\">"+
+            cellData+ "</font></td>\n");
+}
+
+function renderRow(cell1, cell2)
+{
+    var twoCells = renderCell(cell1) + renderCell(cell2);
+    return ("<tr valign=\"TOP\">\n" + twoCells + "</tr>\n");
+}
+
+function renderRowWithCheckbox(serialNumber, cell1, cell2)
+{
+    var allCells = "<td rowspan=4><input TYPE=\"CHECKBOX\" checked NAME=" +
+                   serialNumber + "></td>\n" +
+                   renderCell(cell1) + renderCell(cell2);
+    return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function renderRowWithoutCheckbox(cell1, cell2)
+{
+    var allCells = "<td rowspan=4>&nbsp;</td>\n" +
+                   renderCell(cell1) + renderCell(cell2);
+    return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    return outStr;
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+function displayCertInfo()
+{
+    document.write("<table border=\"0\" cellspacing=\"2\">");
+    for (var i = 0; i < result.recordSet.length; ++i ) {
+        if (result.recordSet[i].serialNumber != null) {
+            if (result.header.caSerialNumber != null &&
+                result.recordSet[i].serialNumber ==
+                result.header.caSerialNumber) {
+                document.write(renderRowWithoutCheckbox("Serial Number:",
+                               toHex(result.recordSet[i].serialNumber)));
+            } else {
+                document.write(renderRowWithCheckbox(
+                               result.recordSet[i].serialNumber,
+                               "Serial Number:",
+                               toHex(result.recordSet[i].serialNumber)));
+            }
+        }
+        if (result.recordSet[i].subject != null) {
+            document.write(renderRow("Subject Name:",
+                                     addSpaces(addEscapes(result.recordSet[i].subject))));
+        }
+        if ((result.recordSet[i].validNotBefore != null) &&
+            (result.recordSet[i].validNotAfter != null)) {
+            validity = 'not before: '+
+                       renderDateFromSecs(result.recordSet[i].validNotBefore) +
+                       '&nbsp;&nbsp;and not after: ' +
+                       renderDateFromSecs(result.recordSet[i].validNotAfter);
+            document.write(renderRow("Valid:", validity));
+        }
+        document.write(renderRow(" ", " "));
+    }
+    document.write("</table>");
+}
+
+function renderReason()
+{
+    var reason = new Array("Unspecified",
+                           "Key compromised",
+                           "CA key compromised",
+                           "Affiliation changed",
+                           "Certificate superseded",
+                           "Cessation of operation",
+                           "Certificate is on hold",
+                           "Privilege Withdrawn");
+    document.write("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n");
+    for (var i = 0; i < reason.length; i++) {
+        document.write("<tr><td width=\"1%\">\n");
+        document.write("<input type=\"RADIO\"");
+        if ((result.header.reason != null && result.header.reason == i) ||
+            (i == 0 && result.header.reason == null)) {
+            document.write(" checked");
+        }
+        if (i > 6) {  // value 7 is not used
+            document.write(" name=\"revocationReason\" value=\""+(i+2)+"\">\n");
+        } else {
+            document.write(" name=\"revocationReason\" value=\""+i+"\">\n");
+        }
+        document.write("</td><td width=\"99%\">\n");
+        document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+        document.write(reason[i]+"</font></td></tr>\n");
+    }
+    document.write("</table>\n");
+}
+//-->
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Revocation Confirmation</font><br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to confirm certificate revocation by selecting appropriate
+revocation reason and submitting the form.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP">
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this
+      request you must use the browser environment in which you have access to your authentication certificate and key. </font></td>
+  </tr>
+</table>
+<br><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<b>Certificate Details</b><br>
+The details of the certificate being revoked are below:
+</font>
+
+<form method="post" action="doRevoke" onSubmit="return validate()">
+
+<SCRIPT type="text/javascript">
+//<!--
+if (result.recordSet.length == 0) {
+    document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+                   "No Matching Certificates Found</font><br><br>\n");
+} else {
+    displayCertInfo();
+}
+//-->
+</SCRIPT>
+<br>
+
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr>
+      <td valign="TOP" colspan="2">
+        <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Select Invalidity Date</font></b><br>
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Please select the date on which it is known or suspected that the private key
+        was compromised or that the certificate otherwise became invalid.</font>
+      </td>
+    </tr>
+    <tr>
+      <td valign="TOP" colspan="2">
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Invalidity date:&nbsp;
+        <SELECT NAME="day">
+          <OPTION VALUE=0>
+          <OPTION VALUE=1>1
+          <OPTION VALUE=2>2
+          <OPTION VALUE=3>3
+          <OPTION VALUE=4>4
+          <OPTION VALUE=5>5
+          <OPTION VALUE=6>6
+          <OPTION VALUE=7>7
+          <OPTION VALUE=8>8
+          <OPTION VALUE=9>9
+          <OPTION VALUE=10>10
+          <OPTION VALUE=11>11
+          <OPTION VALUE=12>12
+          <OPTION VALUE=13>13
+          <OPTION VALUE=14>14
+          <OPTION VALUE=15>15
+          <OPTION VALUE=16>16
+          <OPTION VALUE=17>17
+          <OPTION VALUE=18>18
+          <OPTION VALUE=19>19
+          <OPTION VALUE=20>20
+          <OPTION VALUE=21>21
+          <OPTION VALUE=22>22
+          <OPTION VALUE=23>23
+          <OPTION VALUE=24>24
+          <OPTION VALUE=25>25
+          <OPTION VALUE=26>26
+          <OPTION VALUE=27>27
+          <OPTION VALUE=28>28
+          <OPTION VALUE=29>29
+          <OPTION VALUE=30>30
+          <OPTION VALUE=31>31
+        </SELECT>
+        <SELECT NAME="month">
+          <OPTION VALUE=13>
+          <OPTION VALUE=0>January
+          <OPTION VALUE=1>February
+          <OPTION VALUE=2>March
+          <OPTION VALUE=3>April
+          <OPTION VALUE=4>May
+          <OPTION VALUE=5>June
+          <OPTION VALUE=6>July
+          <OPTION VALUE=7>August
+          <OPTION VALUE=8>September
+          <OPTION VALUE=9>October
+          <OPTION VALUE=10>November
+          <OPTION VALUE=11>December
+        </SELECT>
+        <SELECT NAME="year">
+          <OPTION VALUE=0>
+<SCRIPT type="text/javascript">
+//<!--
+    var today = new Date();
+    var year = today.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    for (var i = year-7; i < year+5; i++) {
+        document.writeln("<OPTION VALUE="+i+">"+i);
+    }
+//-->
+</SCRIPT>
+        </SELECT>
+        <br>&nbsp;
+        </font>
+      </td>
+    </tr>
+    <tr>
+      <td valign="TOP" colspan="2">
+        <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Select Revocation Reason</font></b><br>
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Please select reason for revocation.</font>
+      </td>
+    </tr>
+    <tr>
+      <td>
+<SCRIPT type="text/javascript">
+//<!--
+    renderReason();
+//-->
+</SCRIPT>
+<br>
+      </td>
+    </tr>
+    <tr>
+      <td colspan="2">
+        <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        <b>Additional Comments</b><br>
+        If you want to include any additional comments in your revocation request, write them here.
+        </font>
+      </td>
+    </tr>
+    <tr>
+      <td> 
+        <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea>
+      </td>
+    </tr>
+  </table>
+  <br>
+
+<SCRIPT type="text/javascript">
+//<!--
+//var caCert = isOnTheListToBeRevoked(result.header.caSerialNumber);
+var caCert = -1;
+if (caCert > -1) {
+    document.write("<font size=\"-1\" color=\"red\" "+
+                   "face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+                   "<b>WARNING!!!</b><br>"+
+                   "You are about to do an irreversible operation.<br>"+
+                   "Certificate #"+toHex(caCert)+
+                   " belongs to your Certificate Authority.<br>"+
+                   "Do you really want to revoke this certificate?"+
+                   "</font><br>&nbsp;<br>&nbsp;\n");
+}
+
+function isOnTheListToBeRevoked(serialNumber)
+{
+    if (result.recordSet.length > 0 && serialNumber != null) {
+        for (var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].serialNumber != null) {
+                if (result.recordSet[i].serialNumber == serialNumber) {
+                   return serialNumber;
+                }
+            }
+        }
+    }
+    return (-1);
+}
+
+function revokeCert(serialNumber)
+{
+    return confirm("WARNING!!! You are about to do an irreversible operation.\n"+
+                   "Certificate # "+ toHex(serialNumber)+
+                   " belongs to your Certificate Authority."+
+                   "Do you really want to revoke this certificate ?");
+}
+//-->
+</SCRIPT>
+
+  <table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+    <tr>
+      <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+        <input type="submit" value="Submit" name="submit" width="72">&nbsp;&nbsp;
+        <input type="hidden" name="op" value="doRevoke">
+        <input type="hidden" name="templateType" value="RevocationSuccess">
+        <input type="reset" value="Reset" name="reset" width="72">&nbsp;&nbsp;
+        <!-- <input type="button" value="Help" width="72"
+            onClick="help('http://www.redhat.com/docs/manuals/cert-system#Confirming a Revocation')"> -->
+<SCRIPT type="text/javascript">
+//<!--
+
+        for (var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].serialNumber != null) {
+                document.writeln("<INPUT TYPE=hidden name=serialNumber value=\"" +
+                         result.recordSet[i].serialNumber +"\">");
+            }
+        }
+        document.writeln("<INPUT TYPE=hidden name=revokeAll value=\"" +
+                         result.header.revokeAll +"\">");
+        document.writeln("<INPUT TYPE=hidden name=totalRecordCount value=\"" +
+                         result.header.totalRecordCount +"\">");
+        document.writeln("<INPUT TYPE=hidden name=verifiedRecordCount value=\"" +
+                         result.header.verifiedRecordCount +"\">");
+        document.writeln("<INPUT TYPE=hidden name=invalidityDate value=\"0\">");
+        if (result.header.request != null) {
+            document.writeln("<INPUT TYPE=hidden name=requestId value=\"" +
+                             result.header.request +"\">");
+        }
+        if (result.header.b64eCertificate != null) {
+            document.writeln("<INPUT TYPE=hidden name=b64eCertificate value=\"" +
+                             result.header.b64eCertificate +"\">");
+        }
+        if (typeof(result.header.nonce) != "undefined") {
+            document.writeln("<INPUT TYPE=hidden name=nonce value=\"" +
+                              result.header.nonce +"\">");
+        }
+//-->
+</SCRIPT>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/revocationResult.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/revocationResult.template
new file mode 100644
index 000000000..bd356841d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/revocationResult.template
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Revocation Result</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT type="text/javascript">
+//<!--
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + number;
+}
+
+if (result.header.revoked == 'yes') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Certificate Revocation Has Been Completed</font><br><br>');
+    if (result.recordSet.length == 0 && result.header.totalRecordCount > 0) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.write('All requested certificates were already revoked.');
+        document.writeln('</font><br>');
+    } else if (result.recordSet.length == 1) {
+        if (result.recordSet[0].error == null) {
+  	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Certificate with serial number <b>' +
+                             toHex(result.recordSet[0].serialNumber) +
+                             '</b> has been revoked.');
+            document.writeln('</font><br>');
+
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.header.updateCRL && result.header.updateCRL == "yes") {
+                if (result.header.updateCRLSuccess != null &&
+                    result.header.updateCRLSuccess == "yes") {
+                    document.writeln('The Certificate Revocation List has been successfully updated.');
+                } else {
+                    document.writeln('The Certificate Revocation List update Failed');
+                    if (result.header.updateCRLSuccess != null)
+                        document.writeln(' with error '+ result.header.updateCRLError);
+                    else
+                        document.writeln('. No further details provided.');
+                }
+            } else {
+                document.writeln(
+                    'The Certificate Revocation List will be updated '+
+                    'automatically at the next scheduled update.');
+            }
+            document.writeln('</font><br>');
+/*
+            if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+       	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                if (result.header.certsUpdated > 0) {
+                    document.write('Directory has been successfully updated.');
+                } else {
+                    document.write('Directory has not been updated.  See log files for more details.');
+                }
+                document.writeln('</font><br>');
+            }
+*/
+        } else {
+  	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Certificate with serial number <b>' +
+                             toHex(result.recordSet[0].serialNumber) +
+                             '</b> is not revoked.<br><br>');
+            document.writeln('Additional Information:');
+            document.writeln('</font>');
+            document.writeln('<blockquote>');
+  	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(result.recordSet[0].error);
+            document.writeln('</font>');
+            document.writeln('</blockquote>');
+        }
+    } else if (result.recordSet.length > 1) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.write('The following certificates were processed to complete revocation request:');
+        document.writeln('</font>');
+
+        document.writeln('<blockquote>');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        var revokedCerts = 0;
+        for(var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].error == null) {
+                revokedCerts++;
+                document.writeln(toHex(result.recordSet[i].serialNumber) + ' - revoked<BR>\n');
+            } else {
+                document.write(toHex(result.recordSet[i].serialNumber) + ' - failed');
+                if (result.recordSet[i].error != null)
+                    document.write(': ' + result.recordSet[i].error);
+                document.writeln('<BR>\n');
+            }
+        }
+        document.writeln('</font>');
+        document.write('</blockquote>');
+
+        if (revokedCerts > 0 && result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+       	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.header.updateCRL && result.header.updateCRL == "yes") {
+                if (result.header.updateCRLSuccess != null &&
+                    result.header.updateCRLSuccess == "yes") {
+                    document.writeln('The Certificate Revocation List has been successfully updated.');
+                } else {
+                    document.writeln('The Certificate Revocation List update Failed');
+                    if (result.header.updateCRLSuccess != null)
+                        document.writeln(' with error '+
+                                         result.header.updateCRLError);
+                    else
+                        document.writeln('. No further details provided.');
+                }
+            } else {
+                document.writeln(
+                    'The Certificate Revocation List will be updated '+
+                    'automatically at the next scheduled update.');
+            }
+            document.writeln('<br>');
+/*
+            if (result.header.certsUpdated > 0) {
+                if (result.header.certsUpdated == result.header.certsToUpdate) {
+                    document.write('Directory has been successfully updated.');
+                } else {
+                    document.write('Directory has been partially updated.  See log files for more details.');
+                }
+            } else {
+                document.write('Directory has not been updated.  See log files for more details.');
+            }
+*/
+            document.writeln('</font><br>');
+        }
+    }
+} else if (result.header.revoked == 'pending') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Revocation Request Has Been Submitted</font><br><br>');
+} else if (result.header.revoked == 'rejected') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Certificate Revocation Has Been Rejected</font><br><br>');
+    if (result.header.error != null) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+        document.writeln('<blockquote>');
+	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+} else {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Revocation Request Cannot Be Completed</font><br><br>');
+    if (result.header.error != null) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+        document.writeln('<blockquote>');
+	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/revokeBySerial.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/revokeBySerial.template
new file mode 100644
index 000000000..cae2a93da
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/revokeBySerial.template
@@ -0,0 +1,88 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Certificate Revocation Result </TITLE></HEAD>
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<center><h2><b> Certificate Revocation Result</b></h2></center>
+<p>
+<SCRIPT type="text/javascript">
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+with (result.header) {
+	if (revoked == 'yes') {
+		document.write('Certificate with serial number ' + toHex(serialNumber) + ' has been marked revoked.');
+		if (updateCRL == 'yes') {
+			if (updateCRLSuccess == 'yes') {
+				document.write('<p>The Certificate Revocation List has also been updated.');
+			} else {
+				document.write('<p><b> Note: Update of Certificate Revocation List Failed!.</b>');
+			}
+		} else {
+			document.write('<p><b> Note: Certificate Revocation List was not updated.</b>');
+		}
+    } else {
+        document.write('<p><b>Certificate with serial number ' + toHex(serialNumber) + ' has not been revoked.</b>');
+		if (error != null) {
+			document.write('<p>Additional Information:<p>');
+			document.write('<blockquote><b>');
+			document.write(error);
+			document.write('</b></blockquote>');
+		}
+    }
+
+    if (dirConfigured == 'yes') {
+		document.write('<h4>Update Directory Server Result</h4>');
+		document.write('<b>'+numRevUpdated+'</b> out of ');
+		document.write('<b>'+numRevToUpdate+'</b> revoked certificates ');
+		document.write('were removed from the Directory Server.<br>');
+		if (numRevUpdated != numRevToUpdate) {
+                        document.write('<b>Note:</b> The Certificate System logs may contain more information on ones that could not be removed.<p>');
+		} 
+		if (updateCRL == 'yes') {
+			if (dirUpdateCrlStatus == 'Success') {
+			document.write('The new Certificate Revocation List has been published in the Directory Server.<p>');
+			} else {
+			document.write('<b>Note:</b> The new Certificate Revocation List could not be published in the Directory Server. <br><b>Error returned:</b> ');
+			document.write(dirUpdateCrlStatus);
+			document.write('<p>');
+			}
+		} else {
+			document.write('<b>Note:</b> No new Certificate Revocation List to update the Directory Server.');
+		}
+    }
+}
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/revokeCert.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/revokeCert.html
new file mode 100644
index 000000000..c20c949ed
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/revokeCert.html
@@ -0,0 +1,1086 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Revoke Certificates</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<script type="text/javascript" SRC="/ca/agent/funcs.js"></script>
+<script type="text/javascript" SRC="/ca/agent/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke Certificates</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to revoke a set of certificates determined by one
+or more properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the set of certificates to be revoked.
+Check the box at the top of the section if you want to use that
+filter in your search, then complete the fields.  Leave a box
+unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+<p>
+You will be given a chance to examine the certificates before
+they are revoked.
+</font>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form
+(starting with 0x, as in the certificate list), or in decimal form.
+</font>
+
+<SCRIPT type="text/javascript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+    return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        canonicalFrom =
+            trim(document.serialNumberRangeCritForm.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isNumber(canonicalFrom,16)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+    }
+
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        canonicalTo =
+            trim(document.serialNumberRangeCritForm.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isNumber(canonicalTo,16)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+        document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Email address:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Common name:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">User ID:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization unit:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Organization:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Locality:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Country:</font>
+</td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">Exact</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">Partial</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank. 
+<br><br>
+Exact match method revokes certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank.  Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method revokes certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+
+<SCRIPT type="text/javascript">
+<!--
+function subjectCritInUse()
+{
+    return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+    return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse">
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued by:</font>&nbsp;
+<INPUT TYPE="text" NAME="issuedBy" SIZE=10></td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates issued during the period:</font>
+</td>
+</FORM>
+<tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function issuedByCritInUse()
+{
+    return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+    if (document.issuedByCritForm.issuedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+        return null;
+    }
+    return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+    return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.issuedOnFrom)) {
+        from = convertDate(document.issuedOnFrom, 
+                           "Start date for issue time range criterion");
+        if (from == null) return null;
+        crit[next++] = "(certCreateTime>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.issuedOnTo)) {
+        to = convertDate(document.issuedOnTo, 
+                         "End date for issue time range criterion");
+        if (to == null) return null;
+        crit[next++] = "(certCreateTime<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for issue time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+        alert("Invalid issuance time range");
+		return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates effective during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotBeforeCritInUse()
+{
+    return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotBeforeFrom)) {
+        from = convertDate(document.validNotBeforeFrom, 
+               "Start date for the validity beginning time range criterion");
+        if (from == null) return null;
+        crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotBeforeTo)) {
+        to = convertDate(document.validNotBeforeTo, 
+             "End date for the validity beginning time range criterion");
+        if (to == null) return null;
+        crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for validity beginning range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+        alert("Invalid effective time range");
+		return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates expire during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validNotAfterCritInUse()
+{
+    return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotAfterFrom)) {
+        from = convertDate(document.validNotAfterFrom, 
+               "Start date for the expiration time range criterion");
+        if (from == null) return null;
+        crit[next++] = "(x509cert.notAfter>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotAfterTo)) {
+        to = convertDate(document.validNotAfterTo, 
+             "End date for the expiration time range criterion");
+        if (to == null) return null;
+        crit[next++] = "(x509cert.notAfter<=" + to + ")";
+    }
+    
+    if (from == null && to == null) {
+        alert("You must enter a date for the expiration time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+        alert("Expiration time range specified is empty");
+        return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Revoke certificates with a validity period:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> 
+<OPTION VALUE="31536000000">Year(s)</OPTION> 
+</SELECT> 
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+function validityLengthCritInUse()
+{
+    return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+    with(document.validityLengthCritForm) {
+
+    if (!isNumber(count.value,10)) {
+        alert("Invalid number specified in validity length criterion");
+        return null;
+    }
+ 
+    return "(x509cert.duration" + 
+           validityOp.options[validityOp.selectedIndex].value +
+           (count.value * unit.options[unit.selectedIndex].value) +")";
+    }
+}
+
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    andFilter[critCount++] = "(certRecordId=*)";
+
+    if (serialNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+            return;
+    }	
+    if (subjectCritInUse()) {
+        if ((andFilter[critCount++] = subjectCrit()) == null)
+            return;
+    }
+    if (issuedOnCritInUse()) {
+        if ((andFilter[critCount++] = issuedOnCrit()) == null)
+            return;
+    }
+    if (issuedByCritInUse()) {
+        if ((andFilter[critCount++] = issuedByCrit()) == null)
+            return;
+    }
+    if (validNotBeforeCritInUse()) {
+        if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+            return;
+    }
+    if (validNotAfterCritInUse()) {
+        if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+        return;
+    }
+    if (validityLengthCritInUse()) {
+        if ((andFilter[critCount++] = validityLengthCrit()) == null)
+            return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+    }
+
+    andFilter[critCount++] = "(certStatus=VALID)";
+
+    form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+    form.revokeAll.value = form.queryCertFilter.value;
+
+    form.op.value = "listCerts";
+    form.submit();
+}
+//-->
+</SCRIPT>
+
+<br>&nbsp;
+
+<FORM NAME="queryForm" ACTION="listCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokeAll" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" BACKGROUND="/ca/agent/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+     <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#1011030')"> -->
+	</td>
+  </tr>
+</table>
+
+</form>
+
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/srchCert.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/srchCert.template
new file mode 100644
index 000000000..fcaa1adf8
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/srchCert.template
@@ -0,0 +1,435 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/agent/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/javascript">
+//<!--
+var onHoldCounter = 0;
+var onHoldList = "";
+var canRevokeCounter = 0;
+var canRevokeList = "";
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function revokeCert(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else if (oid == "1.2.840.10040.4.1")
+	   return "DSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = number;
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+"&nbsp;"+
+            (dateTmp.getHours()<10?"&nbsp;":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+            dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+	return "<FORM METHOD=post "+
+"ACTION=\""+ "displayBySerial" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "displayBySerial" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ "0x"+serialNumber +"\">\n"+
+"<INPUT TYPE=submit VALUE=\"Details\" width=\"72\"></FORM>\n";
+}
+
+function renderRevokeButton(serialNumberDecimal)
+{
+    canRevokeList += "(certRecordId="+serialNumberDecimal+")";
+    canRevokeCounter++;
+	return "<FORM METHOD=post "+
+//"onSubmit=\"return revokeCert("+serialNumberDecimal+");\" "+
+"ACTION=\""+ "reasonToRevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "reasonToRevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ serialNumberDecimal +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"revokeAll\" VALUE=\"(&(certRecordId="+serialNumberDecimal+"))\">\n"+
+"<INPUT TYPE=hidden NAME=\"totalRecordCount\" VALUE=\"1\">\n"+
+"<INPUT TYPE=hidden NAME=\"commit\" VALUE=\"yes\">"+
+"<INPUT TYPE=hidden NAME=\"updateCRL\" VALUE=\"yes\">"+
+"<INPUT TYPE=submit VALUE=\"Revoke\" width=\"72\">"+
+"</FORM>\n";
+}
+
+function renderOffHoldButton(serialNumberDecimal)
+{
+    if (onHoldCounter > 0) onHoldList += " ";
+    onHoldCounter++;
+    onHoldList += serialNumberDecimal;
+	return "<FORM METHOD=post "+
+"ACTION=\""+ "doUnrevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "doUnrevoke" +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ serialNumberDecimal +"\">\n"+
+"<INPUT TYPE=hidden NAME=\"cmmfResponse\" VALUE=\"true\">\n"+
+"<INPUT TYPE=submit VALUE=\"Off Hold\" width=\"72\"></FORM>\n";
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    return outStr;
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+function getRevocationReason(revocationReason)
+{
+    var reasons = new Array("Unspecified",
+                            "Key compromised",
+                            "CA key compromised",
+                            "Affiliation changed",
+                            "Certificate superceded",
+                            "Cessation of operation",
+                            "Certificate is on hold",
+                            "Unspecified", // value 7 is not used
+                            "Remove from CRL",
+                            "Privilege withdrawn",
+                            "AA key compromise");
+    if (revocationReason < 0 || revocationReason >= reasons.length)
+        revocationReason = 0;
+    return reasons[revocationReason];
+}
+
+function displayCertificateRecord(cert)
+{
+	document.write(
+"<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+"<tr><td width=18%>&nbsp;</td><td width=41%>&nbsp;</td><td width=41%>&nbsp;</td></tr>\n"+
+
+"<tr bgcolor=\"#e5e5e5\"><td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Serial number</font></td>\n"+
+"<td colspan=\"2\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Subject name</font></td></tr>\n"+
+"<tr><td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"<a href=\"displayBySerial?op=displayBySerial&serialNumber=0x"+ cert.serialNumber + "\">"+renderHexNumber(cert.serialNumber,8) +"</a></font></td>\n"+
+"<td colspan=\"2\"><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+addSpaces(addEscapes(cert.subject)) +"</font></td></tr>\n"+
+
+"<tr bgcolor=\"#e5e5e5\"><td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Version</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Certificate Type</font></td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Subject public key algorithm</font></td></tr>\n"+
+"<tr><td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+(cert.version+1) +"</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+(cert.type) +"</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderOidName(cert.subjectPublicKeyAlgorithm) +
+(cert.subjectPublicKeyLength != null ?
+  " with "+cert.subjectPublicKeyLength+"-bit key" : "")+
+"</font></td></tr>\n"+
+
+"<tr><td rowspan=\"2\">" +renderDetailsButton(cert.serialNumber)+ "</td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Not valid before</font></td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Not valid after</font></td></tr>\n"+
+
+"<tr>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderDateFromSecs(cert.validNotBefore) + "</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderDateFromSecs(cert.validNotAfter)+ "</font></td></tr>\n"+
+
+"<tr><td rowspan=\"2\">"+
+(cert.revokedOn == null && cert.serialNumber != result.header.caSerialNumber?
+    renderRevokeButton(cert.serialNumberDecimal):
+    (cert.revocationReason != null && cert.revocationReason == 6?
+        renderOffHoldButton(cert.serialNumberDecimal): "&nbsp;"))+
+"</td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Issued on</font></td>\n"+
+"<td bgcolor=\"#e5e5e5\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Issued by</font></td></tr>\n"+
+
+"<tr>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+renderDateFromSecs(cert.issuedOn) + "</font></td>\n"+
+"<td>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+cert.issuedBy + "</font></td></tr>\n"+
+
+(cert.revokedOn != null ?
+	"<tr><td></td>\n"+
+	"<td bgcolor=\"#e5e5e5\"><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+	"Revoked on</font></td>\n"+ 
+	"<td bgcolor=\"#e5e5e5\"><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+	"Revoked by</font></td></tr>\n"+
+	"<tr><td></td>\n"+
+	"<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+	renderDateFromSecs(cert.revokedOn)+	"</font></td>\n"+
+	"<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+	 cert.revokedBy + "</font></td></tr>\n"  : "") +
+(cert.revocationReason != null ?
+        "<tr><td></td>\n"+
+        "<td bgcolor=\"#e5e5e5\" colspan=\"2\">"+
+	"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+	"Revocation Reason</font></td></tr>\n"+
+        "<tr><td></td>\n"+
+        "<td colspan=\"2\">"+
+        "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\" color=\"red\">"+
+        getRevocationReason(cert.revocationReason)+"</font></td></tr>\n" : "") +
+
+"</table>\n"
+	);
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+	document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">No Matching Certificates Found</font>\n"
+	);
+} else {
+
+	document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">Issuer: " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+	);
+   if (result.header.totalRecordCount == result.header.maxSize) {
+        document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"(Maximum size reached)"+
+"</font>\n"
+        );
+    }
+
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayCertificateRecord(result.recordSet[i]);
+	}
+	if (((result.header.revokeAll != null || onHoldCounter > 1 || canRevokeCounter > 1) &&
+         result.header.totalRecordCount > 1) ||
+        (result.header.querySentinel != null)) {
+        document.write("<br>&nbsp;\n" +
+            "<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\" background=\"/ca/agent/graphics/hr.gif\" width=\"100%\">\n"+
+            "<tr><td>&nbsp;</td></tr></table>\n");
+    }
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH=\"100%\">\n"+
+		"<tr align=center><td>\n");
+
+	if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+		displayRevokeAllForm(result.header.totalRecordCount, result.header.revokeAll);
+	} else if (result.header.totalRecordCount > 1) {
+        if (canRevokeCounter > 1) {
+            canRevokeList = "(|"+canRevokeList+")";
+    		displayRevokeAllForm(canRevokeCounter, canRevokeList);
+        }
+        if (onHoldCounter > 1) {
+		    displayReleaseAllForm();
+	    }
+	}
+
+	if (result.header.querySentinel != null) {
+		displayNextForm();
+	}
+
+	document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+	return 	"<INPUT TYPE=\"hidden\" NAME=\""+ name +"\" VALUE=\"\">\n";
+}
+
+function doNext(form)
+{
+	//form.action = "/ca"+result.header.op;
+	form.action = "listCerts";
+	form.op.value = result.header.op;
+	form.queryCertFilter.value = result.header.queryCertFilter;
+	if (result.header.revokeAll != null) {
+		form.revokeAll.value = result.header.revokeAll;
+	}
+    if (result.header.queryFilterHash != null) {
+        form.queryFilterHash.value = result.header.queryFilterHash;
+    }
+	// form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+//"<div align=center> \n"+
+"<FORM NAME =\"nextForm\" METHOD=POST onSubmit=\"doNext(nextForm);\" "+
+"ACTION=\"\">\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+	document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+    document.write(renderHidden("queryFilterHash"));
+}
+
+document.write("<INPUT TYPE=submit VALUE=\"Find\" width=\"72\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"&nbsp;next</font>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE=\""+
+result.header.totalRecordCount+ "\">\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE=\""+
+result.header.queryCertFilter+ "\">\n"+
+"<INPUT TYPE=hidden NAME=querySentinel VALUE=\""+
+result.header.querySentinel+ "\">\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE=\""+
+result.header.serialTo+ "\">\n"+
+"<INPUT TYPE=text SIZE=4 MAXLENGTH=99 NAME=maxCount VALUE=\""+
+result.header.maxCount+ "\">\n"+
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"&nbsp;record(s)</font>\n"+
+"</FORM>\n");
+//"</FORM></DIV>\n");
+}
+
+function displayRevokeAllForm(recordCount, revokeAllFilter)
+{
+//	document.write("<DIV align=center><FORM NAME =\"revokeAllForm\" "+
+	document.write("<FORM NAME =\"revokeAllForm\" "+
+		"METHOD=POST "+
+		"ACTION=\""+ "/ca/agent/ca/reasonToRevoke" +"\">\n"+
+		"<INPUT TYPE=hidden NAME=\"op\" VALUE=\"reasonToRevoke\">\n"+
+		"<INPUT TYPE=hidden NAME=\"revokeAll\" VALUE=\""+ revokeAllFilter +"\">\n"+
+		"<INPUT TYPE=hidden NAME=\"totalRecordCount\" VALUE=\""+ recordCount +"\">\n"+
+		"<INPUT TYPE=submit VALUE=\"Revoke ALL "+ recordCount +" Certificates\">\n"+
+		"</FORM>\n");
+//		"</FORM></DIV>\n");
+}
+
+function displayReleaseAllForm()
+{
+	document.write("<FORM NAME =\"releaseAllForm\" "+
+        "METHOD=post "+
+        "ACTION=\""+ "/ca/agent/ca/doUnrevoke" +"\">\n"+
+        "<INPUT TYPE=hidden NAME=\"op\" VALUE=\""+ "doUnrevoke" +"\">\n"+
+        "<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+ onHoldList +"\">\n"+
+        "<INPUT TYPE=hidden NAME=\"cmmfResponse\" VALUE=\"true\">\n"+
+        "<INPUT TYPE=submit VALUE=\"Release ALL "+ onHoldCounter +
+        " Certificates From Hold\" width=\"72\"></FORM>\n");
+}
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/toDisplayCRL.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/toDisplayCRL.template
new file mode 100644
index 000000000..a1467810e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/toDisplayCRL.template
@@ -0,0 +1,364 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Display Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+<CMS_TEMPLATE>
+
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Display Certificate Revocation List</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to view a certificate revocation list.<br>
+The numbers displayed in the recent changes column are
+representing newly revoked, taken off hold, and expired certificates.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM NAME="displayCRLForm" ACTION="displayCRL" METHOD=POST>
+
+<!-- <table border="0" cellspacing="2" cellpadding="2" width="100%"> -->
+
+<SCRIPT type="text/javascript">
+<!--
+var splitLabel = new Array("Copying delta CRL cache:",
+                           "Preparing data for delta CRL generation:",
+                           "Signing and encoding delta CRL:",
+                           "Storing delta CRL:",
+                           "Delta CRL publishing:",
+                           "Preparing data for CRL generation:",
+                           "Adding extensions:",
+                           "Signing and encoding CRL:",
+                           "Storing CRL:",
+                           "Publishing CRL:");
+var i;
+
+function write_new_window(timeSplits) {
+    var new_window = window.open('', 'TestWindow',
+        'width=400,height=410,status=no,location=no,menubar=no,toolbar=no,personalbar=no,resizable=yes,scrollbars=no');
+    new_window.focus();
+    var new_doc = new_window.document;
+    new_doc.writeln('<HTML><HEAD><TITLE>Newly Opened Window</TITLE></HEAD><BODY>\n');
+
+    var crlTime;
+    if (timeSplits != null && timeSplits.length > 0) {
+        crlTime = timeSplits.split(',');
+    } else {
+        crlTime = null;
+    }
+
+    if (crlTime != null && crlTime.length > 0) {
+        new_doc.writeln('<font size=+1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('CRL split times</font><br>&nbsp;');
+        new_doc.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        new_doc.writeln('<tr>');
+        new_doc.writeln('<td width="75%" bgcolor="#e0e0e0">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Operation</font></td>');
+        new_doc.writeln('<td bgcolor="#e0e0e0">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Time in ms</font></td>');
+        
+        var total = 0;
+        var deltaTotal = 0;
+        var crlTotal = 0;
+        var deltaColor;
+        for (i = 0; i < splitLabel.length; i++) {
+            if (i > 0 && i < 5) {
+                deltaColor = ' bgcolor="#eeeeee"';
+                deltaTotal += parseInt(crlTime[i]);
+            } else {
+                deltaColor = '';
+                crlTotal += parseInt(crlTime[i]);
+            }
+            new_doc.writeln('<tr><td align="right"'+deltaColor+'>');
+            new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            new_doc.writeln(splitLabel[i]+'</font>');
+            new_doc.writeln('</td>');
+            new_doc.writeln('<td align="right"'+deltaColor+'>');
+            new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            if (i < crlTime.length) {
+                if (crlTime[i].charAt(0) == '-') {
+                    var d = new Date(parseInt(crlTime[i].substr(1)));
+                    new_doc.writeln((d.getMonth()+1)+'/'+d.getDate()+'/'+
+                                    d.getFullYear()+"&nbsp;"+d.getHours()+':'+
+                                    (d.getMinutes()<10?"0":"")+d.getMinutes()+':'+
+                                    (d.getSeconds()<10?"0":"")+d.getSeconds());
+                } else {
+                    new_doc.writeln(crlTime[i]);
+                }
+                total += parseInt(crlTime[i]);
+            } else {
+                new_doc.writeln('&nbsp;');
+            }
+            new_doc.writeln('</font></td></tr>');
+        }
+        new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Delta CRL total:</font>');
+        new_doc.writeln('</td>');
+        new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (deltaTotal < 0) deltaTotal = "incomplete";
+        new_doc.writeln(deltaTotal+'</font></td></tr>');
+
+        new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('CRL total:</font>');
+        new_doc.writeln('</td>');
+        new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (crlTotal < 0) crlTotal = "incomplete";
+        new_doc.writeln(crlTotal+'</font></td></tr>');
+
+        new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Total:</font>');
+        new_doc.writeln('</td>');
+        new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (total < 0) total = "incomplete";
+        new_doc.writeln(total+'</font></td></tr>');
+
+        new_doc.writeln('</table>');
+    } else {
+        new_doc.writeln('CRL split times are not available.');
+    }
+    new_doc.writeln('</BODY></HTML>');
+    new_doc.close();
+}
+
+var issuingPoint;
+var crlNumber;
+var deltaNumber;
+var crlSize;
+var deltaSize;
+var crlTesting;
+var recentChanges;
+var crlTimeSplits;
+
+if (result.header.crlIssuingPoints != null &&
+    result.header.crlIssuingPoints.length > 0) {
+    issuingPoint = result.header.crlIssuingPoints.split('+');
+} else {
+    issuingPoint = null;
+}
+
+if (result.header.crlNumbers != null &&
+    result.header.crlNumbers.length > 0) {
+    crlNumber = result.header.crlNumbers.split('+');
+} else {
+    crlNumber = null;
+}
+
+if (result.header.deltaNumbers != null &&
+    result.header.deltaNumbers.length > 0) {
+    deltaNumber = result.header.deltaNumbers.split('+');
+} else {
+    deltaNumber = null;
+}
+
+if (result.header.crlSizes != null &&
+    result.header.crlSizes.length > 0) {
+    crlSize = result.header.crlSizes.split('+');
+} else {
+    crlSize = null;
+}
+
+if (result.header.deltaSizes != null &&
+    result.header.deltaSizes.length > 0) {
+    deltaSize = result.header.deltaSizes.split('+');
+} else {
+    deltaSize = null;
+}
+
+if (result.header.crlTesting != null &&
+    result.header.crlTesting.length > 0) {
+    crlTesting = result.header.crlTesting.split('+');
+} else {
+    crlTesting = null;
+}
+
+if (result.header.recentChanges != null &&
+    result.header.recentChanges.length > 0) {
+    recentChanges = result.header.recentChanges.split('+');
+} else {
+    recentChanges = null;
+}
+
+if (result.header.crlSplits != null &&
+    result.header.crlSplits.length > 0) {
+    crlTimeSplits = result.header.crlSplits.split('+');
+} else {
+    crlTimeSplits = null;
+}
+
+if (issuingPoint != null && issuingPoint.length > 0) {
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+
+    document.writeln('<tr><td align="right" width="30%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Issuing point:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<SELECT NAME="crlIssuingPoint">');
+    for (i = 0; i < issuingPoint.length; i++) {
+        document.write('<OPTION VALUE="' + issuingPoint[i] + '"');
+        if (result.header.masterCRLIssuingPoint == issuingPoint[i])
+            document.write(' SELECTED');
+        document.writeln('>' + issuingPoint[i] + '</OPTION>');
+    }
+    document.writeln('</SELECT></td></tr>');
+
+    document.writeln('<tr><td align="right" width="30%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(' Display type:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<SELECT NAME="crlDisplayType">');
+    if (result.header.master_host != null && result.header.master_host.length &&
+        result.header.master_port != null && result.header.master_port.length) {
+        document.write('<OPTION VALUE="entireCRL" SELECTED>Entire CRL');
+    } else {
+        document.write('<OPTION VALUE="cachedCRL" SELECTED>Cached CRL');
+        document.write('<OPTION VALUE="entireCRL">Entire CRL');
+    }
+    document.write('<OPTION VALUE="crlHeader">CRL header');
+    document.write('<OPTION VALUE="base64Encoded">Base64 encoded');
+    if (result.header.isDeltaCRLEnabled != null &&
+        result.header.isDeltaCRLEnabled == true) {
+        document.write('<OPTION VALUE="deltaCRL">Delta CRL');
+    }
+    document.writeln('</SELECT></td></tr>');
+    document.writeln('</table><br>&nbsp;');
+
+    if (crlNumber != null && crlNumber.length == issuingPoint.length &&
+        crlSize != null && crlSize.length == issuingPoint.length &&
+        recentChanges != null && recentChanges.length == issuingPoint.length) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Issuing point</font></td>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('CRL numbers</font></td>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Number of entries</font></td>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Recent changes</font></td>');
+        document.writeln('</tr>');
+        for (i = 0; i < issuingPoint.length; i++) {
+            document.writeln('<tr>');
+            document.writeln('<td align="right">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln(issuingPoint[i]+'</font>');
+            document.writeln('</td>');
+            document.writeln('<td align="right">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            if (crlTimeSplits != null &&
+                crlTimeSplits.length == issuingPoint.length &&
+                crlTimeSplits[i] != "0,0,0,0,0,0,0,0,0,0") {
+                if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+                    result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+                    deltaNumber != null && deltaNumber.length > i) {
+                    document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+', '+deltaNumber[i]+'</A>');
+                } else {
+                    document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+'</A>');
+                }
+            } else {
+                document.write(crlNumber[i]);
+                if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+                    result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+                    deltaNumber != null && deltaNumber.length > i) {
+                    document.write(', '+deltaNumber[i]);
+                }
+            }
+            document.writeln('</font></td>');
+            document.writeln('<td align="right">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            if (crlSize[i] == '-1') {
+                document.writeln('unknown');
+            } else {
+                document.write(crlSize[i]);
+                if (result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+                    deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1') {
+                    document.write(', '+deltaSize[i]);
+                }
+            }
+            document.writeln('</font></td>');
+            document.writeln('<td align="right">');
+            if (crlTesting[i] == '1') {
+                document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif" color="gray">');
+            } else {
+                document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            }
+            if (crlNumber[i] == '0' && crlSize[i] == '-1') {
+                document.writeln('CRL is not built</font>');
+            } else {
+                document.writeln(recentChanges[i]+'</font>');
+            }
+            document.writeln('</td>');
+            document.writeln('</tr>');
+        }
+        document.writeln('</table><br>');
+    }
+} else {
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'+
+                     'CRL issuing points are not available.');
+    document.writeln('</font><br><br>&nbsp;');
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+<SCRIPT type="text/javascript">
+<!--
+      if (issuingPoint != null && issuingPoint.length > 0) {
+        document.writeln('<INPUT TYPE="submit" VALUE="Display" width="72">&nbsp;');
+      }
+//-->
+</SCRIPT>
+      <INPUT TYPE="hidden" NAME="pageStart" VALUE="1">
+      <INPUT TYPE="hidden" NAME="pageSize" VALUE="50">
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#Viewing or Examining CRLs')"> -->
+    </td>
+  </tr>
+</table>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/toUpdateCRL.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/toUpdateCRL.template
new file mode 100644
index 000000000..1d804a604
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/toUpdateCRL.template
@@ -0,0 +1,386 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Update Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+ </HEAD>
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Update Certificate Revocation List</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+In most cases, the certificate revocation list (CRL) is updated automatically.
+In a few situations, however, you may want to update the CRL manually.
+Use this form to update the CRL manually.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<SCRIPT type="text/javascript">
+<!--
+
+if (result.header.master_host == null) {
+  document.write('<FORM NAME="updateCRLForm" ACTION="updateCRL" METHOD=POST>');
+} else {
+  document.write('<FORM NAME="updateCRLForm" ACTION="https://' + result.header.master_host + ':' + result.header.master_port + '/ca/agent/ca/updateCRL" METHOD=POST>');
+}
+
+//-->
+</SCRIPT>
+
+
+<SCRIPT type="text/javascript">
+<!--
+var splitLabel = new Array("Copying delta CRL cache:",
+                           "Preparing data for delta CRL generation:",
+                           "Signing and encoding delta CRL:",
+                           "Storing delta CRL:",
+                           "Delta CRL publishing:",
+                           "Preparing data for CRL generation:",
+                           "Adding extensions:",
+                           "Signing and encoding CRL:",
+                           "Storing CRL:",
+                           "Publishing CRL:");
+var i;
+
+function write_new_window(timeSplits) {
+    var new_window = window.open('', 'TestWindow',
+        'width=400,height=410,status=no,location=no,menubar=no,toolbar=no,personalbar=no,resizable=yes,scrollbars=no');
+    new_window.focus();
+    var new_doc = new_window.document;
+    new_doc.writeln('<HTML><HEAD><TITLE>Newly Opened Window</TITLE></HEAD><BODY>\n');
+
+    var crlTime;
+    if (timeSplits != null && timeSplits.length > 0) {
+        crlTime = timeSplits.split(',');
+    } else {
+        crlTime = null;
+    }
+
+    if (crlTime != null && crlTime.length > 0) {
+        new_doc.writeln('<font size=+1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('CRL split times</font><br>&nbsp;');
+        new_doc.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        new_doc.writeln('<tr>');
+        new_doc.writeln('<td width="75%" bgcolor="#e0e0e0">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Operation</font></td>');
+        new_doc.writeln('<td bgcolor="#e0e0e0">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Time in ms</font></td>');
+
+        var total = 0;
+        var deltaTotal = 0;
+        var crlTotal = 0;
+        var deltaColor;
+        for (i = 0; i < splitLabel.length; i++) {
+            if (i > 0 && i < 5) {
+                deltaColor = ' bgcolor="#eeeeee"';
+                deltaTotal += parseInt(crlTime[i]);
+            } else {
+                deltaColor = '';
+                crlTotal += parseInt(crlTime[i]);
+            }
+            new_doc.writeln('<tr><td align="right"'+deltaColor+'>');
+            new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            new_doc.writeln(splitLabel[i]+'</font>');
+            new_doc.writeln('</td>');
+            new_doc.writeln('<td align="right"'+deltaColor+'>');
+            new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            if (i < crlTime.length) {
+                if (crlTime[i].charAt(0) == '-') {
+                    var d = new Date(parseInt(crlTime[i].substr(1)));
+                    new_doc.writeln((d.getMonth()+1)+'/'+d.getDate()+'/'+
+                                    d.getFullYear()+"&nbsp;"+d.getHours()+':'+
+                                    (d.getMinutes()<10?"0":"")+d.getMinutes()+':'+
+                                    (d.getSeconds()<10?"0":"")+d.getSeconds());
+                } else {
+                    new_doc.writeln(crlTime[i]);
+                }
+                total += parseInt(crlTime[i]);
+            } else {
+                new_doc.writeln('&nbsp;');
+            }
+            new_doc.writeln('</font></td></tr>');
+        }
+        new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Delta CRL total:</font>');
+        new_doc.writeln('</td>');
+        new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (deltaTotal < 0) deltaTotal = "incomplete";
+        new_doc.writeln(deltaTotal+'</font></td></tr>');
+
+        new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('CRL total:</font>');
+        new_doc.writeln('</td>');
+        new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (crlTotal < 0) crlTotal = "incomplete";
+        new_doc.writeln(crlTotal+'</font></td></tr>');
+
+        new_doc.writeln('<tr><td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        new_doc.writeln('Total:</font>');
+        new_doc.writeln('</td>');
+        new_doc.writeln('<td align="right" bgcolor="#e5e5e5">');
+        new_doc.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (total < 0) total = "incomplete";
+        new_doc.writeln(total+'</font></td></tr>');
+
+        new_doc.writeln('</table>');
+    } else {
+        new_doc.writeln('CRL split times are not available.');
+    }
+    new_doc.writeln('</BODY></HTML>');
+    new_doc.close();
+}
+
+var algorithmName;
+var issuingPoint;
+var crlNumber;
+var deltaNumber;
+var crlSize;
+var deltaSize;
+var crlTesting;
+var recentChanges;
+
+if (result.header.crlIssuingPoints != null &&
+    result.header.crlIssuingPoints.length > 0) {
+    issuingPoint = result.header.crlIssuingPoints.split('+');
+} else {
+    issuingPoint = null;
+}
+
+if (result.header.validAlgorithms != null) {
+    algorithmName = result.header.validAlgorithms.split('+');
+} else {
+    validAlgorithms = "SHA1withRSA+MD5withRSA+SHA1withDSA+SHA1withEC";
+    algorithmName = validAlgorithms.split('+');
+}
+
+if (result.header.crlNumbers != null &&
+    result.header.crlNumbers.length > 0) {
+    crlNumber = result.header.crlNumbers.split('+');
+} else {
+    crlNumber = null;
+}
+
+if (result.header.deltaNumbers != null &&
+    result.header.deltaNumbers.length > 0) {
+    deltaNumber = result.header.deltaNumbers.split('+');
+} else {
+    deltaNumber = null;
+}
+
+if (result.header.crlSizes != null &&
+    result.header.crlSizes.length > 0) {
+    crlSize = result.header.crlSizes.split('+');
+} else {
+    crlSize = null;
+}
+
+if (result.header.deltaSizes != null &&
+    result.header.deltaSizes.length > 0) {
+    deltaSize = result.header.deltaSizes.split('+');
+} else {
+    deltaSize = null;
+}
+
+if (result.header.crlTesting != null &&
+    result.header.crlTesting.length > 0) {
+    crlTesting = result.header.crlTesting.split('+');
+} else {
+    crlTesting = null;
+}
+
+if (result.header.recentChanges != null &&
+    result.header.recentChanges.length > 0) {
+    recentChanges = result.header.recentChanges.split('+');
+} else {
+    recentChanges = null;
+}
+
+if (result.header.crlSplits != null &&
+    result.header.crlSplits.length > 0) {
+    crlTimeSplits = result.header.crlSplits.split('+');
+} else {
+    crlTimeSplits = null;
+}
+
+if (issuingPoint != null && issuingPoint.length > 0) {
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+
+    document.writeln('<tr><td align="right" width="30%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Issuing point:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<SELECT NAME="crlIssuingPoint">');
+    for (i = 0; i < issuingPoint.length; i++) {
+        document.write('<OPTION VALUE="' + issuingPoint[i] + '"');
+        if (result.header.masterCRLIssuingPoint == issuingPoint[i])
+            document.write(' SELECTED');
+        document.writeln('>' + issuingPoint[i] + '</OPTION>');
+    }
+    document.writeln('</SELECT></td></tr>');
+
+    document.writeln('<tr><td align="right" width="30%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Signature algorithm:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<SELECT NAME="signatureAlgorithm">');
+    for (i = 0; i < algorithmName.length; i++) {
+        document.write('<OPTION VALUE="' + algorithmName[i] + '"');
+        if (result.header.defaultAlgorithm == algorithmName[i])
+            document.write(' SELECTED');
+        document.writeln('>' + algorithmName[i] + '</OPTION>');
+    }
+    document.writeln('</SELECT></td></tr>');
+
+    document.writeln('<tr><td align="right" width="30%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Wait for update:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<input TYPE="CHECKBOX" NAME="waitForUpdate" VALUE="true">');
+    document.writeln('</td></tr>');
+
+    document.writeln('<tr><td align="right" width="30%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Clear CRL cache:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<input TYPE="CHECKBOX" NAME="clearCRLCache" VALUE="true">');
+    document.writeln('</td></tr>');
+
+    document.writeln('</table><br>&nbsp;');
+
+
+    if (crlNumber != null && crlNumber.length == issuingPoint.length &&
+        crlSize != null && crlSize.length == issuingPoint.length &&
+        recentChanges != null && recentChanges.length == issuingPoint.length) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Issuing point</font></td>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('CRL numbers</font></td>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Number of entries</font></td>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Recent changes</font></td>');
+        document.writeln('</tr>');
+        for (i = 0; i < issuingPoint.length; i++) {
+            document.writeln('<tr>');
+            document.writeln('<td align="right">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln(issuingPoint[i]+'</font>');
+            document.writeln('</td>');
+            document.writeln('<td align="right">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            if (crlTimeSplits != null &&
+                crlTimeSplits.length == issuingPoint.length &&
+                crlTimeSplits[i] != "0,0,0,0,0,0,0,0,0,0") {
+                if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+                    result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+                    deltaNumber != null && deltaNumber.length > i) {
+                    document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+', '+deltaNumber[i]+'</A>');
+                } else {
+                    document.write('<A HREF="#" onClick="write_new_window(\''+crlTimeSplits[i]+'\');return false">'+crlNumber[i]+'</A>');
+                }
+            } else {
+                document.write(crlNumber[i]);
+                if (deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1' &&
+                    result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+                    deltaNumber != null && deltaNumber.length > i) {
+                    document.write(', '+deltaNumber[i]);
+                }
+            }
+            document.writeln('</font></td>');
+            document.writeln('<td align="right">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            if (crlSize[i] == '-1') {
+                document.writeln('unknown');
+            } else {
+                document.write(crlSize[i]);
+                if (result.header.isDeltaCRLEnabled != null && result.header.isDeltaCRLEnabled == true &&
+                    deltaSize != null && deltaSize.length > i && deltaSize[i] != '-1') {
+                    document.write(', '+deltaSize[i]);
+                }
+            }
+            document.writeln('</font></td>');
+            document.writeln('<td align="right">');
+            if (crlTesting[i] == '1') {
+                document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif" color="gray">');
+            } else {
+                document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            }
+            if (crlNumber[i] == '0' && crlSize[i] == '-1') {
+                document.writeln('CRL is not built</font>');
+            } else {
+                document.writeln(recentChanges[i]+'</font>');
+            }
+            document.writeln('</td>');
+            document.writeln('</tr>');
+        }
+        document.writeln('</table><br>');
+    }
+} else {
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'+
+                     'CRL issuing points are not available.');
+    document.writeln('</font><br><br>&nbsp;');
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+<SCRIPT type="text/javascript">
+<!--
+      if (issuingPoint != null && issuingPoint.length > 0) {
+        document.writeln('<INPUT TYPE="submit" VALUE="Update" width="72">&nbsp;');
+      }
+//-->
+</SCRIPT>
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#Updating the CRL')"> -->
+    </td>
+  </tr>
+</table>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/top.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/top.html
new file mode 100644
index 000000000..f4033d0f4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/top.html
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td>
+            <table border="0" cellspacing="12" cellpadding="0" width="100%">
+              <tr> 
+                <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<font color="#999999" size="-2">&reg;</font><b><br>
+                  Certificate System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>
+                <td></td>
+                <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Certificate Authority Agent Services</font> </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/unrevocationResult.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/unrevocationResult.template
new file mode 100644
index 000000000..8080ce0d2
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/unrevocationResult.template
@@ -0,0 +1,127 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<SCRIPT type="text/javascript">
+//<!--
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + number;
+}
+
+if (result.header.unrevoked == 'yes') {
+    var s = (result.header.serialNumber.indexOf(",") > 0)? "s": "";
+    var ve = (result.header.serialNumber.indexOf(",") > 0)? "ve": "s";
+
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Certificate'+s+' Ha'+ve+' Been Released From Hold</font><br><br>');
+
+
+    if (result.header.error == null) {
+  	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+                         result.header.serialNumber +
+                         '</b> ha'+ve+' been released from hold.');
+        document.writeln('</font><br>');
+
+		document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+		if (result.header.updateCRL && result.header.updateCRL == "yes") {
+			if (result.header.updateCRLSuccess != null && 
+				result.header.updateCRLSuccess == "yes") {
+				document.writeln('The Certificate Revocation List has been successfully updated.');
+			}
+			else {
+				document.writeln('The Certificate Revocation List update Failed');
+				if (result.header.updateCRLSuccess != null) 
+					document.writeln(' with error '+
+						result.header.updateCRLError);
+				else 
+					document.writeln('. No further details provided.');
+			}
+		}
+		else {
+			document.writeln(
+				'The Certificate Revocation List will be updated '+
+				'automatically at the next scheduled update.');
+		}
+		document.writeln('</font><br>');
+/*
+        if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+       	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.header.dirUpdated == 'yes') {
+                document.write('Directory has been successfully updated.');
+            } else {
+                document.write('Directory has not been updated.  See log files for more details.');
+            }
+            document.writeln('</font><br>');
+        }
+*/
+    } else {
+  	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+                         result.header.serialNumber +
+                         '</b> ha'+ve+' not been released from hold..<br><br>');
+        document.writeln('Additional Information:');
+        document.writeln('</font>');
+        document.writeln('<blockquote>');
+  	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+} else if (result.header.unrevoked == 'pending') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Unrevocation Request Has Been Submitted</font><br><br>');
+} else {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Unrevocation Request Cannot Be Completed</font><br><br>');
+    if (result.header.error != null) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Addition information:</font>');
+        document.writeln('<blockquote>');
+	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateCRL.html b/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateCRL.html
new file mode 100644
index 000000000..70216a531
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateCRL.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Update Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT type="text/javascript" SRC="/ca/agent/helpfun.js"></SCRIPT>
+ </HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Update Certificate Revocation List</font><br>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+In most cases, the certificate revocation list (CRL) is updated automatically.
+In a few situations, however, you may want to update the CRL manually.
+Use this form to update the CRL manually.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="updateCRL" METHOD=POST>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Signature algorithm:</font>
+<SELECT NAME="signatureAlgorithm">
+SHA1withRSA+MD5withRSA+MD2withRSA
+<OPTION VALUE="SHA1withRSA">SHA1withRSA</OPTION>
+<OPTION VALUE="MD5withRSA">MD5withRSA</OPTION>
+<OPTION VALUE="SHA1withDSA">SHA1withDSA</OPTION>
+</SELECT>
+
+<br>&nbsp;<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <input TYPE="HIDDEN" NAME="crlIssuingPoint" VALUE="MasterCRL">
+      <INPUT TYPE="submit" VALUE="Update" width="72">&nbsp;
+<SCRIPT type="text/javascript">
+<!--
+    var loc = location.protocol + '//' + location.hostname + ':' +
+              location.port + '/agent/ca/displayCRL?crlIssuingPoint=MasterCRL';
+    document.writeln('<INPUT TYPE=\"button\" VALUE=\"Display\"  width=\"72\"'+
+                     ' onClick=\"location.href=\''+ loc + '\'\">&nbsp;');
+//-->
+</SCRIPT>
+      <!-- <INPUT TYPE="button" VALUE=Help width="72"
+        onClick="help('http://www.redhat.com/docs/manuals/cert-system#1008945')"> -->
+	</td>
+  </tr>
+</table>
+
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateCRL.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateCRL.template
new file mode 100644
index 000000000..ebe318599
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateCRL.template
@@ -0,0 +1,180 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Update Certificate Revocation List </TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Update Certificate Revocation List Result 
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.crlPublished == 'Success') {
+    document.write('The Certificate Revocation List has been updated and published successfully');
+//    if (result.header.time != null) {
+//        var sec = result.header.time / 1000;
+//        document.write(' in '+sec+' seconds');
+//    }
+    document.writeln('.');
+} else if (result.header.crlPublished == 'Failure') {
+    document.writeln('The Certificate Revocation List has been updated successfully.<br>');
+    document.writeln('The Certificate Revocation List has not been published successfully.<br>');
+    if (result.header.error != null) {
+        document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;Additional information:<br>');
+        document.writeln('<blockquote><b><pre>'+result.header.error+'</pre></b></blockquote>');
+    }
+} else if (result.header.crlUpdate == 'Success') {
+    document.writeln('The Certificate Revocation List has been updated successfully.');
+    if (result.recordSet.length > 0) {i
+        var fontStr = '<font size=-1 face="PrimaSans BT, Verdana, sans-serif">';
+        document.writeln('<br>&nbsp;<br>&nbsp;<br>The Certificate Revocation List test statistics:<br>&nbsp;<br>');
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<td align="right" bgcolor="#eeeeee">&nbsp;</td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'CRL Numbers</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'CRL Sizes</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Total Time</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Cache</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'CRL</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Full</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Delta</font></td>');
+        var cols = 0;
+        if (result.recordSet[0].crlSplits != null && result.recordSet[0].crlSplits.length > 0) {
+            cols = result.recordSet[0].crlSplits.split(',').length;
+        }
+        if (cols > 0) {
+            document.writeln('<td bgcolor="#eeeeee" colspan="'+cols+'">'+fontStr+'&nbsp;&nbsp;CRL Generation Split Times</font></td>');
+            //document.writeln('<td align="right" bgcolor="#eeeeee" colspan="'+cols+'">'+fontStr+'CRL Generation Split Times</font></td>');
+        } else {
+            document.writeln('<td bgcolor="#eeeeee">'+fontStr+'&nbsp;&nbsp;CRL Generation Split Times</font></td>');
+        }
+        var t0 = 0;
+        var t1 = 0;
+        var t2 = 0;
+        var t3 = 0;
+        var t4 = 0;
+        var t5 = 0;
+        for (var i = 0; i < result.recordSet.length; i++) {
+            var crlTime;
+            if (result.recordSet[i].crlSplits != null && result.recordSet[i].crlSplits.length > 0) {
+                crlTime = result.recordSet[i].crlSplits.split(',');
+            } else {
+                crlTime = null;
+            }
+            var total = 0;
+            var crlTotal = 0;
+            var deltaCrlTotal = 0;
+            var fullCrlTotal = 0;
+            for (k = 0; crlTime != null && k < crlTime.length; k++) {
+                if (k > 0 && k < 5) {
+                    deltaCrlTotal += parseInt(crlTime[k]);
+                } else {
+                    fullCrlTotal += parseInt(crlTime[k]);
+                }
+                crlTotal += parseInt(crlTime[k]);
+            }
+            t0 = parseInt(result.recordSet[i].cacheUpdate);
+            total += t0 + crlTotal;
+            t1 += total;
+            t2 += t0;
+            t3 += crlTotal;
+            t4 += fullCrlTotal;
+            t5 += deltaCrlTotal;
+            document.writeln('<tr>');
+            document.writeln('<td align="right">'+fontStr+(i+1)+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+result.recordSet[i].crlNumbers+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+result.recordSet[i].crlSizes+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+total+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+result.recordSet[i].cacheUpdate+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+crlTotal+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+fullCrlTotal+'</font></td>');
+            document.writeln('<td align="right">'+fontStr+deltaCrlTotal+'</font></td>');
+            if (cols > 0) {
+                for (k = 0; crlTime != null && k < crlTime.length; k++) {
+                    document.writeln('<td align="right">'+fontStr+crlTime[k]+'</font></td>');
+                }
+            } else {
+                document.writeln('<td>'+fontStr+'&nbsp;&nbsp;'+result.recordSet[i].crlSplits+'</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'Totals</td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+'</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t1+'</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t2+'</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t3+'</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t4+'</font></td>');
+        document.writeln('<td align="right" bgcolor="#eeeeee">'+fontStr+t5+'</font></td>');
+        if (cols > 0) {
+            for (k = 0; crlTime != null && k < crlTime.length; k++) {
+                document.writeln('<td bgcolor="#eeeeee">'+fontStr+'</font></td>');
+            }
+        } else {
+            document.writeln('<td bgcolor="#eeeeee">'+fontStr+'</font></td>');
+        }
+
+        document.writeln('</table>');
+    }
+} else if (result.header.crlUpdate == 'Failure') {
+    document.writeln('The Certificate Revocation List has not been updated successfully.<br>');
+    if (result.header.error != null) {
+        document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;Additional information:<br>');
+        document.writeln('<blockquote><b><pre>'+result.header.error+'</pre></b></blockquote>');
+    }
+} else if (result.header.crlUpdate == 'missingParameters') {
+    document.writeln('The Certificate Revocation List test cannot be performed because some parameters are defined.');
+} else if (result.header.crlUpdate == 'testingNotEnabled') {
+    document.writeln('The Certificate Revocation List testing is not enabled.');
+} else if (result.header.crlUpdate == 'testingInProgress') {
+    document.writeln('The Certificate Revocation List testing is in progress.');
+} else if (result.header.crlUpdate == 'Scheduled') {
+    document.writeln('The Certificate Revocation List update has been scheduled.<br>');
+    document.writeln('Check the CS logs to see results.');
+} else if (result.header.crlUpdate == 'inProgress') {
+    document.writeln('The Certificate Revocation List update is in progress.<br>');
+    document.writeln('Check the CS logs to see results.');
+} else if (result.header.crlUpdate == 'Disabled') {
+    document.writeln('The Certificate Revocation List updates are disabled.<br>');
+} else if (result.header.crlUpdate == 'notInitialized') {
+    document.write('CRL Issuing Point');
+    if (result.header.crlIssuingPoint != null) {
+        document.write(' <i>'+result.header.crlIssuingPoint+'</i>');
+    }
+    document.writeln(' has not been initialized.<br>');
+    document.writeln('Check the CS logs to see results.');
+} else {
+    document.write('The Certificate Revocation List has been updated successfully');
+//    if (result.header.time != null) {
+//        var sec = result.header.time / 1000;
+//        document.write(' in '+sec+' seconds');
+//    }
+    document.writeln('.');
+}
+</SCRIPT>
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateDir.template b/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateDir.template
new file mode 100644
index 000000000..64954a257
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ca/updateDir.template
@@ -0,0 +1,99 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE> Update Directory Server Results </TITLE>
+<CMS_TEMPLATE>
+</HEAD>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Update Directory Server Results 
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<UL>
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.crlPublished != null) {
+    if (result.header.crlPublished == 'Success') {
+	    document.write('<LI>The Certificate Revocation List has been published in the directory.\n');
+    } else if (result.header.crlPublished == 'Failure') {
+	    document.write('<LI>The Certificate Revocation List could not be published in the directory.\n');
+        if (result.header.crlError != null) {
+            document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.crlError+'\n');
+        }
+    }
+}
+
+if (result.header.caCertPublished != null) {
+    if (result.header.caCertPublished == 'Success') {
+	    document.write('<LI>The Certificate Manager certificate has been published in the directory.\n');
+    } else if (result.header.caCertPublished == 'Failure') {
+	    document.write('<LI>The Certificate Manager certificate could not be published in the directory.\n');
+        if (result.header.caCertError != null) {
+            document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.caCertError+'\n');
+        }
+    }
+}
+
+if (result.header.validCertsPublished != null) {
+    if (result.header.validCertsPublished == 'Success') {
+	    document.write('<LI>'+result.header.validCertsError+'\n');
+    } else if (result.header.validCertsPublished == 'No') {
+	    document.write('<LI>All valid certificates have already been published in the directory or there is no valid certificate. Nothing to update at this time.\n');
+    } else if (result.header.validCertsPublished == 'Failure') {
+	    document.write('<LI>Error publishing valid certificates in the directory. See log files for more details.\n');
+        if (result.header.validCertsError != null) {
+            document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.validCertsError+'\n');
+        }
+    }
+}
+
+if (result.header.expiredCertsUnpublished != null) {
+    if (result.header.expiredCertsUnpublished == 'Success') {
+	    document.write('<LI>'+result.header.expiredCertsError+'\n');
+    } else if (result.header.expiredCertsUnpublished == 'No') {
+	    document.write('<LI>All expired certificates have already been unpublished in the directory or there is no expired certificate. Nothing to update at this time.\n');
+    } else if (result.header.expiredCertsUnpublished == 'Failure') {
+	    document.write('<LI>Error unpublishing expired certificates in the directory. See log files for more details.\n');
+        if (result.header.expiredCertsError != null) {
+            document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.expiredCertsError+'\n');
+        }
+    }
+}
+
+if (result.header.revokedCertsUnpublished != null) {
+    if (result.header.revokedCertsUnpublished == 'Success') {
+	    document.write('<LI>'+result.header.revokedCertsError+'\n');
+    } else if (result.header.revokedCertsUnpublished == 'No') {
+	    document.write('<LI>All revoked certificates have already been unpublished in the directory or there is no revoked certificate. Nothing to update at this time.\n');
+    } else if (result.header.revokedCertsUnpublished == 'Failure') {
+	    document.write('<LI>Error unpublishing revoked certificates in the directory. See log files for more details.\n');
+        if (result.header.revokedCertsError != null) {
+            document.write('<br>&nbsp;&nbsp;&nbsp;&nbsp;'+result.header.revokedCertsError+'\n');
+        }
+    }
+}
+</SCRIPT>
+</UL>
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/cms-funcs.js b/dogtag/ca-ui/shared/webapps/ca/agent/cms-funcs.js
new file mode 100644
index 000000000..c8ffd51c7
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/cms-funcs.js
@@ -0,0 +1,538 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+
+function checkClientTime()
+{
+   var speed;
+   var server_date = new Date(serverdate); 
+   var client_date = new Date();
+   var zone = client_date.getTimezoneOffset(); 
+   var timediff = 0;
+
+   var serverutc = server_date.getTime();
+   var clientutc = client_date.getTime();
+
+   var offset = clientutc - serverutc;
+   if (offset >0) { 
+      speed = 'fast'; 
+      } else { 
+	  speed = 'slow'; 
+   } 
+   timediff = Math.round(Math.abs(offset/1000/60)); 
+
+    if (timediff > 10) { 
+       msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed  +
+             '\n\nYou may encounter problems using your certificate\n' +
+			 'as your clock is set incorrectly.\n\n' +
+			 'According to the server, the time is:\n  ' + server_date +
+			 '\n\nPlease correct your clock before proceeding with enrollment'+
+             '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+			 'If you change your timezone, you may need to restart your browser\n'+
+             'before continuing.';
+			 alert(msg);
+			 return false;
+       }
+	return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.E != null) {
+	    if (E.value != '') {
+		if (doubleQuotes(E.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    E.value = '';
+		    E.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+	    }
+	}
+	if (form.CN!= null) {
+	    if (CN.value != '') {
+		if (doubleQuotes(CN.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    CN.value = '';
+		    CN.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+	    }
+        }
+	if (form.UID1 != null) {
+	    if (UID1.value != '') {
+		if (doubleQuotes(UID1.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    UID1.value = '';
+		    UID1.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+	    }
+        }
+	if (form.OU != null) {
+	    if (OU.value != '') {
+		if (doubleQuotes(OU.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    OU.value = '';
+		    OU.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+	    }  
+        }
+	if (form.O != null) {
+	    if (O.value != '') {
+		if (doubleQuotes(O.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    O.value = '';
+		    O.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+	    }  
+	}
+	if (form.L != null) {
+	    if (L.value != '') {
+		if (doubleQuotes(L.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    L.value = '';
+		    L.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+	    }
+	}
+	if (form.ST != null) {
+	    if (ST.value != '') {
+		if (doubleQuotes(ST.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    ST.value = '';
+		    ST.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+	    }
+	}
+	if (form.C != null) {
+	    if (C.value != '') {
+		if (doubleQuotes(C.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    C.value = '';
+		    C.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.OU.value == '') && (form.O.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.CN.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+	// DEBUG 
+	//alert(form.subject);
+
+    with (form) {
+		if (email != null) {
+	   		if (E.value == "" && email.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (CN.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+	return true;
+    }
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day ) {
+        alert(fieldName + " is invalid");
+	return null;
+     }
+     else 
+     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (asPattern) { 
+   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+   }
+   else if (value != "")
+   	list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+    with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+    	makeComponent(result,"E",E.value,asPattern);
+    	makeComponent(result,"CN",CN.value,asPattern);
+    	makeComponent(result,"UID",UID.value,asPattern);
+    	makeComponent(result,"OU",OU.value,asPattern);
+    	makeComponent(result,"O",O.value,asPattern);
+   	makeComponent(result,"L",L.value,asPattern);
+    	makeComponent(result,"ST",ST.value,asPattern);
+	makeComponent(result,"C",C.value,asPattern);
+    }
+    if (result.length == 0)
+    	return asPattern ? "0 == 0" : "0 == 1";
+    else 
+        return "subject" + ( asPattern ? " ~= " : " == ") +
+    				escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/funcs.js b/dogtag/ca-ui/shared/webapps/ca/agent/funcs.js
new file mode 100644
index 000000000..f610759e8
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/funcs.js
@@ -0,0 +1,693 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    with (form) {
+        distinguishedName.value = '';
+	if (form.eMail != null) {
+	    if (eMail.value != '') {
+		if (doubleQuotes(eMail.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    eMail.value = '';
+		    eMail.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(eMail.value);
+	    }
+	}
+	if (form.commonName != null) {
+	    if (commonName.value != '') {
+		if (doubleQuotes(commonName.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    commonName.value = '';
+		    commonName.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(commonName.value);
+	    }
+        }
+	if (form.userID != null) {
+	    if (userID.value != '') {
+		if (doubleQuotes(userID.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    userID.value = '';
+		    userID.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(userID.value);
+	    }
+        }
+	if (form.orgUnit != null) {
+	    if (orgUnit.value != '') {
+		if (doubleQuotes(orgUnit.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    orgUnit.value = '';
+		    orgUnit.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(orgUnit.value);
+	    }  
+        }
+	if (form.org != null) {
+	    if (org.value != '') {
+		if (doubleQuotes(org.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    org.value = '';
+		    org.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(org.value);
+	    }  
+	}
+	if (form.locality != null) {
+	    if (locality.value != '') {
+		if (doubleQuotes(locality.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    locality.value = '';
+		    locality.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(locality.value);
+	    }
+	}
+	if (form.state != null) {
+	    if (state.value != '') {
+		if (doubleQuotes(state.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    state.value = '';
+		    state.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(state.value);
+	    }
+	}
+	if (form.country != null) {
+	    if (country.value != '') {
+		if (doubleQuotes(country.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    country.value = '';
+		    country.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(country.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    if ((form.orgUnit.value == '') && (form.org.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+
+    if (form.commonName.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+
+    with (form) {
+	if (isEmailCert != null) {
+	   if (eMail.value == "" && isEmailCert.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (commonName.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+        if (csrRequestorName.value == "") {
+            csrRequestorName.value = commonName.value;
+        }
+        if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "") {
+            alert("You must supply a contact phone number or e-mail address.");
+            return false;
+        }
+        return true;
+    }
+}
+
+function isNegative(string) {
+  if (string.charAt(0) == '-')
+     return true;
+  else
+     return false;
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function isDecimalNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length &&
+        legalDigits.indexOf(string.charAt(i)) != -1) {
+        i++;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function isHexNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789abcdefABCDEF";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length - 2 &&
+        string.charAt(i) == '0' &&
+        (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+        legalDigits.indexOf(string.charAt(i+2)) != -1) {
+        i += 3;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function trim(string) {
+    var i, k, newString;
+
+    for (i = 0; i < string.length; i++) {
+        if (string.charAt(i) != ' ' )
+            break;
+    }
+    for (k = string.length - 1; k > i; k--) {
+        if (string.charAt(k) != ' ' )
+            break;
+    }
+    k++;
+
+    if (k > i)
+        newString = string.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day || year == 0) {
+        alert(fieldName + " is invalid");
+        return null;
+     }
+     else 
+     	return date.getTime();
+//     	return Math.round(date.getTime() / 1000);
+}
+
+function convertToTime(form)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day) {
+        return null;
+     }
+     else
+        return date.getTime();
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' || c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+//   if (asPattern) { 
+//   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+//   }
+//   else if (value != "")
+   if (value != "") {
+      list[last] = tag+"="+escapeValueRfc1779(value);
+//   } else if (!asPattern) {
+//      list[last] = tag+"=*";
+   }
+//   alert("asPattern = " + asPattern);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponent(result,"E",eMail.value,asPattern);
+		makeComponent(result,"CN",commonName.value,asPattern);
+		makeComponent(result,"UID",userID.value,asPattern);
+		makeComponent(result,"OU",orgUnit.value,asPattern);
+		makeComponent(result,"O",org.value,asPattern);
+		makeComponent(result,"L",locality.value,asPattern);
+		makeComponent(result,"ST",state.value,asPattern);
+		makeComponent(result,"C",country.value,asPattern);
+	}
+    if (result.length == 0)
+//    	return asPattern ? "0 == 0" : "0 == 1";
+    	return "(x509Cert.subject=*)";
+    else  {
+        return "(x509Cert.subject" + (asPattern ? "~=" : "=") + escapeValue(nsjoin(result,",")) + ")";
+        }
+// escapeValue(result.join(', '));
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (value != "") {
+	if (asPattern) {
+		list[last] = "(x509Cert.subject=*"+tag+"=*"+
+			escapeValueRfc1779(value)+"*)";
+	} else {
+		// exact match (either the end, or appended with ",")
+		list[last] = "(|(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+",*)"
+			+"(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+"))";
+	}
+   }
+}
+
+function computeNameFilter(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponentFilter(result,"E",eMail.value,asPattern);
+		makeComponentFilter(result,"CN",commonName.value,asPattern);
+		makeComponentFilter(result,"UID",userID.value,asPattern);
+		makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+		makeComponentFilter(result,"O",org.value,asPattern);
+		makeComponentFilter(result,"L",locality.value,asPattern);
+		makeComponentFilter(result,"ST",state.value,asPattern);
+		makeComponentFilter(result,"C",country.value,asPattern);
+	}
+	if (result.length == 0) {
+		return "(x509Cert.subject=*)";
+	} else  {
+		if (asPattern) {
+        		return "(|" + nsjoin(result,"") + ")";
+		} else {
+        		return "(&" + nsjoin(result,"") + ")";
+		}
+	}
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+function isHex(string)
+{
+      if (string.charAt(0) == '0' &&
+      (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+        return true;
+      } else {
+        return false;
+      }
+}
+
+function writeError(errorDetails)
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (errorDetails != null) {
+                document.write(errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+              "further information.");
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+  val = "";
+  for (i=0; i<array.length; i++) {
+    val = val + array[i];
+    if (i < (array.length-1)) val = val+str;
+    }
+  return val;
+}
+//-->
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/dgLeftTab.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/dgLeftTab.gif
new file mode 100644
index 000000000..35a76c859
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/dgLeftTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/dgRightTab.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/dgRightTab.gif
new file mode 100644
index 000000000..a519bc759
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/dgRightTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/favicon.ico b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/favicon.ico
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/goto-tall.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/goto-tall.gif
new file mode 100644
index 000000000..6eea3ef5c
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/goto-tall.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/gray90.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/gray90.gif
new file mode 100644
index 000000000..c6f811102
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/gray90.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/hr.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/hr.gif
new file mode 100644
index 000000000..14f8acf92
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/hr.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/lgLeftTab.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/lgLeftTab.gif
new file mode 100644
index 000000000..a78fbc89d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/lgLeftTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/lgRightTab.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/lgRightTab.gif
new file mode 100644
index 000000000..71852402d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/lgRightTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/logo_header.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/logo_header.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/graphics/spacer.gif b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/spacer.gif
new file mode 100644
index 000000000..13acffe53
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/graphics/spacer.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/header.template b/dogtag/ca-ui/shared/webapps/ca/agent/header.template
new file mode 100644
index 000000000..dfe7061f1
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/header.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>Header</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body onResize=location.reload() bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/ca/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td><img src="/ca/agent/graphics/spacer.gif" alt="" width="12" height="21"></td>
+<SCRIPT type="text/javascript">
+	for (var i = 0; i < result.recordSet.length; ++i) {
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/ca/agent/graphics/lgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#cccccc" nowrap>');
+		} else {
+          		document.write('<td><img src="/ca/agent/graphics/dgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#999999" nowrap>');
+		}
+		document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                if (result.recordSet[i].type == "CertificateAuthority") {
+			type = "Certificate Manager";
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			type = "Data Recovery Manager";
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			type = "Online Certificate Status Manager";
+		} else if (result.recordSet[i].type == "RegistrationAuthority") {
+			type = "Registration Manager";
+		}
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<b>' + type + '<\/b>');
+		} else {
+          		document.write('<a href="../' + 
+				result.recordSet[i].id + 
+				'/index.html" target="_top">' + 
+				type + '<\/a>');
+		}
+		document.write('<\/font><\/td>');
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/ca/agent/graphics/lgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		} else {
+          		document.write('<td><img src="/ca/agent/graphics/dgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		}
+	}
+</SCRIPT>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/helpfun.js b/dogtag/ca-ui/shared/webapps/ca/agent/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) { 
+
+     var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500"); 
+
+     HelpWin.location = helptopic;
+     HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+     window.status = helpline;
+
+     return true;
+
+}
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/index.html b/dogtag/ca-ui/shared/webapps/ca/agent/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/index.template b/dogtag/ca-ui/shared/webapps/ca/agent/index.template
new file mode 100644
index 000000000..99ea3a090
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/index.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>CA Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/ca/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	var displayServices = 'true';
+	for (var i = 0; i < result.recordSet.length; ++i) {
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].id + '/index.html');
+		if (result.recordSet[i].type == "RegistrationAuthority") {
+			document.write('">Registration Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "CertificateAuthority") {
+			document.write('">Certificate Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			displayServices = 'false';
+			document.write('">Online Certificate Status Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to check certificate status.');
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			displayServices = 'false';
+			document.write('">Data Recovery Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process key requests, and recover keys.');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+document.write('<tr valign="TOP">'); 
+document.write('<td>&nbsp;</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+if (displayServices== 'true')
+{	
+	document.write('<tr valign="TOP">');
+	document.write('<TD><IMG src="/graphics/goto-tall.gif" width="10" height="15"></TD>');
+	document.write('<TD><FONT face="PrimaSans BT, Verdana, sans-serif">');
+	document.write('<A href="ports">Services Summary</A></FONT></TD>');
+	document.write('</tr>');
+}
+document.write('<TR valign="TOP">');
+document.write('<TD> </TD>');
+document.write('<TD> </TD>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+</SCRIPT>
+
+</table>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/ports.template b/dogtag/ca-ui/shared/webapps/ca/agent/ports.template
new file mode 100644
index 000000000..46ab91d60
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/ports.template
@@ -0,0 +1,121 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>CA Agent Ports</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/ca/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Services Summary</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	for (var i = 0; i < result.recordSet.length; ++i) {
+          if (result.recordSet[i].port == -1)
+                  continue;
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/ca/agent/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].prefix + "://" +
+			result.header.hostname + ":" +
+			result.recordSet[i].port);
+		if (result.recordSet[i].type == "eeGateway.http.port") {
+			document.write('">End Users Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else if (result.recordSet[i].type == "eeGateway.https.port") {
+			document.write('">SSL End Users Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else if (result.recordSet[i].type == "agentGateway.https.port") {
+			document.write('">Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+</SCRIPT>
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+      </table>
+    </td>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/agent/xenroll.dll b/dogtag/ca-ui/shared/webapps/ca/agent/xenroll.dll
new file mode 100644
index 000000000..9375e988d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/agent/xenroll.dll
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenError.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenError.template
new file mode 100644
index 000000000..729525afd
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenError.template
@@ -0,0 +1,72 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request<br>
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+    document.write(result.fixed.errorDetails);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+	document.writeln('<P>');
+    document.write('Additional Information:');
+	document.writeln('<P>');
+    document.write('<BLOCKQUOTE><B><PRE>');
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].errorDescription != null) {
+			document.writeln(result.recordSet[i].errorDescription);
+		}
+	}
+	document.writeln('</UL>');
+	document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenPending.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenPending.template
new file mode 100644
index 000000000..15ab7316a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Request Pending</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null) 
+	authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.writeln('<P>');
+	document.write('Your can check on the status of your request with ');
+	document.write('an authorized agent or local administrator ');
+	document.writeln('by referring to this request ID.'); 
+} else {
+    document.write('<B>not provided.</B> ');
+    document.write('<P>');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenRejected.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenRejected.template
new file mode 100644
index 000000000..6e0ca836f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenRejected.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Request Rejected</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null) {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+	document.writeln('No further details provided.');
+}
+else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].policyMessage != null) {
+			document.writeln(result.recordSet[i].policyMessage);
+		}
+	}
+	document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+	document.write('<B>not provided</B>.');
+	document.writeln('<P>');
+	document.write(
+		'Please consult your local administrator for further assistance.');
+} else {
+	document.write('<B>'+result.fixed.requestId+'</B>. ');
+	document.writeln('<P>');
+	document.write(
+		'You can contact an authorized agent or local administrator for ');
+	document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenSuccess.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenSuccess.template
new file mode 100644
index 000000000..5e17ecd64
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenSuccess.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Generic Request Success</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null) 
+	authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenSvcPending.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenSvcPending.template
new file mode 100644
index 000000000..e61acbe6c
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+	document.write(result.fixed.remoteAuthorityName);
+else
+	document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.write('<P>');
+	document.write('Your can check on status of your request with an '+
+				   'authorized agent or local administrator by referring '+
+				   'to this request ID.');
+} else {
+    document.write('not provided. ');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenUnauthorized.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenUnauthorized.template
new file mode 100644
index 000000000..b8526cb59
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenUnauthorized.template
@@ -0,0 +1,42 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Generic Unauthorized</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/GenUnexpectedError.template b/dogtag/ca-ui/shared/webapps/ca/ee/GenUnexpectedError.template
new file mode 100644
index 000000000..d93eb0fd6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/GenUnexpectedError.template
@@ -0,0 +1,62 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>CA End-Entity Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/AIMEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/AIMEnroll.html
new file mode 100644
index 000000000..d72f7c974
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/AIMEnroll.html
@@ -0,0 +1,426 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>AIM User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/ee/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.screenname.Value <> Empty) Then
+			If doubleQuotes(TheForm.screenname.Value) = True Then
+				MsgBox "Double quotes are not allowed in the screenname field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.screenname.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.screenname.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory screenname for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.password.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.certRequest.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+AIM User Enrollment <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a personal certificate through your
+  organization's directory. With directory based enrollment, you need only 
+  supply your user ID and password for the directory; the directory 
+  supplies the rest of the information needed for certificate issuance. 
+  If the user ID and password are correct your certificate will be issued
+  automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/ee/getCerts">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/getCerts">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/getCerts" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This 
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Screen Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="screenname" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="password" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+		}
+
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+//<!--
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When you submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+		  'system administrator about the provider to specify.');
+
+	   document.writeln('<p>');
+	   document.writeln('<td>');
+           document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+           document.writeln('Cryptographic Provider:');
+           document.writeln('</font>');
+	   document.writeln('</td>');
+	   document.writeln('<td>');
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+	   document.writeln('</td>');
+	   document.writeln('<p>');
+	}
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="UserDirEnrollment">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('certRequest');
+					document.write(
+					 '<input type="hidden" name="version" value="1">');
+					document.write(
+					 '<input type="hidden" name="certRequest" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/CMCEnrollment.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CMCEnrollment.html
new file mode 100644
index 000000000..d570addc6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CMCEnrollment.html
@@ -0,0 +1,189 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>CMC Request Enrollment </TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function setType(f)
+{
+    if ((f.certType.options[0].selected)) {
+        alert("You must select Certificate-Type");
+        return;
+    }
+}
+
+function validate(form)
+{
+  with (form) {
+	 if (cmcRequest.value == "")
+	 {
+		alert("You must enter the base64-encoded certificate request.");
+		return false;
+	 }
+     if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+	alert("You must supply a name and either a phone number or an email address.");
+	return false;
+     }
+  }
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+CMC Request Enrollment
+</font><br>
+  <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a CMC full enrollment request.
+<p> 
+  After you click the Submit button, your request will be submitted to an
+  issuing agent for approval. The certificate will be emailed to you. 
+</font>
+
+<form method="post" action="/enrollment"
+onSubmit="return validate(document.forms[0])">
+
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>CMC Full Enrollment Request</b><br>
+Paste the CMC full enrollment request into this text area. 
+      </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="cmcRequest" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>
+	  Select Certificate Type
+	  </b><br>
+      </font>
+	  <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+        Select a certificate type that corresponds to the certificate request you pasted in the text area above. </font></td>
+    </tr>
+
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Type: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <SELECT NAME="certType" onchange="setType(document.forms[0])">
+                <OPTION value="" SELECTED>Select Certificate-Type
+                <OPTION value="client">User Certificate
+                <OPTION value="server">Server SSL Certificate
+                <OPTION value="ca">CA Signing Certificate
+                <OPTION value="ra">RA Signing Certificate
+                <OPTION value="ocspResponder">OCSP Responder Signing Certificate
+        </SELECT>
+      </td>
+    </tr>
+
+    <tr> 
+      <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+        </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+	</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorName" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+	  If you have additional comments for the person who will process your 
+	  certificate request, write them here. 
+        </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+		<input type="hidden" name="requestFormat" value="cmc">
+		<input type="hidden" name="fullResponse" value="false">
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/CMCRevReq.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CMCRevReq.html
new file mode 100644
index 000000000..f7aa04f29
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CMCRevReq.html
@@ -0,0 +1,66 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
+<meta name="GENERATOR" content="Microsoft FrontPage 4.0">
+<meta name="ProgId" content="FrontPage.Editor.Document">
+<title>CMC Certificate Revocation signed by authorized agent</title>
+</head>
+
+<body>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">CMC
+Certificate Revocation signed by authorized agent</font><br>
+<p><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Use
+this form to revoke your certificate(s) automatically.
+<p>After you click the submit button, the valid certificate with the serial
+number specified in the CMC Revocation Request will get revoked automatically.</font></p>
+<form method="post" action="CMCRevReq" onSubmit="return validate(document.forms[0])">
+ <input type="hidden" name="authenticator" value="CMCAuth">
+  <table border="0" width="772" cellspacing="2" cellpadding="2" height="341">
+    <tr>
+      <td valign="TOP" width="762" height="34"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>CMC
+        Revocation Enrollment Request</b><br>
+        Paste the CMC revocation request, signed by an authorized agent,&nbsp;
+        into this text area.</font></td>
+    </tr>
+    <tr>
+      <td width="395" height="169"><textarea name="cmcRequest" rows="12" cols="65" wrap="virtual">
+</textarea><br>
+      <tr>
+        <td valign="TOP" width="762" height="41">
+          <table border="0" width="574" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+            <tr>
+              <td width="560">
+                <div align="RIGHT">
+                  <input type="submit" value="submit" name="submit" width="72"> <input type="hidden" name="templateType" value="RevocationConfirmation">
+                  <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> <input type="reset" value="Reset" name="reset" width="72">
+                </div>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </form>
+
+</body>
+
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html
new file mode 100644
index 000000000..a2861d6a6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedDualEnroll.html
@@ -0,0 +1,364 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Certificate Based Enrollment - Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+        submit();
+        return true;
+    }
+}
+
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/ee/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Based User Enrollment for Dual Certs - Directory Based<br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a personal certificate.  You
+will be asked to do an SSL client authentication.  The certificate you
+use to authenticate should be the signing certificate that was
+generated together with an encryption certificate sharing the same
+subject DN.  On success, the user ID and password supplied on this
+form will be used to individualize the certificates eventually approved. 
+  If SSL client authentication is successful, the certificate you use
+for authentication is a signing-only certificate, the pairing
+encryption cert can be found, and the user ID and password are correct your certificates will be issued
+  automatically.  In general, after successful import of these dual
+certificates, you want to remove the original pair from your database.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This 
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+                <!-- for cert-based enrollment -->
+                <input type="hidden" name="requestFormat" value="clientAuth">
+                <input type="HIDDEN" name="doSslAuth" value="on">
+                <input type="HIDDEN" name="certauthEnroll" value="on">
+                <input type="HIDDEN" name="certauthEnrollType" value="dual">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+//<!--
+
+		}
+//-->
+
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+//				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+//                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="UserDirEnrollment">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+//						document.write(
+//						  '<input type=hidden name=CRMFRequest value="">');
+//						document.write(
+//						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html
new file mode 100644
index 000000000..df2afdae6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html
@@ -0,0 +1,508 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Cert-Based Directory Based User Enrollment Form for Encryption Cert</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+	// To enable key archival, replace "null" with the transport 
+	// certificate without "BEBIN..." "END..", nor line breaks.
+	// change keyGenAlg to "rsa-ex"
+	var keyTransportCert = null;
+	var keyGenAlg = "rsa-ex";
+	//var keyGenAlg = "rsa-dual-use";
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			//certNickname.value = uid.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				"CN=undefined", 
+               	"regToken", "authenticator", 
+			keyTransportCert,
+                "setCRMFRequest();", 
+                1024, null, "rsa-ex");
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/ee/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Based User Enrollment for Encryption Certs - Directory Based <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for an encryption certificate. You
+will be asked to do an SSL client authentication.  The certificate you
+use to authenticate should be a signing-only certificate.   On success, the user ID and password supplied on this
+form will be used to individualize the certificate eventually approved. 
+  If SSL client authentication is successful,  and the user ID and
+password are correct your certificate will be issued
+  automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This 
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+                <!-- for cert-based enrollment -->
+                <input type="hidden" name="requestFormat" value="clientAuth">
+                <input type="HIDDEN" name="doSslAuth" value="on">
+                <input type="HIDDEN" name="certauthEnroll" value="on">
+                <input type="HIDDEN" name="certauthEnrollType" value="encryption">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+		}
+
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+//<!--
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When you submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+		  'system administrator about the provider to specify.');
+
+	   document.writeln('<p>');
+	   document.writeln('<td>');
+           document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+           document.writeln('Cryptographic Provider:');
+           document.writeln('</font>');
+	   document.writeln('</td>');
+	   document.writeln('<td>');
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+	   document.writeln('</td>');
+	   document.writeln('<p>');
+	}
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="UserDirEnrollment">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html
new file mode 100644
index 000000000..7ac94ae09
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/CertBasedSingleEnroll.html
@@ -0,0 +1,510 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Cert-Based single Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+	// To enable key archival, replace "null" with the transport 
+	// certificate without "BEBIN..." "END..", nor line breaks.
+	// change keyGenAlg to "rsa-ex"
+	var keyTransportCert = null;
+	//var keyGenAlg = "rsa-ex";
+	var keyGenAlg = "rsa-dual-use";
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			//certNickname.value = uid.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				"CN=undefined", 
+               	"regToken", "authenticator", 
+			keyTransportCert,
+                "setCRMFRequest();", 
+                1024, null, keyGenAlg);
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/ee/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Based User Enrollment for Single Certs - Directory Based <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a certificate. You
+will be asked to do an SSL client authentication.  The certificate you
+use to authenticate must be issued by an approved authority.   On success, the user ID and password supplied on this
+form will be used to individualize the certificate eventually approved. 
+  If SSL client authentication is successful, and the user ID and
+password are correct your certificate will be issued
+  automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/ee/certbasedenrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This 
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+                <!-- for cert-based enrollment -->
+                <input type="hidden" name="requestFormat" value="clientAuth">
+                <input type="HIDDEN" name="doSslAuth" value="on">
+                <input type="HIDDEN" name="certauthEnroll" value="on">
+                <input type="HIDDEN" name="certauthEnrollType" value="single">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+		}
+
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+//<!--
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When you submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+		  'system administrator about the provider to specify.');
+
+	   document.writeln('<p>');
+	   document.writeln('<td>');
+           document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+           document.writeln('Cryptographic Provider:');
+           document.writeln('</font>');
+	   document.writeln('</td>');
+	   document.writeln('<td>');
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+	   document.writeln('</td>');
+	   document.writeln('<p>');
+	}
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="UserDirEnrollment">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ChallengeRevoke1.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ChallengeRevoke1.html
new file mode 100644
index 000000000..ea4916cdb
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ChallengeRevoke1.html
@@ -0,0 +1,175 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Revoke a Certificate using a challenge password</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../cms-funcs.js"></script>
+
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+  with (form) {
+      if (challengePhrase.value == "") {
+          alert("The challenge phrase password field cannot be empty.");
+          return false;
+      }
+          if (certSerialToRevoke.value == "") {
+              alert("You must supply the Serial Number of the certificate to be revoked.");
+              return false;
+          } else {
+              if (isDecimalNumber(form.certSerialToRevoke.value) ||
+                isHexNumber(form.certSerialToRevoke.value)) {
+                  form.certSerialToRevoke.value = trim(form.certSerialToRevoke.value);
+              } else {
+                  alert("You must specify a hexadecimal or decimal number " +
+                    "for the serial number.");   
+                  return false;
+              } 
+          }
+  } 
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Certificate Revocation using a challenge password</font><br>
+<p>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to revoke your certificate(s) automatically.
+<p>
+After you click the submit button, the valid certificate with the serial number and the matched
+challenge phrase password will get revoked automatically.
+</font>
+<form method="post" action="challenge_revocation1" onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Certificate Revocation Information</b><br>
+Please enter the serial number of the certificate to be revoked in the certificate. The serial number should be in either hexadecimal form(starting with 0x) or decimal form.</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+       <div align="RIGHT">
+        <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Serial Number: </font>
+       </div>
+      </td>
+      <td valign="TOP"> 
+          <input type="TEXT" name="certSerialToRevoke" size="30"> 
+      </td>
+    </tr>
+
+    <tr>
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Authentication Information</b><br>
+Enter the challenge password associated with this certificate for authenticating this request.</font></td>
+    </tr>
+    <tr>
+      <td valign="TOP">
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Challenge Password: </font>
+        </div>
+      </td>
+      <td valign="TOP">
+        <input type="PASSWORD" name="challengePhrase" AutoComplete=off size="30">
+      </td>
+    </tr>
+
+</table>
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr>
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Revocation Reason</b><br>
+Select a revocation reason.</font></td>
+    </tr>
+    <tr>
+      <td valign="TOP">
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+          </font>
+        </div>
+      </td>
+      <td>
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        <input type="radio" checked name="reasonCode" value=0>
+        Unspecified<br>
+        <input type="radio" name="reasonCode" value=1>
+        Key Compromise<br>
+        <!--input type="radio" name="reasonCode" value=2-->
+        <!-- CA Compromise<br> -->
+        <input type="radio" name="reasonCode" value=3>
+        Affiliation Changed<br>
+        <input type="radio" name="reasonCode" value=4>
+        Superseded<br>
+        <input type="radio" name="reasonCode" value=5>
+        Cessation of Operation<br>
+        <!--input type="radio" name="reasonCode" value=6-->
+        <!--Certificate Hold<br>-->
+        <!--Value 7 is not used-->
+        <!--input type="radio" name="reasonCode" value=8-->
+        <!--Remove from CRL<br>-->
+        <input type="radio" name="reasonCode" value=9>
+        Privilege Withdrawn<br>
+        <!--input type="radio" name="reasonCode" value=10-->
+        <!--AA Compromise<br>-->
+        </font>
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr>
+      <td colspan="2">
+        <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        <b>Additional Comments</b><br>
+        If you want to include any additional comments in your revocation request, write them here.
+        </font>
+      </td>
+    </tr>
+    <tr>
+      <td>
+        <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea>
+      </td>
+    </tr>
+  <br>
+
+    <tr>
+      <td valign="TOP" colspan="2">
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr>
+            <td>
+              <div align="RIGHT">
+                <input type="submit" value="submit" name="submit" width="72">
+                                <input type="hidden" name="templateType" value="RevocationConfirmation">
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6">
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/DirPinUserEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/DirPinUserEnroll.html
new file mode 100644
index 000000000..2e5a28aca
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/DirPinUserEnroll.html
@@ -0,0 +1,533 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory and Pin-Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UidPwdPinDirAuth' (LDAP directory+pin
+// enrollment) has been configured in the console.
+
+
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+         if (pin.value == "") {
+            alert("You must supply your Personal Identification Number");
+               return false;
+         }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			//certNickname.value = uid.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				"CN=undefined", 
+               	"regToken", "authenticator", 
+			null,
+                "setCRMFRequest();", 
+                1024, null, "rsa-dual-use");
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+ If (TheForm.pin.Value = Empty) Then
+    ret = MsgBox("You must supply your pin for certificate enrollment", 0, "MSIE Certificate Request")
+    Exit Sub
+ End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Directory And PIN Based User Enrollment <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a personal certificate through your
+  organization's directory.  Your user ID and
+  password for the directory and a one time personal identification number
+  (PIN) assigned by your system administrator are required for this automatic
+  method of certificate issuance. If the user ID, password and PIN are correct
+  your certificate will be issued automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+    Enter your user ID and password for your organization's directory and
+    the one time PIN given by your system administrator.
+    This information will be used to verify your identity and to obtain
+    information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Enter the PIN your system administrator has communicated to you for certificate enrollment.</font>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">PIN: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pin" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+
+		} 
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+//<!--
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<b>Public/Private Key Information</b><br>');
+                document.writeln(
+                  'When you submit this form, your browser generates a private and '+
+                  'public key. The browser retains the private key and submits the '+
+                  'public key along with your request for a certificate. '+
+                  'The public key becomes part of your certificate. '+
+                  '<P>'+
+                  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+                  'system administrator about the provider to specify.');
+
+           document.writeln('<p>');
+           document.writeln('<td>');
+           document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+           document.writeln('Cryptographic Provider:');
+           document.writeln('</font>');
+           document.writeln('</td>');
+           document.writeln('<td>');
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+           document.writeln('</td>');
+           document.writeln('<p>');
+	}
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="PinDirEnrollment">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/DirUserEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/DirUserEnroll.html
new file mode 100644
index 000000000..57947e566
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/DirUserEnroll.html
@@ -0,0 +1,517 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UidPwdDirAuth' (LDAP directory enrollment)
+// has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+	// To enable key archival, replace "null" with the transport 
+	// certificate without "BEBIN..." "END..", nor line breaks.
+	// change keyGenAlg to "rsa-ex"
+	var keyTransportCert = null;
+	//var keyGenAlg = "rsa-ex";
+	var keyGenAlg = "rsa-dual-use";
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			//certNickname.value = uid.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				"CN=undefined", 
+               	"regToken", "authenticator", 
+			keyTransportCert,
+                "setCRMFRequest();", 
+                1024, null, keyGenAlg);
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Directory Based User Enrollment <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a personal certificate through your
+  organization's directory. With directory based enrollment, you need only 
+  supply your user ID and password for the directory; the directory 
+  supplies the rest of the information needed for certificate issuance. 
+  If the user ID and password are correct your certificate will be issued
+  automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+Enter your user ID and password for your organization's directory. This 
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+		}
+
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+//<!--
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When you submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+		  'system administrator about the provider to specify.');
+
+	   document.writeln('<p>');
+	   document.writeln('<td>');
+           document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+           document.writeln('Cryptographic Provider:');
+           document.writeln('</font>');
+	   document.writeln('</td>');
+	   document.writeln('<td>');
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+	   document.writeln('</td>');
+	   document.writeln('<p>');
+	}
+
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="UserDirEnrollment">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+        If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+          first = j
+        End If
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+        Else
+	  TheForm.cryptprovider.selectedIndex = first
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/DisplayCRL.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/DisplayCRL.html
new file mode 100644
index 000000000..b4c2cd635
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/DisplayCRL.html
@@ -0,0 +1,169 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Review Certificate Revocation List</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function checkSubmit(form)
+{
+    if (form.op[0].checked) {
+        if (form.certSerialNumber.value != "") {
+            form.certSerialNumber.value =
+                trim(form.certSerialNumber.value);
+        }
+        if (form.certSerialNumber.value != "") {
+            if (!isNumber(form.certSerialNumber.value,10)) {
+                if (isNumber(form.certSerialNumber.value,16)) {
+                    canonicalHex = "0x" +
+                        removeColons(stripPrefix(form.certSerialNumber.value));
+                    form.certSerialNumber.value = canonicalHex;
+                } else {
+                    alert("You must enter a valid hexadecimal "+
+                          "or decimal certificate serial number.");
+                    return false;
+                }
+            }
+        } else {
+            alert("You must enter a certificate serial number.");
+            return false;
+        }
+
+        if (isNegative(form.certSerialNumber.value)) {
+            alert("Certificate serial number can only "+
+                  "be represented by positive number.");
+            return false;
+        }
+    }
+    return true;
+}
+//-->
+</SCRIPT>
+</HEAD>
+
+
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate Revocation List
+</font><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to check whether a particular certificate has been revoked or 
+to import the latest Certificate Revocation List. 
+</font>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Select one of these actions</b></font>
+
+<FORM action=getCRL method=post onSubmit="return checkSubmit(this)">
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td><input type=RADIO name="op" value="checkCRL" checked></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Check whether the following certificate is revoked</font>
+    </td>
+  </tr>
+    <td></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Certificate serial number:&nbsp;</font>
+      <input type=text size=10 MAXLENGTH=99 name="certSerialNumber" value="">
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="importCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Import the latest CRL to your browser</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="importDeltaCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Import the latest delta CRL to your browser</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="getCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	  Download the latest CRL in binary form</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="getDeltaCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	  Download the latest delta CRL in binary form</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="displayCRL"></td>
+	<td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Display the CRL information:</font>&nbsp;&nbsp;
+      <SELECT NAME="crlDisplayType">
+        <OPTION VALUE="entireCRL" SELECTED>Entire CRL
+        <OPTION VALUE="crlHeader">CRL header
+        <OPTION VALUE="base64Encoded">Base64 encoded
+        <OPTION VALUE="deltaCRL">Delta CRL
+      </SELECT>
+    </td>
+  </tr>
+</table>
+
+
+<!-- this could be a text box to support different crl issue point -->
+<input type=hidden name=crlIssuingPoint value="MasterCRL">
+
+<br>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#E5E5E5" background="/ca/ee/graphics/gray90.gif">
+  <tr> 
+    <td ALIGN=RIGHT>
+      <input TYPE="hidden" NAME="pageStart" VALUE="1">
+      <input TYPE="hidden" NAME="pageSize" VALUE="50">
+      <input type="submit" value="Submit" name="submit" width="72">
+    </td>
+  </tr>
+</table>
+
+</FORM>
+
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/EnrollSuccess.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/EnrollSuccess.template
new file mode 100644
index 000000000..771c6fb1b
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/EnrollSuccess.template
@@ -0,0 +1,248 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<head>
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+</head>
+
+
+<CMS_TEMPLATE>
+
+
+<BODY bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+// page starts here
+if (typeof(result.fixed.replyTo) == 'undefined' || result.fixed.replyTo == null) {
+    document.writeln('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Enrollment Success');
+    document.writeln('</font>');
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('<P>');
+    document.writeln('Congratulations, your certificate has been issued.'); 
+    document.writeln('</font>');
+    document.writeln('<br>&nbsp');
+
+    if (typeof(result.recordSet) == 'undefined' ||
+        result.recordSet == null || result.recordSet.length == 0) {
+        document.writeln('<P>');
+        document.writeln('<BLOCKQUOTE><B><PRE>');
+        document.writeln('No more information on your certificate is provided.');
+        document.writeln('Please consult your local administrator for assistance.');
+        document.writeln('</PRE></B></BLOCKQUOTE>');
+    } else {
+        for (var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].serialNo != null) {
+                document.writeln('<P>');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.write('Your certificate in Base 64 encoded form:<BR>');
+                document.writeln('</font>');
+                document.write('<PRE>');
+                document.writeln(result.recordSet[i].base64Cert);
+                document.write('</PRE>');
+                document.writeln('<P>');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.write('Certificate Content: <BR>');
+                document.writeln('</font>');
+                document.write('<PRE>');
+                document.writeln(result.recordSet[i].certPrettyPrint);
+                document.write('</PRE>');
+            }
+        }
+        if (result.fixed.keyrecId != null) {
+            document.write('Your key is archived successfully.');
+            document.writeln('<BLOCKQUOTE><PRE>');
+            document.writeln('Key Identifier: ' + toHex(result.fixed.keyrecId));
+            document.writeln('</PRE></BLOCKQUOTE>');
+        }
+    }
+}
+
+// NOTE: importUserCertificate should be done before this point  but 
+// it creates a javascript error that clobbers the result variable set in 
+// the template. 
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && 
+    typeof(crypto.version) != "undefined" && typeof(result.fixed.crmfReqId != "undefined")&& typeof(result.fixed.importCMC) == "undefined") {
+    if (result.fixed.crmfReqId != null) {
+        //alert('certNickname is '+result.fixed.certNickname);
+        //alert(result.fixed.cmmfResponse);
+
+        // NOTE: 
+        var errors = crypto.importUserCertificates(null, result.fixed.cmmfResponse, false);
+        // var errors = crypto.importUserCertificates(result.fixed.certNickname,
+        //                                            result.fixed.cmmfResponse, false);
+
+        // NOTE: Alpha version of cartman always returns a non-empty string 
+        // from importUserCertificates() so we can only always assume succcess. 
+        // Uncomment the following line and add appropriate javascripts/messages 
+        // for use with a later version of cartman.
+
+        if (typeof(result.fixed.replyTo) == 'undefined' || result.fixed.replyTo == null) {
+            if (errors != '') {
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.writeln('<b>ERROR</b>Could not import the certificate into your browser '+
+                                 'using nickname '+result.fixed.certNickname+'.<p>');
+                document.writeln('The following error message was returned by the browser '+
+                                 'when importing the certificate:');
+                document.writeln('</font>');
+                document.writeln('<BLOCKQUOTE><PRE>');
+                document.writeln(errors);
+                document.writeln('</PRE></BLOCKQUOTE>');
+            } else {
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.writeln('Your certificate was successfully imported to the browser '+
+                                 'with nickname '+result.fixed.certNickname);
+                document.writeln('</font>');
+            }
+        }
+    } else {
+        for (var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].serialNo != null) {
+                window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + 
+                                  result.fixed.port + "/ee/getBySerial?serialNumber=" + 
+                                  record.recordSet[i].serialNo + "&importCert=true";
+            }
+        }
+        if (result.recordSet.length > 0)
+            alert("Your cert has been imported into the browser!");
+    }
+} else if (navigator.appName == 'Netscape' && (navMajorVersion() >= 3) && result.fixed.importCMC == "undefined") {
+    if (result.fixed.authorityName == 'Certificate Manager') {
+        // non Cartman
+        for (var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].serialNo != null) {
+                window.location = result.fixed.scheme + "://" + result.fixed.host + ":" +
+                                  result.fixed.port + "/ee/getBySerial?serialNumber=" + 
+                                  record.recordSet[i].serialNo + "&importCert=true";
+            }
+        }
+        if (result.recordSet.length > 0)
+            alert("Your cert has been imported into the browser!");
+    } else {
+        // this must be a RA
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":" +
+                          result.fixed.port + "/getCertFromRequest?requestId=" +
+                          result.fixed.requestId + "&importCert=true";
+        alert("Your cert has been imported into the browser!");
+    }
+}
+
+//-->
+</SCRIPT>
+
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+	Sub ImportCertificate
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+
+	ImportCertificate()
+-->
+</SCRIPT>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+if (typeof(result.fixed.replyTo) != 'undefined' && result.fixed.replyTo != null) {
+    //alert('replyTo='+result.fixed.replyTo);
+    var loc = result.fixed.replyTo;
+    if (result.fixed.requestId != null)
+        loc += "&requestId=" + result.fixed.requestId;
+    if (result.recordSet.length > 0 && result.recordSet[0].serialNo != null)
+        loc += "&certificateSerialNumber=" + result.recordSet[0].serialNo;
+    //alert('loc='+loc);
+    window.location = loc; 
+}
+//-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/GetCAChain.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/GetCAChain.html
new file mode 100644
index 000000000..f21f606df
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/GetCAChain.html
@@ -0,0 +1,107 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Get CA Chain</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+</SCRIPT>
+</HEAD>
+
+
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import CA Certificate Chain
+</font><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to import the CA certificate chain into your browser (users) 
+or your server (administrators). This is a one-time operation. 
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM action=getCAChain method=post>
+
+<TABLE border=0 cellpadding=1 cellspacing=1>
+<tr><td>
+	<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Users
+	</font>
+</td></tr>
+<tr><td>
+	<input type=RADIO name="op" checked value="download">
+	<input type=hidden name="mimeType" value="application/x-x509-ca-cert">
+	<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Import the CA certificate chain into your browser 
+	</font>
+</td></tr>
+<tr><td>
+	<input type=RADIO name="op" value="downloadBIN">
+	<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Download the CA certificate chain in binary form
+	</font>
+</td></tr>
+<tr><td>
+	<input type=RADIO name="op" value="display">
+	<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Display the CA certificate chain in PKCS#7 for importing into a server
+	</font>
+</td></tr>
+<tr><td>
+	<input type=RADIO name="op" value="displayIND">
+	<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Display certificates in the CA certificate chain for importing 
+	individually into a server
+	</font>
+</td></tr>
+</table>
+
+<p>
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+
+</FORM>
+
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ImportAdminCert.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ImportAdminCert.template
new file mode 100644
index 000000000..e52764ec6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ImportAdminCert.template
@@ -0,0 +1,58 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>VBScript Administrator Certificate Enrollment
+</TITLE>
+<CMS_TEMPLATE>
+<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"
+    codebase="xenroll.dll"
+    id=Enroll >
+</OBJECT>
+<SCRIPT language="VBScript">
+<!--
+                Dim pkcs7
+
+                On Error Resume Next
+
+                'Convert the cert to PKCS7 format
+                pkcs7 = result.header.pkcs7
+                If (IsEmpty(pkcs7) OR theError <> 0) Then
+                    ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+                End If
+
+                'Import the PKCS7 object
+                Enroll.DeleteRequestCert = FALSE
+                Enroll.WriteCertToCSP = true
+                Enroll.acceptPKCS7(pkcs7)
+                if err.number <> 0 then
+                        Enroll.WriteCertToCSP = false
+                end if
+                err.clear
+                Enroll.acceptPKCS7(pkcs7)
+                if err.number = 0 then
+                    MsgBox "Certificate has been successfully imported."
+                else
+                    sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+                    MsgBox sz
+                end if
+-->
+</SCRIPT>
+</head>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ImportCert.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ImportCert.template
new file mode 100644
index 000000000..8df83eca9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ImportCert.template
@@ -0,0 +1,242 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+//document.writeln('<P>');
+//document.writeln('host  '+result.fixed.host+'<BR>');
+//document.writeln('port  '+result.fixed.port+'<BR>');
+//document.writeln('scheme  '+result.fixed.scheme+'<BR>');
+//document.writeln('authority  '+result.fixed.authorityName+'<BR>');
+
+function navMajorVersion()
+{
+	return parseInt(
+		navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+document.writeln('Importing the following certificate to your browser:');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No more information on your certificate is provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			//document.write('Serial number ');
+			//document.write('<BLOCKQUOTE><B><PRE>');
+			//document.writeln(result.recordSet[i].serialNo);
+			//document.write('</BLOCKQUOTE></B></PRE>');
+			//document.writeln('<P>');
+			//document.write('Your certificate in Base 64 encoded form:<BR>');
+			//document.write('<BLOCKQUOTE><PRE>');
+			//document.writeln(result.recordSet[i].base64Cert);
+			//document.write('</PRE></BLOCKQUOTE>');
+			document.writeln('<P>');
+			document.write('Certificate Content: <BR>');
+			document.write('<BLOCKQUOTE><PRE>');
+			document.writeln(result.recordSet[i].certPrettyPrint);
+			document.write('</PRE></BLOCKQUOTE>');
+		}
+	}
+	document.writeln('</UL>');
+
+}
+
+// NOTE: importUserCertificate should be done before this point  but 
+// it creates a javascript error that clobbers the result variable set in 
+// the template. 
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && 
+	typeof(crypto.version) != "undefined" && 
+	typeof(result.fixed.crmfReqId) != "undefined") {
+	//alert('certNickname is '+result.fixed.certNickname);
+	//alert(result.fixed.cmmfResponse);
+	var errors = crypto.importUserCertificates(null,
+				 result.fixed.cmmfResponse, false);
+	// var errors = crypto.importUserCertificates(result.fixed.certNickname,
+	//			 result.fixed.cmmfResponse, false);
+
+	// NOTE: Alpha version of cartman always returns a non-empty string 
+	// from importUserCertificates() so we can only always assume succcess. 
+	// Uncomment the following line and add appropriate javascripts/messages 
+	// for use with a later version of cartman.
+	// This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below 
+	// to check for errors returned from importUserCertificates.  
+	if (errors != '') {
+		document.writeln(
+			'<b>ERROR</b>Could not import the certificate into your browser '+
+			'using nickname '+result.fixed.certNickname+'.<p>');
+		document.writeln(
+			'The following error message was returned by the browser '+
+			'when importing the certificate:');
+		document.writeln('<BLOCKQUOTE><PRE>');
+		document.writeln(errors);
+		document.writeln('</PRE></BLOCKQUOTE>');
+	}
+	else {
+		document.writeln(
+			'Your certificate was successfully imported to the browser '+
+			'with nickname '+result.fixed.certNickname);
+	}
+
+//	document.writeln(
+//		'NOTE: '+
+//		'The following was returned by the browser when importing '+
+//		'the certificate:');
+//	document.writeln('<BLOCKQUOTE><PRE>');
+//	document.writeln(errors);
+//	document.writeln('</PRE></BLOCKQUOTE>');
+//	document.writeln(
+//		'If there was an error message it could be that you do not have '+
+//		'the private key of the certificate you are trying to import. '+
+//		'Please consult your system administrator for assistance.');
+}
+
+//-->
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'>
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+
+        'Get OS Version, works for Vista and below only
+        Function GetOSVersion
+               dim agent
+               dim res
+               dim pos
+
+               agent = Navigator.appVersion
+               pos = InStr(agent,"NT 6.")
+
+               If pos > 0 Then
+                  GetOSVersion = 6
+                  Exit Function
+               End If
+
+               pos = InStr(agent,"NT 5.")
+
+               If pos > 0 Then
+                  GetOSVersion = 5
+                  Exit Function
+               End If
+
+               GetOSVersion = 5
+        End Function
+
+	Sub ImportCertificate
+		Dim pkcs7
+                Dim res
+                Dim osVersion
+
+		On Error Resume Next
+                osVersion = GetOSVersion()
+                 
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+                If osVersion <> 6 Then  'Not Vista
+
+		  'Import the PKCS7 object
+		  Enroll.DeleteRequestCert = FALSE
+		  Enroll.WriteCertToCSP = true
+		  Enroll.acceptPKCS7(pkcs7)
+		  if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		  end if
+		  err.clear
+		  Enroll.acceptPKCS7(pkcs7)
+		  if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		  else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		  end if
+		  Exit Sub
+                Else  'Vista
+                  Dim enrollObj
+
+                  Set enrollObj = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+		  If IsObject(enrollObj) =  False Then
+                    res = MsgBox("Can't create Enroll Object!")
+                    Exit Sub
+                  End If
+
+                  enrollObj.Initialize(1)
+                  enrollObj.InstallResponse 0,pkcs7,6,""
+
+                  If Err.number <> 0 Then
+                    sz = "Error in InstallResponse. Error Number " & Hex(err.number) & " occurred."
+                    res =MsgBox(sz & Err.description)
+                  else
+                    res = MsgBox("Certificate has been successfully imported.")
+                  End If
+                End If
+	End Sub
+
+	ImportCertificate()
+-->
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/KeyRecovery.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/KeyRecovery.html
new file mode 100644
index 000000000..b3a9e4676
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/KeyRecovery.html
@@ -0,0 +1,41 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+   <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
+   <META NAME="GENERATOR" CONTENT="Mozilla/4.03 [en]C-NSCP  (WinNT; U) [Netscape]">
+   <TITLE>Key Recovery</TITLE>
+</HEAD>
+<BODY BGCOLOR="#FFFFFF">
+<SCRIPT LANGUAGE="JavaScript">
+
+</SCRIPT>
+
+<CENTER>
+<H2>
+User Initiated Key Recovery</H2></CENTER>
+
+<BLOCKQUOTE>
+<CENTER>Key Recovery is supported only for clients that support dual certificates - one for signing and another for encryption. At this time key recovery is not supported.
+<p>
+</CENTER>
+
+</BLOCKQUOTE>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManCAEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManCAEnroll.html
new file mode 100644
index 000000000..b96909fb0
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManCAEnroll.html
@@ -0,0 +1,162 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request a CA Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+  with (form) {
+	 if (pkcs10Request.value == "")
+	 {
+		alert("You must enter the base64-encoded certificate request.");
+		return false;
+	 }
+     if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+	alert("You must supply a name and either a phone number or an email address.");
+	return false;
+     }
+  }
+  // form.submit();
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Manager Enrollment (for Certificate Manager Administrators) 
+</font><br>
+  <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a subordinate certificate authority's 
+  signing certificate. 
+<p> 
+  After you click the Submit button, your request will be submitted to an
+  issuing agent for approval. The certificate will be emailed to you. 
+</font>
+<form method="post" action="/enrollment/pkcs10-server"
+onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br>
+A PKCS #10 request is generated during the installation of the Certificate Manager.
+Paste the certificate authority's PKCS #10 request into this text area. 
+      </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+        </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+	</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorName" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+	  If you have additional comments for the person who will process your 
+	  certificate request, write them here. 
+        </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="requestFormat" value="pkcs10">
+				<input type="hidden" name="certType" value="ca">
+				<!-- for Netscape Certificate Type Extension -->
+				<input type="HIDDEN" value="true" name="ssl_client">
+				<input type="HIDDEN" value="true" name="email_ca">
+				<input type="HIDDEN" value="true" name="ssl_ca">
+				<input type="HIDDEN" value="true" name="object_signing_ca">
+				<!-- for Key Usage Extension -->
+				<input type="HIDDEN" name="digital_signature" value=true>
+				<input type="HIDDEN" name="non_repudiation" value=true>
+				<input type="HIDDEN" name="key_certsign" value=true>
+				<input type="HIDDEN" name="crl_sign" value=true>
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManObjSignEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManObjSignEnroll.html
new file mode 100644
index 000000000..04f37b650
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManObjSignEnroll.html
@@ -0,0 +1,693 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>User Certificate Request Form</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+</SCRIPT>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function setSignType(f)
+{
+   if ((f.certType.options[0].selected)) {
+     alert("You must select Signing-Type");
+     return;
+   }
+   else if (f.certType.options[1].selected)
+     f.object_signing.value = true;
+   else if (f.certType.options[2].selected)
+     f.object_signing.value = false;
+}
+
+function updateEmail(f)
+{
+   if (f.E.value != '') {
+     f.csrRequestorEmail.value = f.E.value;
+   }
+   formulateDN(f, f.subject);
+}
+
+function formDNandReload()
+{
+    formulateDN(document.forms[0], document.forms[0].subject);
+    updateEmail(document.forms[0]);
+}
+
+function validate(form)
+{
+
+	if ((form.certType.options[0].selected)) {
+	   alert("You must select Signing-Type");
+	   return false;
+	}
+
+	with (form) {
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+        // To enable key archival, replace "null" with the transport
+        // certificate without "BEBIN..." "END..", nor line breaks.
+        // change keyGenAlg to "rsa-ex"
+        var keyTransportCert = null;
+        //var keyGenAlg = "rsa-ex";
+        var keyGenAlg = "rsa-dual-use";
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			certNickname.value = subject.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				subject.value,
+               	"regToken", "authenticator", 
+		keyTransportCert,
+                "setCRMFRequest();", 
+                1024, null, keyGenAlg);
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN(a,b)
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.C.Value <> Empty) Then
+			If doubleQuotes(TheForm.C.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Country field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "C=" & escapeDNComponent(TheForm.C.Value)
+		End If
+
+		If (TheForm.O.Value <> Empty) Then
+			If doubleQuotes(TheForm.O.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Organiztion field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "O=" & escapeDNComponent(TheForm.O.Value)
+		End If
+
+		If (TheForm.OU.Value <> Empty) Then
+			If doubleQuotes(TheForm.OU.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Org Unit field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value)
+		End If
+
+		If (TheForm.UID.Value <> Empty) Then
+			If doubleQuotes(TheForm.UID.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID.Value)
+		End If
+
+		If (TheForm.CN.Value <> Empty) Then
+			If doubleQuotes(TheForm.CN.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Common Name field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value)
+		End If
+
+		If (TheForm.E.Value <> Empty) Then
+			If doubleQuotes(TheForm.E.Value) = True Then
+				MsgBox "Double quotes are not allowed in the eMail field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "E=" & escapeDNComponent(TheForm.E.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.CN.Value = Empty) Then 
+    ret = MsgBox("You must supply your name for the certificate", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.csrRequestorEmail.Value = Empty) AND (TheForm.csrRequestorPhone.Value = Empty) Then
+	ret = MsgBox("You must supply a phone number or email address", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN("","")
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security' 
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection you would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.csrRequestorName.Value = TheForm.CN.Value
+
+  ' TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<script lang=javascript>
+//<!--
+	if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+		// shortcut for version 3.x or less, crypto is not defined
+        	document.writeln(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else if (navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined") { 
+        document.writeln(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else {
+        document.writeln(
+			'<form name="ReqForm" method="post" action="/enrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+//-->
+</script>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Manual Object Signing Enrollment
+</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Use this form to submit a request for an object signing certificate. 
+  After you click the Submit button, your request will be submitted to an 
+  issuing agent for approval. When an issuing agent has approved your request
+  you will receive the certificate in email, along with instructions for 
+  installing it.
+  </font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> 
+      </font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use the certificate.
+	  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	<b>User's Identity</b><br>
+	  </font>
+	  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	Enter values for the fields you want to have in your certificate. 
+	Your site may require you to fill in certain fields. <br>(* = required field)</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+		  * Full name: 
+		  </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="HIDDEN" name="csrRequestorName">
+        <input type="TEXT" name="CN" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Login name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="UID" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="E" size="30" onchange="updateEmail(this.form)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Organization unit: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Country: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="C" value="US" size=2 maxlength=2 
+onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+        </div>
+      </td>
+      <td valign="TOP">&nbsp; </td>
+    </tr>
+    <tr> 
+    </tr>
+
+    <tr>
+    <td colspan="2" valign="TOP">
+          <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-seri
+f">
+          <b>
+          Select Signing Type
+          </b><br>
+      </font>
+          <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size=
+"-1">
+        Select a signing type that the certificate will be used. </font></td>
+    </tr>
+
+    <tr>
+      <td valign="TOP">
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-se
+rif">Signing Type: </font>
+        </div>
+      </td>
+      <td valign="TOP">
+        <SELECT NAME="certType" onchange="setSignType(document.forms[0])">
+                <OPTION value="" SELECTED>Select Signing-Type
+                <OPTION value="client">Netscape Object-Signing
+                <OPTION value="codeSignClient">Microsoft Authenticode
+        </SELECT>
+      </td>
+    </tr>
+
+    <tr>
+      <td colspan="2" valign="TOP">&nbsp;</td>
+    </tr>
+
+
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>
+	  Contact Information
+	  </b><br>
+      </font>
+	  <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+        Enter an email address or phone number at which you can be contacted 
+        regarding this request. </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>
+	  Additional Comments
+	  </b><br>
+	  </font>
+     <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  If you have any comments for the person who will process your certificate request, write them here.
+		</font>
+	  </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+<script>
+		if (navigator.appName == 'Netscape' &&
+                        (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+	  		document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+     			document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+		}
+		if (navigator.appName == "Microsoft Internet Explorer") {
+	  		document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+     			document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+		}
+</script>
+     <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script>
+		if (navigator.appName == 'Netscape' &&
+                        (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+			document.writeln('Select the length of the key to generate. '+
+				'The longer the key length, the greater the strength. '+
+				'You may want to check with your system administrator about '+
+				'the length of key to specify.');
+		}
+		if (navigator.appName == "Microsoft Internet Explorer") {
+			document.writeln('The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+                  'system administrator about the provider to specify.');
+		}
+</script>
+		</font>
+		</td>
+    </tr>
+    <tr> 
+		<td>
+<script>
+		if (navigator.appName == 'Netscape' &&
+                        (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+	      document.writeln(
+		  '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+		  document.writeln('Key Length:');
+		  document.writeln('</font>');
+		}
+	if (navigator.appName == "Microsoft Internet Explorer") {
+	      document.writeln(
+		  '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+		  document.writeln('Cryptographic Provider:');
+		  document.writeln('</font>');
+		}
+</script>
+		</td>
+		<td>
+<script>
+		//<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  if (navigator.appName == 'Netscape') {
+		  if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == 'undefined') {
+			  document.write('<KEYGEN name="subjectKeyGenInfo">');
+		  }
+		  //</font>
+	  }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+	}
+
+</script>
+	   </td>
+	</tr>
+</table>
+
+<script lang=javascript>
+document.write('<table border="0" width="100%" cellspacing="0" '+
+       'cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">' +
+       '<tr> <td> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape") {
+
+  if (navMajorVersion() <= 3) {
+    // shortcut for version 3.x or less, crypto is not defined
+    document.writeln(
+    '<input type="submit" value="Submit" '+
+    'name="submit" width="72">');
+    } 
+  else if (typeof(crypto.version) == "undefined") {
+    document.writeln(
+      '<input type="submit" value="Submit" '+
+      'name="submit" width="72">');
+  } else {
+    // alert('nsm');
+    document.writeln(
+      '<input type="button" value="Submit" '+
+      'name="submitbutton" '+
+      'onclick="validate(form)" width="72">');
+  
+    document.write(
+      '<input type="hidden" name=CRMFRequest value="">');
+    document.write(
+      '<input type=hidden name=cmmfResponse value=true>');
+    document.write(
+      '<input type=hidden name=certNickname value="">');
+    }
+  }
+else if (navigator.appName == "Microsoft Internet Explorer") {
+  document.writeln(
+     '<input type="submit" value="Submit" '+
+     'name="Send" width="72">');
+  document.write(
+     '<input type="hidden" name="pkcs10Request" value="">');
+}
+
+document.write(
+   '<input type="hidden" name="subject" value="">' +
+   '<input type="hidden" name="requestFormat" value="keygen">' +
+   '<input type="hidden" name="object_signing" value="true">' +
+   '<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+   '<input type="reset" value="Reset" name="reset" width="72">' +
+   '</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManRAEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManRAEnroll.html
new file mode 100644
index 000000000..c1a807bc9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManRAEnroll.html
@@ -0,0 +1,156 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request a RA Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+  with (form) {
+	 if (pkcs10Request.value == "")
+	 {
+		alert("You must enter the base64-encoded certificate request.");
+		return false;
+	 }
+     if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+	alert("You must supply a name and either a phone number or an email address.");
+	return false;
+     }
+  }
+  // form.submit();
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Registration Manager Enrollment (for Registration Manager Administrators) 
+</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a Registration Manager's signing 
+  certificate. The Registration Manager will use this certificate to 
+  authenticate itself to the Certificate Manager.
+<p>
+  After you click the Submit button, your request will be submitted to an 
+  issuing agent for approval. The certificate will be emailed to you. 
+</font>
+<form method="post" action="/enrollment/pkcs10-server"
+onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br>
+	   A PKCS #10 request is generated during the installation of the 
+	   Registration Manager. <br>Paste the PKCS #10 request into this text area.
+	  </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+        </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorName" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+        If you have additional comments for the person who will process your 
+		certificate request, write them here.</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="requestFormat" value="pkcs10">
+				<input type="hidden" name="certType" value="ra">
+				<!-- for Netscape Certificate Type Extension -->
+				<input type="HIDDEN" value="true" name="ssl_client">
+				<!-- for Key Usage Extension -->
+				<input type="HIDDEN" name="digital_signature" value=true>
+				<input type="HIDDEN" name="non_repudiation" value=true>
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManServerEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManServerEnroll.html
new file mode 100644
index 000000000..ff15fee59
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManServerEnroll.html
@@ -0,0 +1,167 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request a Server Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+  with (form) {
+	 if (pkcs10Request.value == "")
+	 {
+		alert("You must enter the base64-encoded certificate request.");
+		return false;
+	 }
+     if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+	alert("You must supply a name and either a phone number or an email address.");
+	return false;
+     }
+  }
+  // form.submit();
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Server Certificate Enrollment (for Server Administrators)</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a server certificate. You must submit
+  a PKCS #10 request. If you have a Netscape server, create a PKCS#10 request 
+  by using the Netscape Administration Server instance associated with the 
+  server for which you are requesting the certificate. In the Netscape 
+  Administration Server forms, choose Encryption, then Request Server Certificate.
+<p> 
+  If you are not using a Netscape server, follow the appropriate steps to 
+  generate a PKCS #10 request with the server you have. 
+<p>
+  After you click the Submit button, your request will be submitted to 
+  an issuing agent for approval. You will receive the certificate in email
+  when it has been approved.
+</font>
+<form method="post" action="/enrollment"
+onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP">
+	<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>PKCS #10 Request</b><br>
+	Paste the PKCS #10 request into this text area. 
+	</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+	  <b>Server Administrator Contact Information<br></b>
+	  </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorName" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+		<b>Additional Comments </b><br>
+        If you have any additional comments for the person who will process 
+		your certificate request, write them here. </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="requestFormat" value="pkcs10">
+				<input type="hidden" name="certType" value="server">
+				<!-- for Netscape Certificate Type Extension -->
+				<input type="HIDDEN" value="true" name="ssl_server">
+				<!-- for Key Usage Extension -->
+				<input type="HIDDEN" name="digital_signature" value=true>
+				<input type="HIDDEN" name="non_repudiation" value=true>
+				<input type="HIDDEN" name="key_encipherment" value=true>
+				<input type="HIDDEN" name="data_encipherment" value=true>
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  <input type=hidden name="reencodeSubjectName" value="true">
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManUserEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManUserEnroll.html
new file mode 100644
index 000000000..8cc80148d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ManUserEnroll.html
@@ -0,0 +1,705 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>User Certificate Request Form</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+</SCRIPT>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function updateEmail(f)
+{
+   if (f.E.value != '') {
+     f.csrRequestorEmail.value = f.E.value;
+   }
+   formulateDN(f, f.subject);
+}
+
+function formDNandReload()
+{
+    formulateDN(document.forms[0], document.forms[0].subject);
+    updateEmail(document.forms[0]);
+}
+
+function validate(form)
+{
+
+	if (isValidCSR(form) == false) {
+		//alert(' is not valid csr');
+		return false;
+	}
+	with (form) {
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+        // To enable key archival, replace "null" with the transport
+        // certificate without "BEBIN..." "END..", nor line breaks.
+        // change keyGenAlg to "rsa-ex"
+        var keyTransportCert = null;
+        //var keyGenAlg = "rsa-ex";
+        var keyGenAlg = "rsa-dual-use";
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			certNickname.value = subject.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				subject.value,
+               	"regToken", "authenticator", 
+		keyTransportCert,
+                "setCRMFRequest();", 
+                1024, null, keyGenAlg);
+        }
+        if (challengePassword.value != confirmChallengePassword.value) {
+            alert("The challenge phrase password is not the same as the confirmed one.");
+            return false;
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN(a,b)
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.C.Value <> Empty) Then
+			If doubleQuotes(TheForm.C.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Country field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "C=" & escapeDNComponent(TheForm.C.Value)
+		End If
+
+		If (TheForm.O.Value <> Empty) Then
+			If doubleQuotes(TheForm.O.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Organiztion field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "O=" & escapeDNComponent(TheForm.O.Value)
+		End If
+
+		If (TheForm.OU.Value <> Empty) Then
+			If doubleQuotes(TheForm.OU.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Org Unit field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "OU=" & escapeDNComponent(TheForm.OU.Value)
+		End If
+
+		If (TheForm.UID.Value <> Empty) Then
+			If doubleQuotes(TheForm.UID.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.UID.Value)
+		End If
+
+		If (TheForm.CN.Value <> Empty) Then
+			If doubleQuotes(TheForm.CN.Value) = True Then
+				MsgBox "Double quotes are not allowed in the Common Name field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "CN=" & escapeDNComponent(TheForm.CN.Value)
+		End If
+
+		If (TheForm.E.Value <> Empty) Then
+			If doubleQuotes(TheForm.E.Value) = True Then
+				MsgBox "Double quotes are not allowed in the eMail field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "E=" & escapeDNComponent(TheForm.E.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.CN.Value = Empty) Then 
+    ret = MsgBox("You must supply your name for the certificate", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.csrRequestorEmail.Value = Empty) AND (TheForm.csrRequestorPhone.Value = Empty) Then
+	ret = MsgBox("You must supply a phone number or email address", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN("","")
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security' 
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection you would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.csrRequestorName.Value = TheForm.CN.Value
+
+  ' TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<script lang=javascript>
+//<!--
+	if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+		// shortcut for version 3.x or less, crypto is not defined
+        	document.writeln(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else if (navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined") { 
+        document.writeln(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else {
+        document.writeln(
+			'<form name="ReqForm" method="post" action="/enrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+//-->
+</script>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Manual User Enrollment
+</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Use this form to submit a request for a personal certificate. After you 
+  click the Submit button, your request will be submitted to an issuing agent 
+  for approval. When an issuing agent has approved your request
+  you will receive the certificate in email, along with instructions for 
+  installing it.
+  </font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> 
+      </font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use the certificate.
+	  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	<b>User's Identity</b><br>
+	  </font>
+	  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	Enter values for the fields you want to have in your certificate. 
+	Your site may require you to fill in certain fields. <br>(* = required field)</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+		  * Full name: 
+		  </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="HIDDEN" name="csrRequestorName">
+        <input type="TEXT" name="CN" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Login name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="UID" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="E" size="30" onchange="updateEmail(this.form)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Organization unit: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="OU" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="O" size="30" onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Country: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="C" value="US" size=2 maxlength=2 
+onchange="formulateDN(this.form, this.form.subject)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+        </div>
+      </td>
+      <td valign="TOP">&nbsp; </td>
+    </tr>
+    <tr> 
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+          </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" value="true" name="email">
+		<input type="HIDDEN" value="true" name="ssl_client">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP">&nbsp;</td>
+    </tr>
+    <tr>
+      <td colspan="2" valign="TOP">
+          <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+          <b>
+          Challenge Phrase Password (optional)
+          </b><br>
+      </font>
+          <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Enter a challenge phrase password which can be used for certificate revocation.
+          </font></td>
+    </tr>
+    <tr>
+      <td valign="TOP">
+      <div align="RIGHT">
+        <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font>
+      </div>
+      </td>
+      <td valign="TOP">
+        <input type="PASSWORD" name="challengePassword" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+      <td valign="TOP">
+      <div align="RIGHT">
+        <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Confirmed password: </font>
+      </div>
+      </td>
+      <td valign="TOP">
+        <input type="PASSWORD" name="confirmChallengePassword" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>
+	  Contact Information
+	  </b><br>
+      </font>
+	  <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+        Enter an email address or phone number at which you can be contacted 
+        regarding this request. </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>
+	  Additional Comments
+	  </b><br>
+	  </font>
+     <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  If you have any comments for the person who will process your certificate request, write them here.
+		</font>
+	  </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+<script>
+		if (navigator.appName == 'Netscape' &&
+                        (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+	  		document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+     			document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+		}
+		if (navigator.appName == "Microsoft Internet Explorer") {
+	  		document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Public/Private Key Information</b><br></font>');
+     			document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">When you submit this form, the browser generates a private key and a public key. It retains the private key and submits the public key along with your request for a certificate. The public key becomes part of the certificate. <p> </font>');
+		}
+</script>
+     <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script>
+		if (navigator.appName == 'Netscape' &&
+                        (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+			document.writeln('Select the length of the key to generate. '+
+				'The longer the key length, the greater the strength. '+
+				'You may want to check with your system administrator about '+
+				'the length of key to specify.');
+		}
+		if (navigator.appName == "Microsoft Internet Explorer") {
+			document.writeln('The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+                  'system administrator about the provider to specify.');
+		}
+</script>
+		</font>
+		</td>
+    </tr>
+    <tr> 
+		<td>
+<script>
+		if (navigator.appName == 'Netscape' &&
+                        (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+	      document.writeln(
+		  '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+		  document.writeln('Key Length:');
+		  document.writeln('</font>');
+		}
+	if (navigator.appName == "Microsoft Internet Explorer") {
+	      document.writeln(
+		  '<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+		  document.writeln('Cryptographic Provider:');
+		  document.writeln('</font>');
+		}
+</script>
+		</td>
+		<td>
+<script>
+		//<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  if (navigator.appName == 'Netscape') {
+		  if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == 'undefined') {
+			  document.write('<KEYGEN name="subjectKeyGenInfo">');
+		  }
+		  //</font>
+	  }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+	}
+
+</script>
+	   </td>
+	</tr>
+</table>
+
+<script lang=javascript>
+document.write('<table border="0" width="100%" cellspacing="0" '+
+       'cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">' +
+       '<tr> <td> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape") {
+
+  if (navMajorVersion() <= 3) {
+    // shortcut for version 3.x or less, crypto is not defined
+    document.writeln(
+    '<input type="submit" value="Submit" '+
+    'name="submit" width="72">');
+    } 
+  else if (typeof(crypto.version) == "undefined") {
+    document.writeln(
+      '<input type="submit" value="Submit" '+
+      'name="submit" width="72">');
+  } else {
+    // alert('nsm');
+    document.writeln(
+      '<input type="button" value="Submit" '+
+      'name="submitbutton" '+
+      'onclick="validate(form)" width="72">');
+  
+    document.write(
+      '<input type="hidden" name=CRMFRequest value="">');
+    document.write(
+      '<input type=hidden name=cmmfResponse value=true>');
+    document.write(
+      '<input type=hidden name=certNickname value="">');
+    }
+  }
+else if (navigator.appName == "Microsoft Internet Explorer") {
+  document.writeln(
+     '<input type="submit" value="Submit" '+
+     'name="Send" width="72">');
+  document.write(
+     '<input type="hidden" name="pkcs10Request" value="">');
+}
+
+document.write(
+   '<input type="hidden" name="subject" value="">' +
+   '<input type="hidden" name="requestFormat" value="keygen">' +
+   '<input type="hidden" name="certType" value="client">' +
+   '<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+   '<input type="reset" value="Reset" name="reset" width="72">' +
+   '</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+        If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+          first = j
+        End If
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+        Else
+	  TheForm.cryptprovider.selectedIndex = first
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/NISUserEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/NISUserEnroll.html
new file mode 100644
index 000000000..26915188d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/NISUserEnroll.html
@@ -0,0 +1,508 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>NIS Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'NISAuth' has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			//certNickname.value = uid.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				"CN=undefined", 
+               	"regToken", "authenticator", 
+			null,
+                "setCRMFRequest();", 
+                1024, null, "rsa-dual-use");
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your NIS uid for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your NIS password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+NIS Based User Enrollment <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a personal certificate through your
+  organization's NIS. With NIS based enrollment, you need only 
+  supply your user ID and password for the NIS; the directory 
+  supplies the rest of the information needed for certificate issuance. 
+  If the user ID and password are correct your certificate will be issued
+  automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+        } else
+	if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+</script>
+
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b><br>
+Enter your user ID and password for your organization's NIS. This 
+information will be used to verify your identity and to obtain
+information from the directory to fill in the certificate.
+  <br>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td width="30%" valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="pwd" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr>
+    </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+</td></tr>
+</table>
+
+
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Public/Private Key Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+
+			// short cut for Nav 3.x or eariler, crypto is not defined
+			document.writeln('Select the length of the key to generate. '+
+				'The longer the key length, the greater the strength. '+
+				'You may want to check with your system administrator about '+
+				'the length of key to specify.');
+		} 
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+
+//<!--
+        if (navigator.appName == "Netscape") {
+            document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td width="30%" valign=TOP>');
+				document.writeln('<div align=right>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</div>');
+				document.writeln('</td>');
+				document.write('<td valign=TOP>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td></table>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<b>Public/Private Key Information</b><br>');
+                document.writeln(
+                  'When you submit this form, your browser generates a private and '+
+                  'public key. The browser retains the private key and submits the '+
+                  'public key along with your request for a certificate. '+
+                  'The public key becomes part of your certificate. '+
+                  '<P>'+
+                  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+                  'system administrator about the provider to specify.');
+
+           document.writeln('<p>');
+           document.writeln('<td>');
+           document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+           document.writeln('Cryptographic Provider:');
+           document.writeln('</font>');
+           document.writeln('</td>');
+           document.writeln('<td>');
+	   document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+           document.writeln('</td>');
+           document.writeln('<p>');
+	}
+//-->
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/graphics/gray90.gif"> <tr> <td width=100%> <div align="RIGHT">');
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+			document.write('<img src="/graphics/spacer.gif" width="6" height="6">' +
+			'<input type="reset" value="Reset" name="reset" width="72">' +
+			'<input type="hidden" name="certType" value="client">' +
+			'<input type="hidden" name="authenticator" ' +
+			  '  value="NISAuth">');
+
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						//document.write(
+						  //'<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+              document.writeln('</div> </td> </tr> </table>');
+</script>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/OCSPResponder.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/OCSPResponder.html
new file mode 100644
index 000000000..4d14f513f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/OCSPResponder.html
@@ -0,0 +1,156 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request an OCSP Responder Certificate </TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function validate(form)
+{
+  with (form) {
+	 if (pkcs10Request.value == "")
+	 {
+		alert("You must enter the base64-encoded certificate request.");
+		return false;
+	 }
+     if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+	alert("You must supply a name and either a phone number or an email address.");
+	return false;
+     }
+  }
+  // form.submit();
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+OCSP Responder Enrollment
+</font><br>
+  <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for an OCSP Responder's signing
+  certificate.
+<p> 
+  After you click the Submit button, your request will be submitted to an
+  issuing agent for approval. The certificate will be emailed to you. 
+</font>
+<form method="post" action="/enrollment/pkcs10-server"
+onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>PKCS #10 Request</b><br>
+A PKCS #10 request is generated by the software that will provide OCSP responses for your CA.
+Paste the OCSP responder's PKCS #10 request into this text area. 
+      </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP"><b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">Contact Information<br>
+        </font></b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+	</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorName" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>Additional Comments </b><br>
+	  If you have additional comments for the person who will process your 
+	  certificate request, write them here. 
+        </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="requestFormat" value="pkcs10">
+				<input type="hidden" name="certType" value="ocspResponder">
+				<!-- for Netscape Certificate Type Extension -->
+				<input type="HIDDEN" value="false" name="ssl_client">
+				<!-- for Key Usage Extension -->
+				<input type="HIDDEN" name="digital_signature" value=true>
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html
new file mode 100644
index 000000000..fcf68f12e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html
@@ -0,0 +1,213 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Request an Object Signing Certificate</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript">
+function setSignType(f)
+{
+    if ((f.certType.options[0].selected)) {
+        alert("You must select Signing-Type");
+        return;
+    }
+    else if (f.certType.options[1].selected)
+        f.object_signing.value = true;
+    else if (f.certType.options[2].selected)
+        f.object_signing.value = false;
+}
+
+function validate(form)
+{
+  if ((form.certType.options[0].selected)) {
+     alert("You must select Signing-Type");
+     return false;
+  }
+  
+  with (form) {
+	 if (pkcs10Request.value == "")
+	 {
+		alert("You must enter the base64-encoded certificate request.");
+		return false;
+	 }
+     if (csrRequestorName.value == "" || ((csrRequestorEmail.value == "") && (csrRequestorPhone.value == ""))) {
+	alert("You must supply a name and either a phone number or an email address.");
+	return false;
+     }
+  }
+  // form.submit();
+  return true;
+}
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Object Signing Certificate Enrollment</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for an object signing certificate. After you click the Submit button, your request will be submitted to an issuing agent for approval. When an issuing agent has approved your request you will receive the certificate in email, along with instructions for installing it.
+</font>
+<form method="post" action="/enrollment"
+onSubmit="return validate(document.forms[0])">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP">
+	<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>PKCS #10 Request</b><br>
+	Paste the PKCS #10 request into this text area. 
+	</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="pkcs10Request" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+          </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+		<input type="HIDDEN" value="true" name="ObjectSigning">
+      </td>
+    </tr>
+    <tr> 
+      <td colspan="2" valign="TOP">&nbsp;</td>
+    </tr>
+
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>
+	  Select Signing Type
+	  </b><br>
+      </font>
+	  <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1"> 
+        Select a signing type that the certificate will be used. </font></td>
+    </tr>
+
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Signing Type: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <SELECT NAME="certType" onchange="setSignType(document.forms[0])">
+                <OPTION value="" SELECTED>Select Signing-Type
+                <OPTION value="client">Netscape Object-Signing
+                <OPTION value="codeSignClient">Microsoft Authenticode
+        </SELECT>
+      </td>
+    </tr>
+
+    
+    <tr> 
+      <td colspan="2" valign="TOP">
+	  <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+	  <b>Contact Information<br></b>
+	  </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorName" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorEmail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Phone: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="csrRequestorPhone" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">&nbsp;</td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+		<b>Additional Comments </b><br>
+        If you have any additional comments for the person who will process 
+		your certificate request, write them here. </font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"></font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <textarea name="csrRequestorComments" rows="10" cols="65" wrap="virtual">
+</textarea>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="requestFormat" value="pkcs10">
+				<!-- <input type="hidden" name="certType" value="client">-->
+				<!-- for Netscape Certificate Type Extension -->
+				<input type="HIDDEN" value="true" name="object_signing">
+				<!-- for Key Usage Extension -->
+				<input type="HIDDEN" name="digital_signature" value=true>
+				<input type="HIDDEN" name="key_certsign" value=true>
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  <input type=hidden name="reencodeSubjectName" value="true">
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/PortalEnrollment.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/PortalEnrollment.html
new file mode 100644
index 000000000..b1bce69b6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/PortalEnrollment.html
@@ -0,0 +1,751 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Portal User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT>
+//<!--
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'PortalEnroll' has been configured in the console.
+
+
+var crmfObject;
+
+function updateFullName(f)
+{
+     f.cn.value = f.givenname.value + " " + f.sn.value;
+}
+
+function validate(form)
+{
+    with (form) {
+        if (uid.value == "") {
+            alert("You must supply your uid");
+            return false;
+        }
+        if (userPassword.value == "") {
+            alert("You must supply your Password");
+            return false;
+        }
+        if (userPassword.value != passwordagain.value) {
+            alert("Check your Password");
+            return false;
+        }
+        if (givenname.value == "") {
+            alert("You must supply your First Name");
+            return false;
+        }
+        if (sn.value == "") {
+            alert("You must supply your Last Name");
+            return false;
+        }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+        // To enable key archival, replace "null" with the transport
+        // certificate without "BEBIN..." "END..", nor line breaks.
+        // change keyGenAlg to "rsa-ex"
+        var keyTransportCert = null;
+        //var keyGenAlg = "rsa-ex";
+        var keyGenAlg = "rsa-dual-use";
+        // generate keys for nsm.
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+			 typeof(crypto.version) != "undefined") {
+			certNickname.value = uid.value;
+        	crmfObject = crypto.generateCRMFRequest(
+				"CN=undefined", 
+               	"regToken", "authenticator", 
+				keyTransportCert,
+                "setCRMFRequest();", 
+                1024, null, keyGenAlg);
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+	with (document.forms[0]) {
+		CRMFRequest.value = crmfObject.request;
+		submit();
+	}
+}
+
+//-->
+</SCRIPT>
+</head>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+		escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+		doubleQuotes = False
+End Function
+
+Function formulateDN()
+		Dim dn
+		Dim TheForm
+		Set TheForm = Document.ReqForm
+
+		dn = Empty
+
+		If (TheForm.uid.Value <> Empty) Then
+			If doubleQuotes(TheForm.uid.Value) = True Then
+				MsgBox "Double quotes are not allowed in the uid field"
+				Exit Function
+			End If
+			If (dn <> Empty) Then
+				dn = dn & ","
+			End If
+			dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.uid.Value)
+		End If
+
+		formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.uid.Value = Empty) Then 
+    ret = MsgBox("You must supply your UID for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.userPassword.Value = Empty) Then
+	ret = MsgBox("You must supply your Password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.userPassword.Value <> TheForm.passwordagain.Value) Then
+	ret = MsgBox("You must supply consistent Password", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.givenname.Value = Empty) Then 
+    ret = MsgBox("You must supply your First Name for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.sn.Value = Empty) Then 
+    ret = MsgBox("You must supply your Last Name for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 0
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Portal User Enrollment <br>
+</font>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to submit a request for a personal certificate and user registration.
+  This form models the standard object class "inetOrgPerson" which has many useful attributes
+  which can be used in real portal deployment.
+  Supply your user ID and password to validate your identity. Also, first name
+  and last name have to be provided for user registration. Other fields are optional; the server 
+  supplies the rest of the information needed for certificate issuance. 
+  If the user ID is unique, your certificate will be issued and user registration
+  will be done automatically.
+  </font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"> <b>
+	Important:
+	</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to request your certificate on the same computer on which you 
+	plan to use your certificate.  </font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+//<!--
+	if (navigator.appName == "Netscape" && (navMajorVersion() <= 3)) {
+		// short cut for Nav 3.x or eariler, crypto is not defined
+        	document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else if ((navigator.appName == "Netscape" && 
+		 typeof(crypto.version) != "undefined")) {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment">');
+	} else {
+        document.write(
+			'<form name="ReqForm" method="post" action="/enrollment" '+
+			'onSubmit="return validate(document.forms[0])">');
+	}
+//-->
+</script>
+
+<!-- User identity ------- -->
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>User's Identity</b><br>
+Enter your user ID and Password. This 
+information will be used to verify your identity and to obtain a certificate.<br>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* User ID: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="uid" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="userPassword" AutoComplete=off size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Confirm Password: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="PASSWORD" name="passwordagain" AutoComplete=off size="30">
+      </td>
+    </tr>
+
+<!-- User information ------- -->
+    
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+	  <b>User's Personal Information</b><br>
+Enter your personal information for registration. This 
+information will be used for user registration.<br>(* = required field)<br>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* First Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="givenname" size="30" onchange="updateFullName(this.form)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">* Last Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="sn" size="30" onchange="updateFullName(this.form)">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Full Name: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="cn" size="40">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Email address: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="mail" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization unit: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="ou" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Organization: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="o" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Address: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="postaladdress" size="40">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">City: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="l" size="30">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">State/Province: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="st" size="5">
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">ZIP Code: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="postalcode" size="10">
+      </td>
+    </tr>
+<!-- Notice to Administrator -->
+<!--
+*********************************************************************************
+**** When you want to add following fields into enrollment page.               **
+**** The field name should be the same with the attribute name in objectclass  **
+*********************************************************************************     
+-->
+
+<!---------- Business Category
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Business Category: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="businesscategory" size="30">
+      </td>
+    </tr>
+----------->
+<!---------- Car License
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Car License: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="carlicense" size="30">
+      </td>
+    </tr>
+----------->
+<!---------- Department Number
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Department Number: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="departmentnumber" size="10">
+      </td>
+    </tr>
+----------->
+<!---------- Description
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Description: </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+        <input type="TEXT" name="description" size="10">
+      </td>
+    </tr>
+----------->
+<!-- destinationindicator, displayname, employeenumber, employeetype, facsimiletelephonenumber,
+     homephone, homepostaladdress, initials, internationalisdnnumber, ipegphoto, labeleduri,
+     mail, manager, mobile, o, ou, pager, photo, physicaldeliveryofficename, postofficebox,
+     preferreddeliverymethod, preferredlanguage, registeredaddress, roomnumber, secretary,
+     seealso, telephonenumber, teletexterminalidentifier, telexnumber, title, userpkcs12,
+     usersmimecertificate, x121address, x500uniqueidentifier
+----------->
+
+    <tr>
+    </tr>
+    
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+          </font> 
+        </div>
+      </td>
+      <td valign="TOP"> 
+		<!-- for Netscape Certificate Type Extension -->
+		<input type="HIDDEN" name="email" value="true">
+		<input type="HIDDEN" name="ssl_client" value="true">
+		<!-- for Key Usage Extension -->
+		<input type="HIDDEN" name="digital_signature" value=true>
+		<input type="HIDDEN" name="non_repudiation" value=true>
+		<input type="HIDDEN" name="key_encipherment" value=true>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2">
+		<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script>
+		if (navigator.appName == "Netscape" && 
+			(navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+        document.writeln('<b>Key Length Information</b><br>');
+		document.writeln(
+		  'When your submit this form, your browser generates a private and '+
+		  'public key. The browser retains the private key and submits the '+
+		  'public key along with your request for a certificate. '+
+		  'The public key becomes part of your certificate. '+
+		  '<P>'+
+		  'Select the length of the key to generate. The longer the key '+ 
+		  'length the greater the strength. You may want to check with your '+
+		  'system administrator about the length of key to specify.');
+
+			// short cut for Nav 3.x or eariler, crypto is not defined
+			document.writeln('Select the length of the key to generate. '+
+				'The longer the key length, the greater the strength. '+
+				'You may want to check with your system administrator about '+
+				'the length of key to specify.');
+		} 
+		//else if (navigator.appName == 'Netscape' && crypto.version == "undefined") {
+			//document.writeln('Select the length of the key to generate. '+
+			//	'The longer the key length, the greater the strength. '+
+			//	'You may want to check with your system administrator about '+
+			//	'the length of key to specify.');
+		//}
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        	document.writeln('<b>Public/Private Key Information</b><br>');
+                document.writeln(
+                  'When you submit this form, your browser generates a private and '+
+                  'public key. The browser retains the private key and submits the '+
+                  'public key along with your request for a certificate. '+
+                  'The public key becomes part of your certificate. '+
+                  '<P>'+
+                  'The Microsoft Base Cryptographic provider offers 512-bit key encryption which is adequate for most applications today, but you may select the Enhanced option if your browser offers this choice and you require the higher encryption strength. You may want to check with your '+
+                  'system administrator about the provider to specify.');
+
+        	document.writeln('<p>');
+	}
+</script>
+	</font></td></tr>
+    <tr> 
+<script lang=javascript>
+
+//<!--
+        if (navigator.appName == "Netscape") {
+			if (navMajorVersion() <= 3 || 
+				typeof(crypto.version) == "undefined") {
+				document.writeln('<td>');
+				document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+				document.writeln('Key Length: ');
+				document.writeln('</font>');
+				document.writeln('</td>');
+				document.write('<td>');
+                document.write('<KEYGEN name="subjectKeyGenInfo">');
+        	} 
+			//else {
+                //alert('nsm');
+                //document.writeln('<SELECT NAME=\"keyLength\">');
+                //document.writeln('<OPTION VALUE=512>512 bits');
+                //document.writeln('<OPTION VALUE=768>768 bits');
+                //document.writeln('<OPTION VALUE=1024>1024 bits');
+                //document.writeln('</SELECT>');
+			//}
+			document.write('</td>');
+        }
+	if (navigator.appName == "Microsoft Internet Explorer") {
+        	document.writeln('<td>');
+        	document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        	document.writeln('Cryptographic Provider:');
+        	document.writeln('</font>');
+        	document.writeln('</td>');
+        	document.writeln('<td>');
+		document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+        	document.writeln('</td>');
+        	document.writeln('<p>');
+	}
+//-->
+
+</script>
+        </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+<script lang=javascript>
+//<!--
+			if (navigator.appName == "Netscape" && navMajorVersion() <= 3) {
+				// short cut for Nav 3.x or eariler, crypto is not defined
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			} else if (navigator.appName == "Netscape" && 
+			 		typeof(crypto.version) == "undefined") {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="submit" width="72">');
+			}
+			else if ((navigator.appName == "Microsoft Internet Explorer") ||
+					 (navigator.appName == "")) {
+				document.writeln(
+					'<input type="submit" value="Submit" '+
+					'name="Send" width="72">');
+			}
+			else {
+				// alert('nsm');
+				document.writeln(
+					'<input type="button" value="Submit" '+
+					'name="submitbutton" '+
+					'onclick="validate(form)" width="72">');
+			}
+//-->
+</script>
+				<img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+				<input type="reset" value="Reset" name="reset" width="72">
+				<input type="hidden" name="certType" value="client">
+				<input type="hidden" name="authenticator" value="PortalEnrollment">
+<script lang=javascript>
+//<!--
+				if (navigator.appName == 'Netscape') {
+					if ((navMajorVersion() > 3) && 
+						(typeof(crypto.version) != 'undefined')) {
+						//alert('cmmf response');
+						document.write(
+						  '<input type=hidden name=CRMFRequest value="">');
+						document.write(
+						  '<input type=hidden name=cmmfResponse value=true>');
+						document.write(
+						  '<input type=hidden name=certNickname value="">');
+					}
+					else {
+						document.write(
+						'<input type="hidden" name="importCert" value="off">');
+					}
+				}
+				else if ((navigator.appName == "Microsoft Internet Explorer")||
+						 (navigator.appName == "")) {
+					// navigator.appName == "" is for IE 3.
+					//alert('pkcs10Request');
+					document.write(
+					 '<input type="hidden" name="pkcs10Request" value="">');
+				}
+//-->
+</script>
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+	Do While True
+	temp = ""
+	Enroll.providerType = j
+	temp = Enroll.enumProviders(i,0)
+	If Len(temp) = 0 Then
+	If j < 1 Then 
+	  j = j + 1
+	  i = 0 
+	Else
+	  Exit Do
+	End If
+	Else
+	set el = document.createElement("OPTION")
+	el.text = temp
+	el.value = j 
+	TheForm.cryptprovider.add(el)
+	If first = 0  Then
+	  first = 1
+	  TheForm.cryptprovider.selectedIndex = 0
+	End If
+	i = i + 1
+	End If
+	Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileList.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileList.template
new file mode 100644
index 000000000..de7c32c93
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileList.template
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Profile
+</font><br>
+  <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+  Use this form to select a certificate profile for the request.
+<p> 
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif"
+width="100%">
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+<script language=javascript>
+document.writeln('<table width=100%>');
+document.writeln('<tr>');
+document.writeln('<td width=40%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Certificate Profile Name</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('<td width=40%>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>Description</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+for (var i = 0; i < recordSet.length; i++) {
+  if (recordSet[i].profileIsVisible != 'true') {
+	continue;
+  }
+  document.writeln('<tr>');
+  if (recordSet[i].profileIsEnable == 'true') {
+  document.writeln('<td><li>');
+  document.writeln('<a href="profileSelect?profileId=' + 
+    recordSet[i].profileId + '">');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">' + recordSet[i].profileName + '</FONT>');
+  document.writeln('</a>');
+  document.writeln('</td>');
+  document.writeln('<td>');
+  document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(recordSet[i].profileDesc);
+  document.writeln('</FONT>');
+  document.writeln('</td>');
+  }
+  document.writeln('</tr>');
+} // for
+document.writeln('</table>');
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
new file mode 100644
index 000000000..0e3ded046
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template
@@ -0,0 +1,797 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Profile
+</font><br>
+  <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Use this form to submit the request.
+<p>
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif"
+width="100%">
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var dual = 'false';
+var encryptionKeyOnly = 'false';
+var signingKeyOnly = 'false';
+
+var keyList = new Array();
+var key = new Object();
+key.type = "RSA";
+keyList[0] = key;
+var key = new Object();
+key.type = "EC";
+keyList[1] = key;
+
+function keyTypeOptions (keyPurpose)
+{
+  var keyType = "RSA";
+
+  for (var i = 0; i < policySetListSet.length; i++) {
+    for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+      if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") {
+        for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) {
+          if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") {
+            if (policySetListSet[i].policySet[j].constraintSet[k].value != "-") {
+              if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
+                keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+  var keyFound = 0;
+  for (var i = 0; i < keyList.length; i++) {
+    if (keyList[i].type == keyType) {
+        keyFound = 1;
+    }
+  }
+  if (keyFound == 0) {
+    keyType = "RSA";
+  }
+  if (navigator.appName == "Microsoft Internet Explorer") {
+    keyType = "RSA";
+  }
+
+  return keyType;
+}
+
+function keyLengthsCurvesOptions (keyPurpose)
+{
+  var keyType = "RSA";
+  var options = "";
+  var lengthsOrCurves = null;
+  var keyLengthsCurves = "";
+
+  for (var i = 0; i < policySetListSet.length; i++) {
+    for (var j = 0; j < policySetListSet[i].policySet.length; j++) {
+      if (typeof(policySetListSet[i].policySet[j].constraintSet) != "undefined") {
+        for (var k = 0; k < policySetListSet[i].policySet[j].constraintSet.length; k++) {
+          if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyType") {
+            if (policySetListSet[i].policySet[j].constraintSet[k].value != "-") {
+              if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
+                keyType = policySetListSet[i].policySet[j].constraintSet[k].value;
+              }
+            }
+          }
+
+          if (keyPurpose.length == 0 || (keyPurpose.length > 0 && policySetListSet[i].setId.indexOf(keyPurpose) > -1)) {
+              if (policySetListSet[i].policySet[j].constraintSet[k].name == "keyParameters") {
+                  keyLengthsCurves = policySetListSet[i].policySet[j].constraintSet[k].value;
+                  lengthsOrCurves = keyLengthsCurves.split(",");
+              }
+          }
+        }
+      }
+    }
+  }
+  if (navigator.appName == "Microsoft Internet Explorer") {
+    keyType = "RSA";
+  }
+
+  var value = 0;
+  var included = true;
+  var l = 0;
+  for (l = 0 ; l < lengthsOrCurves.length; l++) {
+
+      value = lengthsOrCurves[l];
+
+      if (keyType != "EC" && !isNumeric(value)) {
+          included = false;
+      }
+
+      if (included) {
+          options += '<OPTION VALUE="' + value + '"';
+          if (i == 0) {
+              options += ' SELECTED';
+          }
+          options += '>' + value;
+     }
+  }
+
+  if (options.length == 0) {
+     if (keyType != "EC") {
+         options = '<OPTION VALUE=1024 SELECTED>1024';
+     } else {
+         options = '<OPTION VALUE="nistp256">nistp256';
+     }
+  }
+
+  return options;
+}
+
+function isNumeric(sText)
+{
+   var validChars = "0123456789";
+   var isNumber=true;
+   var char;
+
+   if( !sText)
+     return false;
+ 
+   for (i = 0; i < sText.length && isNumber == true; i++)  {
+      char = sText.charAt(i); 
+      if (validChars.indexOf(char) == -1)  {
+         isNumber = false;
+      }
+   }
+   return isNumber;
+}
+
+function validate()
+{
+   if (keygen_request == 'false')
+      return false;
+    with (document.forms[0]) {
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        // Note: This archival text below only applies to CS 7.1 and earlier:
+
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var kraTransportCert = "MIICDjCCAXegAwIBAgICAfMwDQYJKoZIhvcNAQEEBQAwdzELMAkGA1UEBhMCVVMxLDAqBgNVBAoTI05ldHNjYXBlIENvbW11bmljYXRpb25zIENvcnBvcmF0aW9uMREwDwYDVQQLEwhIYXJkY29yZTEnMCUGA1UEAxMeSGFyZGNvcmUgQ2VydGlmaWNhdGUgU2VydmVyIElJMB4XDTk4MTExOTIzNDIxOVoXDTk5MDUxODIzNDIxOVowLjELMAkGA1UEBhMCVVMxETAPBgNVBAoTCG5ldHNjYXBlMQwwCgYDVQQDEwNLUmEwXDANBgkqhkiG9w0BAQEFAANLADBIAkEArrbDiYUI5SCdlCKKa0bEBn1m83kX6bdhytRYNkd/HB95Bp85SRadmdJV+0O/yMxjYAtGCFrmcqEZ4sh2YSov6wIDAQABozYwNDARBglghkgBhvhCAQEEBAMCAEAwHwYDVR0jBBgwFoAUl7FtsrYCFlQMl9fjMm3LnN/u3oAwDQYJKoZIhvcNAQEEBQADgYEApvzcUsVIOstaoYSiWb4+aMVH6s1jiJlr5iVHnOKzfsYxPVdUw6uz04AT8N+1KIarMTKxHPzGAFSLicKLEv4HG4vh6llc86uzRzWpUqqVHg/eKN5A8Jyg56D4DkNr/XEJ7QdKesAp13dk5H5qvHelkSPLYYdMXNwNWPVZKgnWrWg=";
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+        var keyTransportCert = null;
+
+
+        if (typeof(transportCert) != "undefined" && transportCert != "") {
+          // from CS7.2, transport certificate will be 
+          // inserted automatically
+          keyTransportCert = transportCert;
+        }
+        // generate keys for nsm.
+        if (typeof(crypto.version) != "undefined") {
+            var encKeyType = "rsa-ex";
+            var signKeyType = "rsa-sign";
+            var dualKeyType = "rsa-dual-use";
+            var encKeyParams = null;
+            var encKeySize = 1024; 
+            var signKeyParams = null;
+            var signKeySize = 1024; 
+            var keyParams = null;
+            // Give this default because the ECC crytpo codes requires and integer
+            // for this value even if presenting ECC curve name parameter.
+            var keySize = 1024;
+
+            try {
+                if (dual == 'true') {
+                    
+                    if (keyTypeOptions("encryption") == "EC")  {
+                        encKeyType = "ec-ex";
+                        encKeyParams = "curve=" + encKeyParam.value; 
+                    } else {
+                        encKeySize = parseInt(encKeyParam.value);
+                    }
+
+                    if (keyTypeOptions("signing") == "EC") {
+                        signKeyType = "ec-sign";
+                        signKeyParams = "curve=" + signKeyParam.value;
+                    } else {
+                        signKeySize = parseInt(signKeyParam.value);
+                    }
+
+                    crmfObject = crypto.generateCRMFRequest(
+                        "CN=x", "regToken", "authenticator",
+        	        keyTransportCert, "setCRMFRequest();",
+                        encKeySize, encKeyParams, encKeyType,
+                        signKeySize, signKeyParams, signKeyType);
+                } else {
+                    if (encryptionKeyOnly == 'true') {
+                        if (keyTypeOptions("") == "EC") {
+                            dualKeyType = "ec-ex";
+                            keyParams = "curve=" + keyParam.value;
+                        } else {
+                            dualKeyType = "rsa-ex";
+                            keySize = parseInt(keyParam.value);
+                        }
+                    } else if (signingKeyOnly == 'true') {
+                        if (keyTypeOptions("") == "EC") {
+                            dualKeyType = "ec-sign";
+                            keyParams = "curve=" + keyParam.value;
+                        } else {
+                            dualKeyType = "rsa-sign";
+                            keySize = parseInt(keyParam.value);
+                        }
+                        keyTransportCert = null;
+                    } else {
+                        if (keyTypeOptions("") == "EC") {
+                            dualKeyType = "ec-dual-use";
+                            keyParams = "curve=" + keyParam.value;
+                        } else {
+                            keySize = parseInt(keyParam.value);
+                        }
+                        keyTransportCert = null;
+                    }
+                    crmfObject = crypto.generateCRMFRequest(
+                        "CN=x", "regToken", "authenticator",
+        	        keyTransportCert, "setCRMFRequest();",
+                        keySize, keyParams, dualKeyType);
+                }
+            } catch (e) {
+                if (typeof(crmfObject) == "undefined" || crmfObject == null) {
+                    alert("Error generating CRMF request.");
+                }
+            }
+        }
+        return false;
+    }
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+          cert_request.value = crmfObject.request;
+          submit();
+    }
+}
+
+</SCRIPT>
+
+
+<script language=javascript>
+  var uri = 'profileSubmit';
+  if (typeof(authName) != "undefined") {
+    if (authIsSSLClientRequired == 'true') {
+      uri = 'https://[PKI_MACHINE_NAME]:[PKI_EE_SECURE_CLIENT_AUTH_PORT_UI]/[PKI_SUBSYSTEM_TYPE]/eeca/[PKI_SUBSYSTEM_TYPE]/profileSubmitSSLClient';
+    }
+  }
+  if (navigator.appName == "Microsoft Internet Explorer") {
+    if ((navigator.appVersion).indexOf("NT 6.") > -1) {
+      document.writeln("<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'></OBJECT>");
+    } else {
+      document.writeln("<OBJECT classid='clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1' CODEBASE='/xenroll.dll' id='Enroll'></OBJECT>");
+    }
+    document.writeln('<form name="ReqForm" onSubmit="if (checkRequest()) {return true;} else {window.location.reload(); return false;}" method="post" action="' + uri + '">');
+  } else if (typeof(crypto.version) != "undefined") {
+    document.writeln('<form name="ReqForm" onSubmit="return validate();" method="post" action="' + uri + '">');
+  } else {
+    document.writeln('<form name="ReqForm" method="post" action="' + uri + '">');
+   }
+</script>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'Get OS Version, works for Vista and below only
+Function GetOSVersion
+  dim agent
+  dim result
+  dim pos
+
+  agent = Navigator.appVersion
+  pos = InStr(agent,"NT 6.")
+
+  If pos > 0 Then
+    GetOSVersion = 6 ' Vista
+    Exit Function
+  End If
+
+  pos = InStr(agent,"NT 5.")
+
+  If pos > 0 Then
+    GetOSVersion = 5  ' XP etc
+    Exit Function
+  End If
+
+' Default
+  GetOSVersion = 5
+End Function
+
+Function checkRequest
+  Dim TheForm
+  Dim szName
+  Dim options
+  Dim osVersion
+  Dim result
+  Dim keyLen
+  Dim keyIndex
+  Set TheForm = Document.ReqForm
+
+  checkRequest = False
+
+  keyIndex = TheForm.all.keyLength.options.selectedIndex
+  keyLen = CInt (TheForm.all.keyLength.options(keyIndex).value)
+
+  osVersion = GetOSVersion()
+
+  If osVersion <> 6 Then 'Not Vista
+
+  ' Contruct the X500 distinguished name
+  szName = "CN=NAME"
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security'
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection you would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+   ' Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  Enroll.GenKeyFlags = (65536 * (CLng(keyLen))) + 1
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Function
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Function
+  End If
+
+  TheForm.cert_request.Value = szCertReq
+
+  ' TheForm.Submit
+
+  Else 'Vista
+    Dim enrollment
+    Dim privateKey
+    Dim request
+    Dim csr
+    Dim objDN
+
+    'certUsage is "1.3.6.1.5.5.7.3.2"
+
+    On Error Resume Next
+    'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
+
+    If IsObject(g_objClassFactory) = False Then
+      result = MsgBox("Can't create Factory Object "  & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Function
+    End If
+
+    Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+
+    If IsObject(enrollment) = False Then
+      result = MsgBox("Can't create enroll Object! "  & " Error: " & Err.number & " :" & Err.description,"")
+      Exit Function
+    End If
+
+    Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
+
+    If IsObject(privateKey) = False Then
+      result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Function
+    End If
+
+    Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
+
+    If IsObject(request) = False Then
+      result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Function
+    End If
+
+    privateKey.KeySpec= "1" 
+
+  ' Pick the provider that is selected
+    set options = TheForm.all.cryptprovider.options
+    index = options.selectedIndex
+    privateKey.ProviderType = index
+    privateKey.ProviderName = options(index).text
+    privateKey.Length = keyLen
+
+    szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value
+
+    Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
+
+    If IsObject(objDN) = False Then
+      result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Function
+    End If
+
+    objDN.Encode szName,0
+
+    request.InitializeFromPrivateKey 1,privateKey,""
+    request.Subject = objDN
+
+    enrollment.InitializeFromRequest(request)
+    csr=enrollment.CreateRequest(1)
+
+    If len(csr) = 0 Then
+      result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Function
+    End If
+
+    TheForm.cert_request.Value = csr 
+ 
+  End If
+  checkRequest = True
+End Function
+
+-->
+</SCRIPT>
+
+<script language=javascript>
+if (errorCode == 0) {
+document.writeln('<br>');
+document.writeln('<b>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Certificate Profile - ' + profileName);
+document.writeln('</FONT>');
+document.writeln('</b>');
+document.writeln('<p>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(profileDesc);
+document.writeln('</FONT>');
+document.writeln('<p>');
+if (typeof(authName) != "undefined") {
+document.writeln('<table width=100%>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>');
+document.writeln('Authentication - ' + authName);
+document.writeln('</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln(authDesc);
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<table width=100%>');
+for (var i = 0; i < authListSet.length; i++) {
+    document.writeln('<tr>');
+    document.writeln('<td width=40%>');
+    document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<li>');
+    document.writeln(authListSet[i].authName);
+    document.writeln('</FONT>');
+    document.writeln('</td>');
+    document.writeln('<td>');
+    if (authListSet[i].authSyntax == 'string') {
+      document.writeln('<input type=text name=' + authListSet[i].authId + '>');
+    } else if (authListSet[i].authSyntax == 'password') {
+      document.writeln('<input type=password name=' + authListSet[i].authId + '>');
+    }
+    document.writeln('</td>');
+  document.writeln('</tr>');
+}
+document.writeln('</table>');
+}
+document.writeln('<p>');
+document.writeln('<table width=100%>');
+document.writeln('<tr>');
+document.writeln('<td>');
+document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<b>');
+document.writeln('Inputs');
+document.writeln('</b>');
+document.writeln('</FONT>');
+document.writeln('</td>');
+document.writeln('</tr>');
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<table width=100%>');
+for (var m = 0; m < inputPluginListSet.length; m++) {
+  document.writeln('<tr>');
+  document.writeln('<td spancol=2>');
+  document.writeln('<b>');
+  document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+  document.writeln(inputPluginListSet[m].inputPluginName);
+  document.writeln('</FONT>');
+  document.writeln('</b>');
+  document.writeln('</td>');
+  document.writeln('</tr>');
+  for (var n = 0; n < inputListSet.length; n++) {
+    if (inputPluginListSet[m].inputPluginId != inputListSet[n].inputPluginId) 
+       continue;
+    document.writeln('<tr>');
+    document.writeln('<td width=40%>');
+    document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<li>');
+    document.writeln(inputListSet[n].inputName);
+    document.writeln('</FONT>');
+    document.writeln('</td>');
+    document.writeln('<td>');
+    if (inputListSet[n].inputSyntax == 'string') {
+      document.writeln('<input type=text name=' + inputListSet[n].inputId + '>');
+    } else if (inputListSet[n].inputSyntax == 'cert_request') {
+      document.writeln('<textarea cols=60 rows=10 name=' + inputListSet[n].inputId + '></textarea>');
+    } else if (inputListSet[n].inputSyntax == 'cert_request_type') {
+      document.writeln('<select name=' + inputListSet[n].inputId + '><option value="pkcs10">PKCS#10</option><option value="crmf">CRMF</option></select>');
+    } else if (inputListSet[n].inputSyntax == 'dual_keygen_request') {
+      if (navigator.appName == "Microsoft Internet Explorer") { 
+        document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
+      } else if (typeof(crypto.version) != "undefined") {
+        document.write('<SELECT NAME="encKeyParam">'+keyLengthsCurvesOptions("encryption")+'</SELECT>');
+        document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;');
+        document.write(keyTypeOptions("encryption")+'&nbsp;&nbsp;(Encryption),&nbsp;&nbsp;</FONT>');
+        document.write('<SELECT NAME="signKeyParam">'+keyLengthsCurvesOptions("signing")+'</SELECT>');
+        document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;');
+        document.write(keyTypeOptions("signing")+'&nbsp;&nbsp;(Signing)</FONT>');
+        document.writeln('<input type=hidden name=cert_request value="">');
+        dual = 'true';
+      } else {
+        document.writeln('Not Supported<input type=hidden name=cert_request value="">');
+      }
+    } else if ((inputListSet[n].inputSyntax == 'keygen_request') ||
+               (inputListSet[n].inputSyntax == 'enc_keygen_request') ||
+               (inputListSet[n].inputSyntax == 'sign_keygen_request')) {
+      if (navigator.appName == "Microsoft Internet Explorer") { 
+        document.writeln('<input type=hidden name=' + inputListSet[n].inputId + '>');
+        document.writeln('<SELECT NAME="keyLength">'+keyLengthsCurvesOptions("")+'</SELECT>&nbsp;&nbsp;<SELECT NAME=\"cryptprovider\"></SELECT>');
+      } else if (typeof(crypto.version) != "undefined") {
+        document.write('<SELECT NAME="keyParam">'+keyLengthsCurvesOptions("")+'</SELECT>');
+        document.write('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.write('&nbsp;&nbsp;&nbsp;'+keyTypeOptions("")+'&nbsp;&nbsp;');
+        if (inputListSet[n].inputSyntax == 'keygen_request') {
+          document.write('(Encryption and Signing)</FONT>');
+        } else if (inputListSet[n].inputSyntax == 'enc_keygen_request') {
+          document.write('(Encryption)</FONT>');
+          encryptionKeyOnly = 'true';
+        } else if (inputListSet[n].inputSyntax == 'sign_keygen_request') {
+          document.write('(Signing)</FONT>');
+          signingKeyOnly = 'true';
+        }
+        document.writeln('<input type=hidden name=cert_request value="">');
+      } else {
+        document.writeln('<KEYGEN name=' + inputListSet[n].inputId + '>');
+      }
+    } else if (inputListSet[n].inputSyntax == 'dual_keygen_request_type') {
+      keygen_request = 'true';
+      if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
+      } else if (typeof(crypto.version) != "undefined") {
+        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
+      } else {
+        document.writeln('Not Supported<input type=hidden name=' + inputListSet[n].inputId + ' value=>');
+      }
+    } else if ((inputListSet[n].inputSyntax == 'keygen_request_type') ||
+               (inputListSet[n].inputSyntax == 'enc_keygen_request_type') ||
+               (inputListSet[n].inputSyntax == 'sign_keygen_request_type')) {
+      keygen_request = 'true';
+      if (navigator.appName == "Microsoft Internet Explorer") {
+        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">pkcs10</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=pkcs10>');
+      } else if (typeof(crypto.version) != "undefined") {
+        document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">crmf</FONT><input type=hidden name=' + inputListSet[n].inputId + ' value=crmf>');
+      } else {
+        document.writeln('keygen<input type=hidden name=' + inputListSet[n].inputId + ' value=keygen>');
+      }
+    }
+    document.writeln('</td>');
+    document.writeln('</tr>');
+  }
+}
+document.writeln('</table>');
+document.writeln('<p>');
+document.writeln('<input type=hidden name=profileId value="' + 
+  profileId + '">');
+document.writeln('<input type=hidden name=renewal value="' +
+  renewal + '">');
+document.writeln('<input type=hidden name=xmlOutput value="' +
+  xmlOutput + '">');
+} else {
+  document.write('Sorry, your request is not submitted. The error code is "' + errorReason + '".');
+}
+</script>
+<p>
+<p>
+<script language=javascript>
+if (errorCode == 0) {
+  if (navigator.appName == "Microsoft Internet Explorer") {
+    if (typeof(keygen_request) != "undefined") {
+      document.writeln('<input type=submit value="Submit">');
+    } else {
+      document.writeln('<input type=submit value="Submit">');
+    }
+  } else if (typeof(crypto.version) != "undefined") {
+    document.writeln('<input type=submit value="Submit">');
+  } else {
+    document.writeln('<input type=submit value="Submit">');
+  }
+} else {
+}
+  
+</script>
+<SCRIPT LANGUAGE=VBS>
+<!--
+FindProviders
+
+Function FindProviders
+	Dim i, j
+	Dim providers()
+	i = 0
+	j = 1
+	Dim el
+	Dim temp
+	Dim first
+	Dim firstE
+	Dim firstS
+	Dim TheForm
+	Set TheForm = document.ReqForm
+	On Error Resume Next
+	first = 0
+
+        Dim osVersion
+        Dim result
+        osVersion = GetOSVersion()
+
+        If osVersion <> 6 Then 'Not Vista
+	  Do While True
+	  temp = ""
+	  Enroll.providerType = j
+	  temp = Enroll.enumProviders(i,0)
+	  If Len(temp) = 0 Then
+	  If j < 1 Then 
+	    j = j + 1
+	    i = 0 
+	  Else
+	    Exit Do
+	  End If
+	  Else
+	  set el = document.createElement("OPTION")
+	  el.text = temp
+	  el.value = j 
+          If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+            first = i
+          End If
+          If temp = "Microsoft Strong Cryptographic Provider" Then
+            firstS = i
+          End If
+          If temp = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+            firstE = i
+          End If
+	  TheForm.cryptprovider.add(el)
+	  If firstE > 0  Then
+	    TheForm.cryptprovider.selectedIndex = firstE
+	  ElseIf firstS > 0  Then
+	    TheForm.cryptprovider.selectedIndex = firstS
+	  ElseIf first > 0  Then
+	    TheForm.cryptprovider.selectedIndex = first
+	  Else
+	    first = 1
+	    TheForm.cryptprovider.selectedIndex = 0
+	  End If
+	  i = i + 1
+	  End If
+	  Loop
+        Else 'Vista
+            Dim csps 
+            Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations")
+            If IsObject(csps) = False Then
+               result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"")
+               Exit Function
+
+            End If
+            csps.AddAvailableCsps()
+            'result = MsgBox(csps.Count,0,"Number of CSPS")
+
+            Dim curName
+            Dim csp
+            Dim selected 
+            Dim selectedS 
+            Dim selectedE 
+            selected = 0
+            selectedS = 0
+            selectedE = 0
+            For i = 0 to csps.Count-1
+               
+                curName = csps.ItemByIndex(i).Name
+                If len(curName) > 0 Then
+                  Set csp = document.createElement("OPTION")
+                  csp.text = curName
+                  csp.value = 1
+                  TheForm.cryptprovider.add(csp)
+
+                  If curName = "Microsoft Base Cryptographic Provider v1.0" Then
+                    selected = i
+                  End If
+                  If curName = "Microsoft Strong Cryptographic Provider" Then
+                    selectedS = i
+                  End If
+                  If curName = "Microsoft Enhanced Cryptographic Provider v1.0" Then
+                    selectedE = i
+                  End If
+                  'result = MsgBox(curName,0,"")
+                End If 
+            Next
+            If selectedE > 0  Then
+              TheForm.cryptprovider.selectedIndex = selectedE
+            ElseIf selectedS > 0  Then
+              TheForm.cryptprovider.selectedIndex = selectedS
+            Else
+              TheForm.cryptprovider.selectedIndex = selected
+            End If
+        End If
+End Function
+
+-->
+</SCRIPT>
+</form>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSubmit.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSubmit.html
new file mode 100644
index 000000000..90d50864d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSubmit.html
@@ -0,0 +1,30 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Certificate Profile Based Enrollment Form</TITLE>
+</head>
+<body>
+<form name="ReqForm" method="post" action="profileSubmit">
+<input type=hidden name=request_type value="keygen">
+<KEYGEN name="request">
+<input type=submit name=Enroll value="Enroll">
+</form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSubmit.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSubmit.template
new file mode 100644
index 000000000..6fa3a0d71
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSubmit.template
@@ -0,0 +1,137 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Profile
+</font><br>
+  <Font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<p>
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif"
+width="100%">
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<script language=javascript>
+
+var autoImport = 'false';
+
+if (errorCode == 0) { // processed
+  document.write('Congratulations, your request has been processed successfully ');
+  document.writeln('<P>');
+  for (var i = 0; i < requestListSet.length; i++) {
+    document.write('Your request ID is ');
+    document.write('<B>'+requestListSet[i].requestId+'</B>.');
+    document.writeln('<P>');
+  }
+  document.writeln('<b>');
+  document.writeln('Outputs');
+  document.writeln('</b>');
+  document.writeln('<P>');
+  document.writeln('<table width=100%>');
+for (var i = 0; i < outputListSet.length; i++) {
+    document.writeln('<tr valign=top>');
+    document.writeln('<td>');
+    document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+    document.writeln('<li>');
+    document.writeln(outputListSet[i].outputName);
+    document.writeln('</FONT>');
+    document.writeln('</td>');
+    document.writeln('<tr valign=top>');
+    document.writeln('</tr>');
+    document.writeln('<td>');
+    if (outputListSet[i].outputSyntax == 'string') {
+      document.writeln(outputListSet[i].outputVal);
+    } else if (outputListSet[i].outputSyntax == 'pretty_print') {
+      document.writeln('<pre>');
+      document.writeln(outputListSet[i].outputVal);
+      document.writeln('</pre>');
+    }
+    document.writeln('</td>');
+    document.writeln('</tr>');
+}
+   document.writeln('</table>');
+   document.writeln('<p>');
+  document.writeln('<table width=100%>');
+    document.writeln('<tr valign=top>');
+    document.writeln('<td>');
+    document.writeln('<FONT size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+    document.writeln('<li>');
+    document.writeln('Certificate Imports');
+    document.writeln('</FONT>');
+    document.writeln('</td>');
+   for (var i = 0; i < requestListSet.length; i++) {
+    document.writeln('<tr valign=top>');
+    document.writeln('<td>');
+if (autoImport == 'true') {
+    // only support one certificate import
+   var loc = "getCertFromRequest?requestId="+ requestListSet[i].requestId + "&importCert=true";
+   document.write("<iframe width='0' height='0' src='"+loc+"' </iframe>");
+} else {
+    document.writeln('<form method=post action="getCertFromRequest">');
+ if (navigator.appName == "Netscape") {
+    document.writeln('<input type=hidden name=importCert value=true>');
+ } else {
+    document.writeln('<input type=hidden name=importCert value=false>');
+ }
+    document.writeln('<input type=hidden name=requestId value=' + requestListSet[i].requestId + '>');
+    document.writeln('<input type=submit name="Import Certificate" value="Import Certificate">');
+    document.writeln('</form>');
+}
+    document.writeln('</td>');
+    document.writeln('</tr>');
+   }
+   document.writeln('</table>');
+} else if (errorCode == 1) { // not submitted
+  document.write('Sorry, your request is not submitted. The reason is "' + errorReason + '".');
+} else if (errorCode == 2) { // pending
+  document.write('Congratulations, your request has been successfully ');
+  document.write('submitted. ');
+  document.write('Your request will be processed when an authorized agent ');
+  document.writeln('verifies and validates the information in your request.');
+  document.writeln('<P>');
+  for (var i = 0; i < requestListSet.length; i++) {
+    document.write('Your request ID is ');
+    document.write('<B><a href="checkRequest?requestId=');
+    document.write(requestListSet[i].requestId);
+    document.write('">'+requestListSet[i].requestId+'</a></B>.');
+    document.writeln('<P>');
+  }
+  document.write('Your can check on the status of your request with ');
+  document.write('an authorized agent or local administrator ');
+  document.writeln('by referring to this request ID.');
+} else if (errorCode == 3) { // rejected
+  document.write('Sorry, your request has been rejected. The reason is "' + errorReason + '"');
+  document.writeln('<P>');
+  for (var i = 0; i < requestListSet.length; i++) {
+    document.write('Your request ID is ');
+    document.write('<B>'+requestListSet[i].requestId+'</B>.');
+    document.writeln('<P>');
+  }
+} else { // unknown state
+  document.write('Sorry, your request is not submitted. The error code is "' + errorReason + '".');
+}
+</script>
+</font>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/RenewalSuccess.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/RenewalSuccess.template
new file mode 100644
index 000000000..cb840d296
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/RenewalSuccess.template
@@ -0,0 +1,217 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<HTML>
+<CMS_TEMPLATE>
+<TITLE>
+CS Renewal Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Renewal Success
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+//document.writeln('<P>');
+//document.writeln('host  '+result.fixed.host+'<BR>');
+//document.writeln('port  '+result.fixed.port+'<BR>');
+//document.writeln('scheme  '+result.fixed.scheme+'<BR>');
+//document.writeln('authority  '+result.fixed.authorityName+'<BR>');
+
+function navMajorVersion()
+{
+	return parseInt(
+		navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+document.writeln('<P>');
+document.writeln(
+		'Congratulations, your certificate has been successfully renewed.');
+
+document.writeln('<P>');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln(
+		'No more information on your renewed certificate is provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	// document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			//document.write('Serial number ');
+			//document.write('<BLOCKQUOTE><B><PRE>');
+			//document.writeln(result.recordSet[i].serialNo);
+			//document.write('</BLOCKQUOTE></B></PRE>');
+			document.writeln('<P>');
+			document.write(
+				'Your renewed certificate in Base 64 encoded form:<BR>');
+			document.write('<PRE>');
+			document.writeln(result.recordSet[i].base64Cert);
+			document.write('</PRE>');
+			document.writeln('<P>');
+			document.write('Certificate Content: <BR>');
+			document.write('<PRE>');
+			document.writeln(result.recordSet[i].certPrettyPrint);
+			document.write('</PRE>');
+		}
+	}
+	// document.writeln('</UL>');
+
+}
+
+// NOTE: importUserCertificate should be done before this point  but 
+// it creates a javascript error that clobbers the result variable set in 
+// the template. 
+
+if (navigator.appName == 'Netscape' && (navMajorVersion() > 3) && 
+	typeof(crypto.version) != "undefined") {
+    if (result.fixed.crmfReqId != null) {
+	// alert('certNickname is '+result.fixed.certNickname);
+	// alert(result.fixed.cmmfResponse);
+	var errors = crypto.importUserCertificates(null,
+				 result.fixed.cmmfResponse, false);
+	// var errors = crypto.importUserCertificates(result.fixed.certNickname,
+	//			 result.fixed.cmmfResponse, false);
+
+	// NOTE: Alpha-1 version of cartman always returns a non-empty string 
+	// from importUserCertificates() so we can only always assume succcess. 
+	// Uncomment the following line and add appropriate javascripts/messages 
+	// for use with a later version of cartman.
+
+	// This is fixed in Alpha-3. For use with alpha-3 uncomment the lines below 
+	// to check for errors returned from importUserCertificates.  
+	if (errors != '') {
+		document.writeln(
+			'<b>ERROR</b>Could not import the certificate into your browser '+
+			'using nickname '+result.fixed.certNickname+'.<p>');
+		document.writeln(
+			'The following error message was returned by the browser '+
+			'when importing the certificate:');
+		document.writeln('<BLOCKQUOTE><PRE>');
+		document.writeln(errors);
+		document.writeln('</PRE></BLOCKQUOTE>');
+	}
+	else {
+		document.writeln(
+			'Your certificate was successfully imported to the browser '+
+			'with nickname '+result.fixed.certNickname);
+	}
+
+//	document.writeln(
+//		'NOTE: Although the certificate was issued, the browser '+
+//		'may or may not have successfully imported the certificate. '+
+//		'The following was returned by the browser when importing '+
+//		'the certificate:');
+//	document.writeln('<BLOCKQUOTE><PRE>');
+//	document.writeln(errors);
+//	document.writeln('</PRE></BLOCKQUOTE>');
+//	document.writeln(
+//		'If there was an error message you can import the certificate again '+
+//		'by going to the end entity port and list the certificate by '+
+//		'its serial number.');
+    } else if (result.fixed.authorityName == 'Certificate Manager') {
+	alert("Success!!");
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + result.fixed.port + "/getBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+    } else {
+	alert("Success!!");
+        // this must be a RA
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/getCertFromRequest?requestId=" + result.fixed.requestId + "&importCert=true";
+    }
+} else if (navigator.appName == 'Netscape' && (navMajorVersion() >= 3)) {
+        // non Cartman
+    if (result.fixed.authorityName == 'Certificate Manager') {
+        // non Cartman
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":" + result.fixed.port + "/getBySerial?serialNumber=" + record.serialNo + "&importCert=true";
+    } else {
+        // this must be a RA
+        window.location = result.fixed.scheme + "://" + result.fixed.host + ":"
++ result.fixed.port + "/getCertFromRequest?requestId=" + result.fixed.requestId + "&importCert=true";
+    }
+}
+
+//-->
+</SCRIPT>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+	Sub ImportCertificate
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+
+	ImportCertificate()
+
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/RevocationSuccess.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/RevocationSuccess.template
new file mode 100644
index 000000000..d024a3d14
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/RevocationSuccess.template
@@ -0,0 +1,89 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Revocation Request Success
+</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Revocation Success
+</font>
+
+<P>
+The following certificate has been revoked: 
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + absValue;
+}
+
+
+if (result.recordSet == null) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+}
+else if (result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('0');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			document.write('Serial number ');
+			document.write('<BLOCKQUOTE><B><PRE>');
+			document.writeln(toHex(result.recordSet[i].serialNo));
+			document.write('</BLOCKQUOTE></B></PRE>');
+			document.write('</PRE></BLOCKQUOTE>');
+		}
+	}
+	document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html
new file mode 100644
index 000000000..f218ccc51
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserDnEnroll.html
@@ -0,0 +1,472 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>Directory Based User Enrollment Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--//
+
+// Notice to administrators
+//
+// A link to this HTML form conditionally appears in the
+// main enrollment menu frame. This link will only appear if
+// a plugin of type 'UdnPwdDirAuth' (LDAP directory enrollment)
+// has been configured in the console.
+
+var crmfObject;
+function validate(form)
+{
+    with (form) {
+        if (udn.value == "") {
+            alert("You must supply your dn");
+            return false;
+        }
+        if (pwd.value == "") {
+            alert("You must supply your password");
+            return false;
+        }
+
+        /////////////////////////////////////////////////////////////////
+        // To enable dual key feature, this page must be customized with
+        // appropriate Javascript call. For example,
+        //
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              null,
+        //              "setCRMFRequest();",
+        //              512, null, "rsa-ex",
+        //              1024, null, "rsa-sign");
+        //
+        // To enable key archival feature, this page must be customized with
+        // KRA's transport certificate. The transport certificate can be
+        // retrieved in the following ways:
+        // (1) Access "List Certificates" menu option in end-entity page
+        // (2) Access https://<host>:<agent_port>/kra/displayTransportCert
+        // (3) Use certutil command in <instance-dir>/config directory
+        //     (i.e. certutil -L -d . -n "kraTransportCert <instance-id>" -a)
+        //
+        // Once the transport certificate is obtained, the following
+        // javascript should be modified so that the transport certificate
+        // and appropriate key type are selected. For example,
+        //
+        //      var keyGenAlg = "rsa-ex";
+        //      crmfObject = crypto.generateCRMFRequest(
+        //              "CN=undefined",
+        //              "regToken", "authenticator",
+        //              keyTransportCert,
+        //              "setCRMFRequest();",
+        //              512, null, keyGenAlg);
+        /////////////////////////////////////////////////////////////////
+
+        // To enable key archival, replace "null" with the transport 
+        // certificate without "BEBIN..." "END..", nor line breaks.
+        // change keyGenAlg to "rsa-ex"
+        var keyTransportCert = null;
+        var keyGenAlg = "rsa-dual-use";
+        if (navigator.appName == "Netscape" && (navMajorVersion() > 3) && 
+            typeof(crypto.version) != "undefined") {
+            crmfObject = crypto.generateCRMFRequest(
+                                "CN=undefined", 
+                                "regToken", "authenticator", 
+                                keyTransportCert,
+                                "setCRMFRequest();", 
+                                1024, null, keyGenAlg);
+        }
+        return true;
+    }
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+        CRMFRequest.value = crmfObject.request;
+        submit();
+    }
+}
+
+//-->
+</SCRIPT>
+</head>
+
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+Function escapeDNComponent(comp)
+    escapeDNComponent = comp
+End Function
+
+Function doubleQuotes(comp)
+    doubleQuotes = False
+End Function
+
+Function formulateDN()
+    Dim dn
+    Dim TheForm
+    Set TheForm = Document.ReqForm
+
+    dn = Empty
+
+    If (TheForm.udn.Value <> Empty) Then
+        If doubleQuotes(TheForm.udn.Value) = True Then
+            MsgBox "Double quotes are not allowed in the dn field"
+            Exit Function
+        End If
+        If (dn <> Empty) Then
+            dn = dn & ","
+        End If
+        dn = dn & "0.9.2342.19200300.100.1.1=" & escapeDNComponent(TheForm.udn.Value)
+    End If
+
+    formulateDN = dn
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Set TheForm = Document.ReqForm
+
+
+  ' Do a few sanity checks
+  If (TheForm.udn.Value = Empty) Then 
+    ret = MsgBox("You must supply your Directory dn for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+  If (TheForm.pwd.Value = Empty) Then
+	ret = MsgBox("You must supply your Directory password for certificate enrollment", 0, "MSIE Certificate Request")
+	Exit Sub
+  End If
+
+'  If (TheForm.SSLClient.value = Empty AND
+'      TheForm.SMIME.value = Empty AND
+'      TheForm.ObjectSigning.value = Empty) Then
+'	ret = MsgBox("You must select atleast one certificate type", 0, 
+'		"MSIE Certificate Request")
+'	Exit Sub
+'  End If
+	
+
+  ' Contruct the X500 distinguished name
+  szName = formulateDN()
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+  Enroll.GenKeyFlags = 1        ' key exportable
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.pkcs10Request.Value = szCertReq
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Directory Based User Enrollment
+</font>
+<br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Use this form to submit a request for a personal certificate through your 
+  organization's directory. With directory based enrollment, you need only 
+  supply your user DN and password for the directory; the directory 
+  supplies the rest of the information needed for certificate issuance. 
+  If the user DN and password are correct your certificate will be issued 
+  automatically.
+</font>
+
+<table border="0" cellspacing="0" cellpadding="2" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      <b>Important:	</b></font>
+    </td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Be sure to request your certificate on the same computer 
+      on which you plan to use your certificate.</font>
+    </td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<script lang="javascript">
+<!--//
+if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 ||
+    typeof(crypto.version) != "undefined")) {
+    document.write('<form name="ReqForm" method="post" action="/enrollment">');
+} else {
+    document.write('<form name="ReqForm" method="post" action="/enrollment" '+
+                   'onSubmit="return validate(document.forms[0])">');
+}
+//-->
+</script>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  <b>User's Identity</b>
+<br>
+  Enter your user DN and password for your organization's directory.
+  This information will be used to verify your identity and to obtain
+  information from the directory to fill in the certificate.
+<br>
+</font>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td width="25%" valign="TOP"> 
+      <div align="RIGHT">
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User DN: </font>
+      </div>
+    </td>
+    <td valign="TOP"> 
+      <input type="TEXT" name="udn" size="45">
+    </td>
+  </tr>
+</table>
+
+<table border="0" width="100%" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td width="25%" valign="TOP"> 
+      <div align="RIGHT">
+      <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Password: </font> 
+      </div>
+    </td>
+    <td valign="TOP"> 
+      <input type="PASSWORD" name="pwd" AutoComplete=off size="45">
+    </td>
+  </tr>
+</table>
+
+<!-- for Netscape Certificate Type Extension -->
+<input type="HIDDEN" name="email" value="true">
+<input type="HIDDEN" name="ssl_client" value="true">
+<!-- for Key Usage Extension -->
+<input type="HIDDEN" name="digital_signature" value=true>
+<input type="HIDDEN" name="non_repudiation" value=true>
+<input type="HIDDEN" name="key_encipherment" value=true>
+<br>
+
+
+<script lang="javascript">
+<!--//
+if (navigator.appName == "Netscape" &&
+    (navMajorVersion() <= 3 || typeof(crypto.version) == 'undefined')) {
+
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('<b>Public/Private Key Information</b><br>');
+    document.writeln(
+        'When your submit this form, your browser generates a private and '+
+        'public key. The browser retains the private key and submits the '+
+        'public key along with your request for a certificate. '+
+        'The public key becomes part of your certificate. '+
+        '<P>'+
+        'Select the length of the key to generate. The longer the key '+ 
+        'length the greater the strength. You may want to check with your '+
+        'system administrator about the length of key to specify.');
+    document.writeln('</font>');
+
+    document.writeln('<table border="0" width="100%" cellspacing="2" cellpadding="2">');
+	document.writeln('<tr><td width="25%" valign=TOP>');
+	document.writeln('<div align=right>');
+	document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Key Length: ');
+	document.writeln('</font>');
+	document.writeln('</div>');
+	document.writeln('</td>');
+	document.write('<td valign=TOP>');
+    document.write('<KEYGEN name="subjectKeyGenInfo">');
+	document.write('</td></tr></table>');
+}
+
+
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('<b>Public/Private Key Information</b><br>');
+    document.writeln(
+        'When you submit this form, your browser generates a private and '+
+        'public key. The browser retains the private key and submits the '+
+        'public key along with your request for a certificate. '+
+        'The public key becomes part of your certificate. '+
+        '<P>'+
+        'The Microsoft Base Cryptographic provider offers 512-bit key '+
+        'encryption which is adequate for most applications today, '+
+        'but you may select the Enhanced option if your browser offers '+
+        'this choice and you require the higher encryption strength. '+
+        'You may want to check with your system administrator about '+
+        'the provider to specify.');
+    document.writeln('</font>');
+
+    document.writeln('<p>');
+    document.writeln('<td>');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Cryptographic Provider:');
+    document.writeln('</font>');
+    document.writeln('</td>');
+    document.writeln('<td>');
+    document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+    document.writeln('</td>');
+    document.writeln('<p>');
+}
+
+
+document.writeln('<table border="0" width="100%" cellspacing="0" cellpadding="6" '+
+                 'bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">');
+document.writeln('<tr><td width=100%> <div align="RIGHT">');
+
+if (navigator.appName == "Netscape" && (navMajorVersion() <= 3 ||
+    typeof(crypto.version) == "undefined")) {
+	document.writeln('<input type="submit" value="Submit" '+
+		             'name="submit" width="72">');
+} else if ((navigator.appName == "Microsoft Internet Explorer") ||
+            (navigator.appName == "")) {
+    document.writeln('<input type="submit" value="Submit" '+
+                     'name="Send" width="72">');
+} else {
+    document.writeln('<input type="button" value="Submit" '+
+                     'name="submitbutton" '+
+                     'onclick="validate(form)" width="72">');
+}
+
+document.write('<img src="/ca/ee/graphics/spacer.gif" width="6" height="6">' +
+               '<input type="reset" value="Reset" name="reset" width="72">' +
+               '<input type="hidden" name="certType" value="client">' +
+               '<input type="hidden" name="authenticator" ' +
+               ' value="UserDnEnrollment">');
+
+if (navigator.appName == 'Netscape') {
+    if ((navMajorVersion() > 3) && 
+        (typeof(crypto.version) != 'undefined')) {
+        document.write('<input type=hidden name=CRMFRequest value="">');
+        document.write('<input type=hidden name=cmmfResponse value=true>');
+        //document.write('<input type=hidden name=certNickname value="">');
+    } else {
+        document.write('<input type="hidden" name="importCert" value="off">');
+    }
+} else if ((navigator.appName == "Microsoft Internet Explorer") ||
+           (navigator.appName == "")) {
+    // navigator.appName == "" is for IE 3.
+    document.write('<input type="hidden" name="pkcs10Request" value="">');
+}
+document.writeln('</div></td></tr></table>');
+//-->
+</script>
+
+</form>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+
+FindProviders
+
+Function FindProviders
+    Dim i, j
+    Dim providers()
+    i = 0
+    j = 1
+    Dim el
+    Dim temp
+    Dim first
+    Dim TheForm
+    Set TheForm = document.ReqForm
+    On Error Resume Next
+    first = 0
+
+    Do While True
+    temp = ""
+    Enroll.providerType = j
+    temp = Enroll.enumProviders(i,0)
+    If Len(temp) = 0 Then
+    If j < 1 Then 
+      j = j + 1
+      i = 0 
+    Else
+      Exit Do
+    End If
+    Else
+    set el = document.createElement("OPTION")
+    el.text = temp
+    el.value = j 
+    TheForm.cryptprovider.add(el)
+    If first = 0  Then
+      first = 1
+      TheForm.cryptprovider.selectedIndex = 0
+    End If
+    i = i + 1
+    End If
+    Loop
+
+End Function
+
+-->
+</SCRIPT>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserRenewal.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserRenewal.html
new file mode 100644
index 000000000..4e4ebec5f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserRenewal.html
@@ -0,0 +1,98 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>User Certificate Renewal</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"> </SCRIPT>
+</head>
+<body bgcolor="#FFFFFF" onload=checkClientTime()>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User Certificate Renewal</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Use this form to renew your certificate automatically. 
+  <p> 
+  After you click the Submit button, a window will pop up with a list of 
+  certificates you can send to the server. Select the 
+  certificate you want to renew from this window. 
+  </font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> 
+      </font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	Be sure to make this request on the same computer on which you plan to use 
+	your renewed certificate.
+	</font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<form method="post" action="/renewal">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>
+        </b><br>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+          </font> 
+        </div>
+      </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="requestFormat" value="clientAuth">
+				<input type="hidden" name="certType" value="client">
+				<input type="hidden" name="doSslAuth" value="on">
+<script lang=javascript>
+//<!--
+				if (navigator.appName == 'Netscape') {
+					document.write(
+						'<input type="hidden" name="importCert" value="off">');
+				}
+//-->
+</script>
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserRevocation.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserRevocation.html
new file mode 100644
index 000000000..50cca6507
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/UserRevocation.html
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<TITLE>User Certificate Revocation Form</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">User Certificate Revocation</font><br>
+  <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+  Use this form to revoke your certificate automatically.
+<p>
+  After you click the submit button, a window will pop up with a list of 
+  certificates you can send to the server. Select the certificate you 
+  want to revoke from this window.
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP"> 
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b> 
+      </font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	This is an irreversible operation. If you still want to continue, 
+	be sure to request revocation on the computer where the private key and 
+	certificate to be revoked are stored.
+	</font></td>
+  </tr>
+</table>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<form method="post" action="revocation">
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr> 
+      <td colspan="2" valign="TOP"><font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"><b>
+	  Revocation Reason</b><br>
+Select a revocation reason</font></td>
+    </tr>
+    <tr> 
+      <td valign="TOP"> 
+        <div align="RIGHT">
+          <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif"> 
+          </font> 
+        </div>
+      </td>
+	  <td>
+		<font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+		<input type="radio" checked name="reasonCode" value=0>
+		Unspecified<br>
+		<input type="radio" name="reasonCode" value=1>
+		Key Compromise<br>
+		<!--input type="radio" name="reasonCode" value=2-->
+		<!-- CA Compromise<br> -->
+		<input type="radio" name="reasonCode" value=3>
+		Affiliation Changed<br>
+		<input type="radio" name="reasonCode" value=4>
+		Superseded<br>
+		<input type="radio" name="reasonCode" value=5>
+		Cessation of Operation<br>
+		<!--input type="radio" name="reasonCode" value=6-->
+		<!--Certificate Hold<br>-->
+		<!--Value 7 is not used-->
+		<!--input type="radio" name="reasonCode" value=8-->
+		<!--Remove from CRL<br>-->
+		<input type="radio" name="reasonCode" value=9>
+		Privilege Withdrawn<br>
+		<!--input type="radio" name="reasonCode" value=10-->
+		<!--AA Compromise<br>-->
+		</font>
+	  </td>
+    </tr>
+    <tr> 
+      <td valign="TOP" colspan="2"> 
+        <table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#cccccc" background="/ca/ee/graphics/gray90.gif">
+          <tr> 
+            <td> 
+              <div align="RIGHT">
+                <input type="submit" value="Submit" name="submit" width="72">
+				<input type="hidden" name="op" value="RevocationRequest">
+				<input type="hidden" name="certType" value="client">
+				<input type="hidden" name="templateType" value="RevocationConfirmation">
+				<input type="hidden" name="doSslAuth" value="on">
+                <img src="/ca/ee/graphics/spacer.gif" width="6" height="6"> 
+                <input type="reset" value="Reset" name="reset" width="72">
+              </div>
+            </td>
+          </tr>
+        </table>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/bench2k.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/bench2k.html
new file mode 100755
index 000000000..ab667f47f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/bench2k.html
@@ -0,0 +1,58 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.5 [en] (WinNT; U) [Netscape]">
+   <title>benchmark1</title>
+</head>
+<body>
+This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>This is a file used for benchmarking HTTP Operations.
+<br>&nbsp;
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/checkRequest.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/checkRequest.html
new file mode 100644
index 000000000..e315aa817
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/checkRequest.html
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Check Request Status</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Check Request Status</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to verify status of the specified certificate request.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<form ACTION="checkRequest" METHOD=POST>
+
+<p>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2>
+  <tr>
+    <td><input type=RADIO name="format" value="id" checked></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Enter a request identifying number (in decimal form).</font>
+    </td>
+  </tr>
+    <td></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Request identifier:&nbsp;</font>
+      <input type=text size=10 MAXLENGTH=99 name="requestId" value="">
+    </td>
+  </tr>
+
+</table>
+
+<p>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/ca/ee/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <input type="submit" value="Submit" name="submit" width="72">
+      &nbsp;&nbsp;&nbsp;
+    </td>
+  </tr>
+</table>
+</form>
+</body>
+</html>
+
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayBySerial.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayBySerial.template
new file mode 100644
index 000000000..e01e4e123
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayBySerial.template
@@ -0,0 +1,224 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display Certificate</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+    navMajorVersion() > 3 &&
+	typeof(crypto.version) != "undefined") {
+	document.write(
+		'<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT LANGUAGE="JavaScript">
+document.write(addEscapes(result.header.certPrettyPrint));
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<p>
+Base 64 encoded certificate with CA certificate chain in pkcs7 format
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.pkcs7ChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Importing this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To import the certificate into your client, click the following button.
+</font>
+<p>
+
+<OBJECT
+	classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+	CODEBASE="/xenroll.dll"
+	id=Enroll    >
+</OBJECT>
+
+<SCRIPT LANGUAGE=VBS>
+<!--
+'========================================================
+'
+' In VBS, there are several ways in which the event handler for the
+' click event can be bound to the right control. We use one of the
+' methods here, which indicates the binding by appending the
+' event name to the control name with an intervening '_'.
+'
+'========================================================
+    Sub ImportCertificate_OnClick
+
+		Dim pkcs7
+
+		On Error Resume Next
+
+		'Convert the cert to PKCS7 format
+		pkcs7 = result.header.pkcs7ChainBase64
+		If (IsEmpty(pkcs7) OR theError <> 0) Then
+			ret = MsgBox("Could not convert certificate to PKCS7 format", 0, "Import Cert")
+			Exit Sub
+		End If
+
+		'Import the PKCS7 object
+		Enroll.DeleteRequestCert = FALSE
+		Enroll.WriteCertToCSP = true
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number <> 0 then
+			Enroll.WriteCertToCSP = false
+		end if
+		err.clear
+		Enroll.acceptPKCS7(pkcs7)
+		if err.number = 0 then
+			MsgBox "Certificate has been successfully imported."
+		else 
+			sz = "Error in acceptPKCS7. Error Number " & Hex(err.number) & "occurred."
+			MsgBox sz
+		end if
+
+		Exit Sub
+
+	End Sub
+-->
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+document.write("<center>");
+var loc = 'getBySerial?serialNumber='+ result.header.serialNumber;
+if (navigator.appName == "Netscape") {
+	loc = loc + '&importCert=true';
+	if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+		loc = loc + '&cmmfResponse=true';
+	}
+}
+document.write('<form>\n'+
+			   '<INPUT TYPE=\"button\" VALUE=\"Import Your Certificate\"'+
+			   ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+			   '</form>\n');
+//document.write('<INPUT TYPE=BUTTON VALUE=\"Import Certificate\" NAME=\"ImportCertificate\">');
+
+if (navigator.appName == "Netscape" &&
+    result.header.emailCert != null &&
+    result.header.emailCert == true) {
+    var loc1 = 'getBySerial?serialNumber='+ result.header.serialNumber;
+	if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+		loc1 = loc1 + '&cmmfResponse=true';
+	}
+	else {
+		loc1 = loc1 + '&importCert=true&emailCert=true';
+	}
+	document.write('<form>\n'+
+					'<INPUT TYPE=\"button\" VALUE=\"Import S/MIME Certificate\"'+
+					' onClick=\"location.href=\''+ loc1 + '\'\">\n'+
+					'</form>\n');
+}
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayBySerial2.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayBySerial2.template
new file mode 100644
index 000000000..909cf8030
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayBySerial2.template
@@ -0,0 +1,131 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display Certificate</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+    navMajorVersion() > 3 &&
+	typeof(crypto.version) != "undefined") {
+	document.write(
+		'<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT LANGUAGE="JavaScript">
+document.write(result.header.certPrettyPrint);
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Downloading this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To download the certificate into your system, click the following button.
+</font>
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+document.write("<center>");
+var loc = '/getBySerial?serialNumber='+ result.header.serialNumber;
+document.write('<form>\n'+
+			   '<INPUT TYPE=\"button\" VALUE=\"Download This Certificate\"'+
+			   ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+			   '</form>\n');
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCRL.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCRL.template
new file mode 100644
index 000000000..2b98ed588
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCRL.template
@@ -0,0 +1,227 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>CRL Info</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Certificate Revocation List
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function doNext()
+{
+    var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+             result.header.crlIssuingPoint: "MasterCRL";
+    var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+             result.header.crlDisplayType: "entireCRL";
+    var loc = location.protocol + '//' + location.hostname + ':' +
+              location.port + '/ca/ee/ca/getCRL?op=displayCRL&crlIssuingPoint='+ip+
+              '&crlDisplayType='+dt+'&pageStart='+
+              (parseInt(result.header.pageStart)+parseInt(document.displayCRLForm.pageSize.value))+
+              '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+    location.href = loc;
+}
+
+function doPrevious()
+{
+    var ip = (result.header.crlIssuingPoint != null && result.header.crlIssuingPoint.length > 0)?
+             result.header.crlIssuingPoint: "MasterCRL";
+    var dt = (result.header.crlDisplayType != null && result.header.crlDisplayType.length > 0)?
+             result.header.crlDisplayType: "entireCRL";
+    var loc = location.protocol + '//' + location.hostname + ':' +
+              location.port + '/ca/ee/ca/getCRL?op=displayCRL&crlIssuingPoint='+ip+
+              '&crlDisplayType='+dt+'&pageStart='+
+              (parseInt(result.header.pageStart)-parseInt(document.displayCRLForm.pageSize.value))+
+              '&pageSize='+parseInt(document.displayCRLForm.pageSize.value);
+    location.href = loc;
+}
+
+
+if (result.header.toDo != null && result.header.toDo == "displayCRL") {
+    if (result.header.crlNumber != null &&
+        (result.header.crlSize != null || result.header.deltaCRLSize != null) &&
+        result.header.crlIssuingPoint != null) {
+
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list summary</font></td></tr></table>');
+
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr><td align="right" width="40%">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('CRL issuing point:</font></td>');
+        document.writeln('<td align="left">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln(result.header.crlIssuingPoint+'</font></td></tr>');
+        document.writeln('<tr><td align="right" width="40%">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('CRL number:</font></td>');
+        document.writeln('<td align="left">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln(result.header.crlNumber+'</font></td></tr>');
+        document.writeln('<tr><td align="right" width="40%">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Number of CRL entries:</font></td>');
+        document.writeln('<td align="left">');
+        document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+        if (result.header.deltaCRLSize != null)
+            document.writeln(result.header.deltaCRLSize+'</font></td></tr>');
+        else
+            document.writeln(result.header.crlSize+'</font></td></tr>');
+        if (result.header.crlDescription != null) {
+            document.writeln('<tr><td align="right" width="40%">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('CRL issuing point description:</font></td>');
+            document.writeln('<td align="left">');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln(result.header.crlDescription+'</font></td></tr>');
+        }
+        document.writeln('</table><br>');
+    }
+    if (result.header.crlPrettyPrint != null) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list contents</font></td></tr></table>');
+        document.writeln('<pre>');
+        document.writeln(result.header.crlPrettyPrint);
+        document.writeln('</pre>');
+    }
+    if (result.recordSet.length > 0) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+        document.writeln('<pre>');
+        document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+        for (var i = 0; i < result.recordSet.length; i++) {
+            document.writeln(result.recordSet[i].crlBase64Encoded);
+        }
+        document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+        document.writeln('</pre>');
+    } else if (result.header.crlBase64 != null) {
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list base64 encoded</font></td></tr></table>');
+
+        document.writeln('<pre>');
+        document.writeln('-----BEGIN CERTIFICATE REVOCATION LIST-----');
+        document.writeln(result.header.crlBase64);
+        document.writeln('-----END CERTIFICATE REVOCATION LIST-----');
+        document.writeln('</pre>');
+    }
+    if (result.header.crlPrettyPrint == null &&
+        result.header.crlBase64 == null &&
+        result.recordSet.length == 0) {
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        document.writeln('Certificate revocation list is not found.');
+        if (result.header.error != null) {
+            document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;Additional information:');
+            document.writeln('<br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;');
+            document.writeln(result.header.error);
+        }
+        document.writeln('</font>');
+    }
+    if (result.header.crlSize != null &&
+        result.header.pageSize != null &&
+        result.header.pageStart != null &&
+        (parseInt(result.header.crlSize) > parseInt(result.header.pageSize))) {
+
+        document.writeln('<FORM NAME="displayCRLForm" ACTION="getCRL" METHOD=POST>');
+        document.writeln('<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">');
+        document.writeln('<tr><td ALIGN=LEFT BGCOLOR="#E5E5E5">');
+        document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+        var upperLimit = 0;
+        if (parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1 >
+            parseInt(result.header.crlSize)) {
+            upperLimit = parseInt(result.header.crlSize);
+        } else {
+            upperLimit = parseInt(result.header.pageStart)+parseInt(result.header.pageSize)-1;
+        }
+        document.writeln(result.header.pageStart+'-'+upperLimit+
+                         ' of '+result.header.crlSize+' CRL entries');
+        document.writeln('</font></td>');
+        document.writeln('<td ALIGN=RIGHT BGCOLOR="#E5E5E5">');
+        var n = 0;
+        if (parseInt(result.header.pageStart) > 1) {
+            document.writeln('<INPUT TYPE="button" VALUE="Previous" width="72"'+
+                             ' onClick="doPrevious();">&nbsp;');
+            n++;
+        }
+        if (parseInt(result.header.pageStart) + parseInt(result.header.pageSize) - 1 <
+            parseInt(result.header.crlSize)) {
+            document.writeln('<INPUT TYPE="button" VALUE="Next" width="72"'+
+                             ' onClick="doNext();">&nbsp;');
+            n++;
+        }
+        if (n > 0) {
+            document.writeln('<INPUT TYPE=text SIZE=4 MAXLENGTH=8 NAME=pageSize VALUE='+
+                             result.header.pageSize+'>&nbsp;');
+        }
+
+        document.writeln('</td></tr></table>');
+        document.writeln('</FORM>');
+    }
+
+} else if (result.header.toDo != null &&
+           (result.header.toDo == "checkCRL" || result.header.toDo == "checkCRLcache")) {
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    if (result.header.isOnCRL != null && result.header.isOnCRL == true &&
+        result.header.certSerialNumber != null) {
+        document.writeln('Certificate serial number '+
+                          result.header.certSerialNumber +
+                         ' is on the certificate revocation list.');
+    } else if (result.header.isOnCRL != null && result.header.isOnCRL == true) {
+        document.writeln('The requested certificate serial number'+
+                         ' is on the certificate revocation list.');
+    } else if (result.header.isOnCRL != null && result.header.isOnCRL == false &&
+        result.header.certSerialNumber != null) {
+        document.writeln('Certificate serial number '+
+                          result.header.certSerialNumber +
+                         ' is not on the certificate revocation list.');
+    } else if (result.header.isOnCRL != null && result.header.isOnCRL == false) {
+        document.writeln('The requested certificate serial number'+
+                         ' is not on the certificate revocation list.');
+    }
+    document.writeln('</font>');
+} else {
+    document.writeln('Unknown operation.');
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCaCert.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCaCert.template
new file mode 100644
index 000000000..7ce74f91f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCaCert.template
@@ -0,0 +1,111 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>CA Certificate Chain</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+CA Certificate Chain
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width=
+"100%">
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (result.header.displayFormat == "chain") {
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="+1">');
+    document.writeln('<center><b>' + result.header.subjectdn);
+    document.writeln('</b></center><p></font><br>');
+    document.writeln('<pre>');
+    document.writeln('-----BEGIN CERTIFICATE-----');
+    document.writeln(result.header.chainBase64);
+    document.writeln('-----END CERTIFICATE-----');
+    document.writeln('</pre>');
+} else if (result.header.displayFormat == "individual") {
+    if (result.recordSet.length == 0) {
+    	document.write(
+            "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">No Certificates Found in CA chain</font>\n");
+    } else {
+        document.write("\n"+
+            "<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+            "Total number of certificates: "+ result.header.length +
+            "</font><p>\n");
+        for(var i = 0; i < result.recordSet.length; ++i ) {
+            displayCertificate(result.recordSet[i],i+1);
+        }
+    }
+} else {
+    document.writeln('Unknown operation.');
+}
+
+function displayCertificate(cert,i)
+{
+    document.writeln('<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">' + '\n' +
+    '  <tr>' + '\n' +
+    '    <td>&nbsp;</td>' + '\n' +
+    '  </tr>' + '\n' +
+    '</table>' + '\n' +
+    '<br>');
+    document.writeln("Certificate " + i + ": <p>");
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate Subject DN </font></td></tr></table>');
+    document.writeln('');
+    document.writeln("<b>"+cert.subjectdn+"</b><p>");
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate in base64 encoded format </font></td></tr></table>');
+    document.writeln('');
+    document.writeln('<pre>');
+    document.writeln('-----BEGIN CERTIFICATE-----');
+    document.writeln(cert.base64);
+    document.writeln('-----END CERTIFICATE-----');
+    document.writeln('</pre>');
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate Contents </font></td></tr></table>');
+    document.writeln("<pre>");
+    document.writeln(cert.certDetails);
+    document.writeln("</pre>");
+    document.writeln("<p>");
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate Fingerprint </font></td></tr></table>');
+    document.writeln('');
+    document.writeln("<p><pre>"+cert.fingerprints+"</pre></font><p>");
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCertFromRequest.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCertFromRequest.template
new file mode 100644
index 000000000..d30744150
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/displayCertFromRequest.template
@@ -0,0 +1,177 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>
+CS Enroll Request Success
+</TITLE>
+
+<script language="javascript">
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+
+function displayCert(cert)
+{
+	document.writeln(
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="+1">'+
+		'Certificate 0x'+ cert.serialNo+
+		'</font><br>');
+	document.writeln(
+		'<table border="0" cellspacing="0" cellpadding="0" '+
+		'background="/ca/ee/graphics/hr.gif" width="100%">'+
+		'<tr>'+
+		'<td>&nbsp;</td>'+
+		'</tr>'+
+		'</table>');
+
+	document.writeln(
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Certificate contents</font></td></tr></table>'+
+		'<pre>'+
+		cert.certPrettyPrint+
+		'</pre>');
+
+	document.writeln('<p>'+
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Certificate fingerprint</font></td></tr></table>'+
+		'<pre>'+
+		cert.certFingerprint+
+		'</pre>'+
+		'</font>');
+
+		document.writeln('<p>'+
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Installing this certificate in a server</font></td></tr></table>'+
+		'<p>'+
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+		'The following format can be used to install this certificate '+
+		'into a server.'+
+		'</font>'+
+		'<p><pre>'+
+		//'-----BEGIN CERTIFICATE-----'+
+		cert.base64Cert+
+		//'-----END CERTIFICATE-----'+
+		'</pre>');
+
+}
+
+function importCertificates(numCerts, requestId)
+{
+	var grammar = 'this';
+	var plural = '';
+	if (numCerts > 1) {
+		grammar = 'these';
+		plural = 's'
+	}
+	document.writeln( '<p>'+
+		'<table border="0" cellspacing="2" cellpadding="2" width="100%">'+
+		'<tr align="left" bgcolor="#e5e5e5"><td align="left">'+
+		'<font face="PrimaSans BT, Verdana, sans-serif" size="-1">'+
+		'Importing certificate</font></td></tr></table>'+
+		'<p>'+
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">'+
+		'To import '+grammar+' certificate'+plural+' into your client, '+
+		'click the following button.'+
+		'</font>'+
+		'<p>');
+
+	var loc = '/getCertFromRequest?requestId='+result.header.requestId;
+	if (navigator.appName == "Netscape") {
+		if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") 
+			loc = loc+'&cmmfResponse=true';
+		else 
+			loc = loc + '&importCert=true';
+	}
+	document.writeln('<center>');
+	document.writeln('<form>\n'+
+					 '<INPUT TYPE=\"button\" VALUE=\"Import Certificate'+
+					 plural+'\"'+
+					 ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+					 '</form>\n');
+	document.writeln('</center>');
+}
+</script>
+
+<!--BODY bgcolor="white"-->
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+//document.writeln('<P>');
+//document.writeln('host  '+result.fixed.host+'<BR>');
+//document.writeln('port  '+result.fixed.port+'<BR>');
+//document.writeln('scheme  '+result.fixed.scheme+'<BR>');
+//document.writeln('authority  '+result.fixed.authorityName+'<BR>');
+
+//document.writeln('<P>');
+//document.writeln('Issued Certs: ');
+
+if (result.recordSet == null || result.recordSet.length == 0) {
+	document.writeln('<BLOCKQUOTE><B><PRE>');
+	document.writeln('No further details provided.');
+	document.writeln('Please consult your local administrator for assistance.');
+	document.writeln('</BLOCKQUOTE></B></PRE>');
+} else {
+	//document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].serialNo != null) {
+			displayCert(result.recordSet[i]);
+		}
+	}
+	//document.writeln('</UL>');
+	importCertificates(result.recordSet.length, result.header.requestId);
+
+}
+//document.writeln('</PRE></B></BLOCKQUOTE>');
+document.writeln('<P>');
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/enrollMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/enrollMenu.html
new file mode 100644
index 000000000..cebdc1aec
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/enrollMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Enrollment Menu</title>
+</head>
+
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[0].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/index.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/index.html
new file mode 100644
index 000000000..4388c58c6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/index.html
@@ -0,0 +1,388 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/ca/ee/graphics/favicon.ico" />
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+<script lang="javascript" src="/ca/ee/cms-funcs.js"></script>
+<script lang="javascript">
+<!--//
+function doResize() {
+    // used by tabs.html
+    // don't call resize for IE - it sometimes crashes
+    if (navigator.appName == 'Netscape' &&
+        ((navMajorVersion() < 4) ||
+         (typeof(crypto.version) == "undefined"))) {
+        top.reloadTabs(-1);
+    }
+}
+
+function tabItem(name, link, menu, defaultIndex)
+{
+	this.name = name;
+	this.blackname = name.fontcolor('black');
+	this.whitename = name.fontcolor('white');
+	this.link = link;
+	this.menu = menu;
+	this.defaultIndex = defaultIndex;
+	this.currentIndex = defaultIndex;
+}
+
+function initTabs()
+{
+
+	top.tabs = new Array();
+
+	var name;
+    top.tabsCount=0;
+
+	name = 'Enrollment / Renewal';
+	top.tabs[top.tabsCount++] = new tabItem(name, 'profileMenu.html', 
+								 top.ProfileMenu, 1);
+	if (http != 'true') {
+	  name = 'Revocation';
+	  top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html',
+								 top.RevocationMenu, 0);
+	}
+
+	name = 'Retrieval';
+	top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html',
+								 top.RetrievalMenu, 0);
+
+    top.tabsSelectedIndex = 0;
+
+}
+
+
+function menuItem(name, link, desc)
+{
+	this.name = name;
+	this.link = link;
+	this.seldesc   = desc.fontcolor('blue');  // text when selected
+	this.unseldesc = desc.fontcolor('black');   // text when unselected
+	this.desc = desc;
+}
+
+function initMenus()
+{
+	initProfileMenu();
+	if (http != 'true') {
+	  initRevocationMenu();
+	}
+	initRecoveryMenu();
+	initRetrievalMenu();
+}
+
+function initProfileMenu()
+{
+	top.ProfileMenu = new Array();
+
+	var name = 'profileList';
+	top.ProfileMenu[0] = new menuItem(name, 'profileList',
+						   'List Certificate Profiles');
+}
+
+function tableItem(name, items)
+{
+	this.name = name; 
+	this.menuItems = items;
+}
+
+
+// Check if a particular authmanager is enabled.
+// The 'authamanager' array is set in 
+// dynamic javascript in the URL /dynamicVars.js
+
+function isAuthMgrEnabled(name)
+{
+	// handle the case when no auth manager is configured
+        if (typeof(authmanager) == 'undefined') {
+               return false;
+        }
+	for (var k=0; k<authmanager.length; k++) {
+		if (authmanager[k] == name) {
+			return true;
+		}
+	}
+	return false;
+}
+
+function initRevocationMenu()
+{
+	top.RevocationMenu = new Array();
+
+	var name='usercert';
+	top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html',
+							  'User Certificate');
+	//name='servercert';
+	//top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html',
+	//					      'Server Certificate');
+
+  //  name='othercert';
+   // top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html',
+    //                          'Certificate (challenge phrase-based)');
+    name='othercert';	
+    top.RevocationMenu[1] = new menuItem(name, 'CMCRevReq.html',
+                              'CMC Revoke');
+}
+
+function initRecoveryMenu()
+{
+	top.RecoveryMenu = new Array();
+	var name;
+
+	name = 'keyRecovery';
+	top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html',
+							'Key Recovery');
+}
+
+function initRetrievalMenu()
+{
+	top.RetrievalMenu = new Array();
+	var name;
+	var count=0;
+
+	name = 'checkrequest';
+	top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html',
+							 'Check Request Status');
+
+  if (subsystemname != 'ra') {
+	name = 'listcerts';
+	top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html',
+							 'List Certificates');
+	name = 'searchcerts';
+	top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html',
+							 'Search Certificates');
+  }
+	name = 'getcachain';
+	top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html',
+							 'Import CA Certificate Chain');
+
+  if (subsystemname != 'ra') {
+	name = 'reviewcrl';
+	if (clacrlurl != '') {
+		top.RetrievalMenu[count++] = new menuItem(name, clacrlurl,
+					 'Import Certificate Revocation List');
+	} else {
+		top.RetrievalMenu[count++] = new menuItem(name, 'getInfo?template=/ee/ca/toDisplayCRL',
+					 'Import Certificate Revocation List');
+	}
+  }
+}
+
+// This method draws the left panel
+
+function loadMenu(menu)
+{
+
+	with (top.left.document) {
+        writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">');
+		writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>');
+		writeln('<tr>');
+		writeln('<td>');
+
+		var selbgcol   = '#cccccc';  // cell's background col when selected
+		var unselbgcol = '#cccccc';  //   ""          ""           unselected
+
+		for (var k=0; k<menu.length; k++) {
+			writeln('<tr>');
+
+			// We check if the link is empty. If it is, this means the
+			// menu item should be rendered as a 'title'. See the
+			// 'Browser' heading in initEnrollMenu as an example
+
+            if (menu[k].link != '') {
+
+    			if (k == top.tabs[top.tabsSelectedIndex].currentIndex) {
+
+					// Draw the current element in 'selected' state
+
+	    			writeln('<td bgcolor="'+selbgcol+'">');
+		    		writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+							'<b>'+
+							'<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+								menu[k].link+
+							' target="cms_content" >'+
+							menu[k].seldesc+'</b></a></font>'
+							);
+			    }
+    			else {
+					// Draw the current element in 'unselected' state
+
+	    			writeln('<td bgcolor="'+unselbgcol+'">');
+		    		writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+							'<b>'+
+							'<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+								menu[k].link+
+							' target="cms_content" >'+
+							menu[k].unseldesc+'</b></a></font>'
+							);
+
+        		}
+
+          }
+          else {   // nice headers go here (enrollment menu)
+          		writeln('<td bgcolor=white>'+
+						'<font face="PrimaSans BT, Verdana, sans-serif"'+
+						'color=black>'+
+						'<b>'+
+                	menu[k].desc+'</b></font>');
+               }
+
+
+			writeln('</td>');
+			writeln('</tr>');
+		}
+
+		writeln('</table>');
+		writeln('</td>');
+		writeln('</tr>');
+		writeln('</table>');
+		close();
+	}
+
+}
+
+function reloadMenu(item)
+{
+	var curMenu = top.tabs[top.tabsSelectedIndex];
+	curMenu.currentIndex = item;
+	top.cms_content.location = curMenu.menu[item].link;
+	loadMenu(curMenu.menu);
+
+
+}
+
+
+function reloadMenuAndContent()
+{
+	var tab = top.tabs[top.tabsSelectedIndex];
+	tab.currentIndex = 0;
+	top.cms_content.location = tab.menu[tab.currentIndex].link;
+	reloadMenu(tab.currentIndex);
+}
+
+function reloadTabs(tabnum)
+{
+    if (tabnum != -1) {
+        top.tabsSelectedIndex = tabnum;
+    }
+    top.reloadMenuAndContent();
+
+//    if (navigator.appName != "Netscape") {
+//        top.reloadMenu(top.tabs[tabnum].defaultIndex);
+//    }
+
+    if ( navigator.appName == 'Netscape') {
+        top.tabsf.location.reload(false);
+    } else {
+       loadTabs();
+    }
+    if ( navigator.appName != 'Netscape') {
+       loadTabs();
+    }
+}
+
+
+
+function loadTabs()
+{
+	with (top.tabsf.document) {
+        writeln('<body onresize="top.doResize();" bgcolor="#4f52b5" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">');
+
+		writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#4f52b5">');
+		writeln('<tr><td>');
+		writeln('<table border=0 cellspacing=12 cellpadding=0>');
+		writeln('<tr>');
+		writeln('<td><img src="/ca/ee/graphics/logo_header.gif"></td>');
+		writeln('<td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>');
+	if (subsystemname == 'ca') {
+		writeln('<td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#cccccc" size="-2">&reg;</font></sup> Certificate Manager</b></font></td>');
+	} else {
+		writeln('<td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b><b>Dogtag<sup><font color="#cccccc" size="-2">&reg;</font></sup> Registration Manager</b></font></td>');
+	}
+		writeln('</tr>');
+		writeln('</table>');
+
+		writeln('<table border=0 cellspacing="0" cellpadding="0">');
+		writeln('<tr>');
+		writeln('<td><img src="/ca/ee/graphics/spacer.gif" width="12" height="12"></td>');
+
+		var index = top.tabsSelectedIndex;
+		for (var j=0; j < top.tabsCount; j++) {
+			if (j == index) {
+				writeln('<td><img src="/ca/ee/graphics/lgLeftTab.gif" width="13" height="21"></td>');
+				writeln('<td bgcolor="#cccccc" nowrap>'); 
+				writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+                    top.tabs[j].blackname+
+                    '</b></font></td>');
+				writeln('<td><img src="/ca/ee/graphics/lgRightTab2.gif" width="16" height="21">'+
+                '</td>');
+			}
+			else {
+				writeln('<td><img src="/ca/ee/graphics/dgLeftTab.gif" width="13" height="21"></td>');
+				writeln('<td bgcolor="#999999" nowrap>'+
+                    '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+				    '<a onclick=javascript:top.reloadTabs("'+
+                    j+'"); href='+
+                    top.tabs[j].link+' target="left"><b>'+
+                    top.tabs[j].whitename+'</b></a></font></td>');
+				writeln('<td><img src="/ca/ee/graphics/dgRightTab2.gif" width="16" height="21"></td>');
+			}
+		}
+
+		writeln('</tr>');
+		writeln('</table></td></tr>');
+        writeln('<tr bgcolor=#CCCCCC><td>&nbsp;<br>&nbsp;</td></tr>');
+		writeln('</tr>');
+		writeln('</table>');
+		close();
+
+	}
+}
+
+
+
+//-->
+</script>
+</head>
+
+<script lang="javascript">
+<!--//
+initMenus();
+initTabs();
+//-->
+</script>
+
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> 
+  <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0">
+  <frameset cols="140,1*" border="0" frameborder="NO"> 
+    <frame src="profileMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left">
+    <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content">
+  </frameset>
+  <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/index.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/index.html
new file mode 100644
index 000000000..d0d823416
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/index.html
@@ -0,0 +1,556 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/ca/ee/graphics/favicon.ico" />
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang="javascript" src="../cms-funcs.js"></script>
+<script lang="javascript">
+<!--//
+function doResize() {
+    // used by tabs.html
+    // don't call resize for IE - it sometimes crashes
+    if (navigator.appName == 'Netscape' &&
+        ((navMajorVersion() < 4) ||
+         (typeof(crypto.version) == "undefined"))) {
+        top.reloadTabs(-1);
+    }
+}
+
+function tabItem(name, link, menu, defaultIndex)
+{
+	this.name = name;
+	this.blackname = name.fontcolor('black');
+	this.whitename = name.fontcolor('white');
+	this.link = link;
+	this.menu = menu;
+	this.defaultIndex = defaultIndex;
+	this.currentIndex = defaultIndex;
+}
+
+function initTabs()
+{
+
+	top.tabs = new Array();
+
+	var name;
+    top.tabsCount=0;
+
+	name = 'Enrollment';
+	top.tabs[top.tabsCount++] = new tabItem(name, 'enrollMenu.html', 
+								 top.EnrollMenu, 1);
+	if (http != 'true') {
+	  name = 'Renewal';
+	  top.tabs[top.tabsCount++] = new tabItem(name, 'renewalMenu.html',
+	  							 top.RenewalMenu, 0);
+	  name = 'Revocation';
+	  top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html',
+								 top.RevocationMenu, 0);
+	}
+
+	name = 'Retrieval';
+	top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html',
+								 top.RetrievalMenu, 0);
+
+    top.tabsSelectedIndex = 0;
+
+}
+
+
+function menuItem(name, link, desc)
+{
+	this.name = name;
+	this.link = link;
+	this.seldesc   = desc.fontcolor('blue');  // text when selected
+	this.unseldesc = desc.fontcolor('black');   // text when unselected
+	this.desc = desc;
+}
+
+function initMenus()
+{
+	initEnrollMenu();
+	if (http != 'true') {
+	  initRenewalMenu();
+	  initRevocationMenu();
+	}
+	initRecoveryMenu();
+	initRetrievalMenu();
+}
+
+function initRenewalMenu()
+{
+	top.RenewalMenu = new Array();
+
+	var name = 'usercert';
+	top.RenewalMenu[0] = new menuItem(name, 'UserRenewal.html',
+						   'User Certificate');
+	//name = 'servercert';
+	//top.RenewalMenu[name] = new menuItem(name, 'ServerRenewal.html',
+	//					   'Server Certificate');
+}
+
+function tableItem(name, items)
+{
+	this.name = name; 
+	this.menuItems = items;
+}
+
+
+// Check if a particular authmanager is enabled.
+// The 'authamanager' array is set in 
+// dynamic javascript in the URL /dynamicVars.js
+
+function isAuthMgrEnabled(name)
+{
+	// handle the case when no auth manager is configured
+        if (typeof(authmanager) == 'undefined') {
+               return false;
+        }
+	for (var k=0; k<authmanager.length; k++) {
+		if (authmanager[k] == name) {
+			return true;
+		}
+	}
+	return false;
+}
+
+function initEnrollMenu()
+{
+	top.EnrollMenu = new Array();
+
+	var item;
+    var count=0;
+    menuItems = new Array();
+   // User enrollment stuff here
+
+    item = 'userenrolltitle';
+    menuItems[count] = top.EnrollMenu[count] = 
+	    new menuItem(item, '', 'Browser');
+    count++;
+
+	// 'Manual' enrollment - does not pass through any
+	// authentication plugin, so requests must be approved
+	// manually by the agent
+
+	item = 'manuser';
+	menuItems[count] = top.EnrollMenu[count] = 
+	    new menuItem(item, 'ManUserEnroll.html', 'Manual');
+    count++;
+
+
+	// UidPwdDirAuth - authenticates against an LDAP directory
+	//    with uid + pwd
+
+	if ( isAuthMgrEnabled("UidPwdDirAuth") ) {
+		item = 'diruser';
+		menuItems[count] = top.EnrollMenu[count] = 
+    		new menuItem(item, 'DirUserEnroll.html', 
+					 	'Directory');
+    	count++;
+	}
+
+	// UidPwdPinDirAuth - authenticates against an LDAP directory
+	//    with uid + pwd + one-time pin
+	if ( isAuthMgrEnabled("UidPwdPinDirAuth") ) {
+		item = 'pinuser';
+		menuItems[count] = top.EnrollMenu[count] = 
+    		new menuItem(item, 'DirPinUserEnroll.html', 
+					 	 	'Directory and Pin');
+    	count++;
+	}
+
+	// NISAuth - authenticates against NIS
+	if ( isAuthMgrEnabled("NISAuth") ) {
+		item = 'nisuser';
+		menuItems[count] = top.EnrollMenu[count] = 
+			new menuItem(item, 'NISUserEnroll.html', 'NIS');
+    
+    	count++;
+	}
+
+	// Kerberos - authenticates against a Kerberos server
+	if ( isAuthMgrEnabled("KerberosAuth") ) {
+		item = 'kerberos';
+		menuItems[count] = top.EnrollMenu[count] = 
+			new menuItem(item, 'KerberosBasedAuthentication.html', 'Kerberos');
+    	count++;
+	}
+
+	// PortalEnroll - allows a user to enroll if their uid
+	// does NOT already exist in the directory. I.e. they can
+	// create an account
+	if ( isAuthMgrEnabled("PortalEnroll") ) {
+		item = 'portaluser';
+		menuItems[count] = top.EnrollMenu[count] = 
+			new menuItem(item, 'PortalEnrollment.html', 'Portal');
+    	count++;
+	}
+
+  if (subsystemname != 'ra') {
+      if (http != 'true') {
+        // this one is directory based cert-based
+	if ( isAuthMgrEnabled("UidPwdDirAuth") ) {
+	  item = 'certBasedDualEnroll';
+	  menuItems[count] = top.EnrollMenu[count] = 
+		new menuItem(item, 'CertBasedDualEnroll.html', 'Certificate');
+          count++;
+        }
+      }
+ }
+ else {
+     if (http != 'true') {
+        // this one is directory based cert-based
+	if ( isAuthMgrEnabled("UidPwdDirAuth") ) {
+	  item = 'certBasedSingleEnroll';
+	  menuItems[count] = top.EnrollMenu[count] = 
+		new menuItem(item, 'CertBasedSingleEnroll.html', 'Certificate');
+          count++;
+        }
+     }
+ 
+//	item = 'certBasedEncEnroll';
+//	menuItems[count] = top.EnrollMenu[count] = 
+//		new menuItem(item, 'CertBasedEncryptionEnroll.html', 'Certificate');
+//   count++;
+//	item = 'certBasedSingleEnroll';
+//	menuItems[count] = top.EnrollMenu[count] = 
+//		new menuItem(item, 'CertBasedSingleEnroll.html', 'Certificate');
+//   count++;
+
+      }
+// Server Enrollment
+	item = 'serverenrolltitle';
+	menuItems[count] = top.EnrollMenu[count] = 
+		new menuItem(item, '', 'Server');
+    count++;
+
+	item = 'manserver';
+	menuItems[count] = top.EnrollMenu[count] = 
+		new menuItem(item, 'ManServerEnroll.html', 'SSL Server');
+    count++;
+
+	// if we're talking to a Registration Manager, don't allow the user to enroll
+	// for a RM or CM certificate.
+	item = 'manra';
+		menuItems[count] = top.EnrollMenu[count] = 
+			new menuItem(item, 'ManRAEnroll.html', 'Registration Manager');
+    count++;
+
+  if (subsystemname != 'ra') {
+	item = 'manca';
+	menuItems[count] = top.EnrollMenu[count] = 
+		new menuItem(item, 'ManCAEnroll.html', 'Certificate Manager');
+    count++;
+  }
+
+    item = 'manocsp';
+    menuItems[count] = top.EnrollMenu[count] =
+        new menuItem(item, 'OCSPResponder.html', 'OCSP Responder');
+    count++;
+
+	item = 'othertitle';
+	menuItems[count] = top.EnrollMenu[count] = 
+		new menuItem(item, '', 'Other');
+    count++;
+
+    item = 'manos';
+    menuItems[count] = top.EnrollMenu[count] =
+        new menuItem(item, 'ManObjSignEnroll.html', 'Object Signing (Browser)');
+    count++;
+
+    item = 'manospkcs';
+    menuItems[count] = top.EnrollMenu[count] =
+        new menuItem(item, 'ObjSignPKCS10Enroll.html', 'Object Signing (PKCS10)');
+    count++;
+    
+    item = 'mancmc';
+    menuItems[count] = top.EnrollMenu[count] =
+        new menuItem(item, 'CMCEnrollment.html', 'CMC Enrollment');
+    count++;
+
+}
+
+function initRevocationMenu()
+{
+	top.RevocationMenu = new Array();
+
+	var name='usercert';
+	top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html',
+							  'User Certificate');
+	//name='servercert';
+	//top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html',
+	//					      'Server Certificate');
+
+    name='othercert';
+    top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html',
+                              'Certificate (challenge phrase-based)');
+    name='othercert';	
+    top.RevocationMenu[2] = new menuItem(name, 'CMCRevReq.html',
+                              'CMC Revoke');
+}
+
+function initRecoveryMenu()
+{
+	top.RecoveryMenu = new Array();
+	var name;
+
+	name = 'keyRecovery';
+	top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html',
+							'Key Recovery');
+}
+
+function initRetrievalMenu()
+{
+	top.RetrievalMenu = new Array();
+	var name;
+	var count=0;
+
+	name = 'checkrequest';
+	top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html',
+							 'Check Request Status');
+
+  if (subsystemname != 'ra') {
+	name = 'listcerts';
+	top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html',
+							 'List Certificates');
+	name = 'searchcerts';
+	top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html',
+							 'Search Certificates');
+  }
+	name = 'getcachain';
+	top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html',
+							 'Import CA Certificate Chain');
+
+  if (subsystemname != 'ra') {
+	name = 'reviewcrl';
+	if (clacrlurl != '') {
+		top.RetrievalMenu[count++] = new menuItem(name, clacrlurl,
+					 'Import Certificate Revocation List');
+	} else {
+		top.RetrievalMenu[count++] = new menuItem(name, '/getInfo?template=toDisplayCRL',
+					 'Import Certificate Revocation List');
+	}
+  }
+}
+
+// This method draws the left panel
+
+function loadMenu(menu)
+{
+
+	with (top.left.document) {
+        writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">');
+		writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>');
+		writeln('<tr>');
+		writeln('<td>');
+
+		var selbgcol   = '#cccccc';  // cell's background col when selected
+		var unselbgcol = '#cccccc';  //   ""          ""           unselected
+
+		for (var k=0; k<menu.length; k++) {
+			writeln('<tr>');
+
+			// We check if the link is empty. If it is, this means the
+			// menu item should be rendered as a 'title'. See the
+			// 'Browser' heading in initEnrollMenu as an example
+
+            if (menu[k].link != '') {
+
+    			if (k == top.tabs[top.tabsSelectedIndex].currentIndex) {
+
+					// Draw the current element in 'selected' state
+
+	    			writeln('<td bgcolor="'+selbgcol+'">');
+		    		writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+							'<b>'+
+							'<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+								menu[k].link+
+							' target="cms_content" >'+
+							menu[k].seldesc+'</b></a></font>'
+							);
+			    }
+    			else {
+					// Draw the current element in 'unselected' state
+
+	    			writeln('<td bgcolor="'+unselbgcol+'">');
+		    		writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+							'<b>'+
+							'<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+								menu[k].link+
+							' target="cms_content" >'+
+							menu[k].unseldesc+'</b></a></font>'
+							);
+
+        		}
+
+          }
+          else {   // nice headers go here (enrollment menu)
+          		writeln('<td bgcolor=white>'+
+						'<font face="PrimaSans BT, Verdana, sans-serif"'+
+						'color=black>'+
+						'<b>'+
+                	menu[k].desc+'</b></font>');
+               }
+
+
+			writeln('</td>');
+			writeln('</tr>');
+		}
+
+		writeln('</table>');
+		writeln('</td>');
+		writeln('</tr>');
+		writeln('</table>');
+		close();
+	}
+
+}
+
+function reloadMenu(item)
+{
+	var curMenu = top.tabs[top.tabsSelectedIndex];
+	curMenu.currentIndex = item;
+	top.cms_content.location = curMenu.menu[item].link;
+	loadMenu(curMenu.menu);
+
+
+}
+
+
+function reloadMenuAndContent()
+{
+	var tab = top.tabs[top.tabsSelectedIndex];
+	tab.currentIndex = tab.defaultIndex;
+	top.cms_content.location = tab.menu[tab.currentIndex].link;
+	reloadMenu(tab.currentIndex);
+}
+
+function reloadTabs(tabnum)
+{
+    if (tabnum != -1) {
+        top.tabsSelectedIndex = tabnum;
+    }
+    top.reloadMenuAndContent();
+
+    if (navigator.appName != "Netscape") {
+        top.reloadMenu(top.tabs[tabnum].defaultIndex);
+    }
+
+    if ( navigator.appName == 'Netscape') {
+        top.tabsf.location.reload(false);
+    } else {
+       loadTabs();
+    }
+    if ( navigator.appName != 'Netscape') {
+       loadTabs();
+    }
+}
+
+
+
+function loadTabs()
+{
+	with (top.tabsf.document) {
+        writeln('<body onresize="top.doResize();" bgcolor="#9999cc" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">');
+
+		writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">');
+		writeln('<tr><td>');
+		writeln('<table border=0 cellspacing=0 cellpadding=0 width="100%" >');
+		writeln('<tr><td>');
+		writeln('<table border=0 cellspacing=12 cellpadding=0 width="100%">');
+		writeln('<tr>');
+		writeln('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Netscape<font color="#cccccc" size="-2">&reg;</font>'+
+            '<b><br>Certificate Management<br> System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>');
+		writeln('<td></td>');
+	if (subsystemname == 'ca') {
+		writeln('<td width=350 align=right><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Certificate Manager</b></font></td>');
+	}
+	else {
+		writeln('<td width=350><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Registration Manager</b></font></td>');
+	}
+		writeln('</tr>');
+		writeln('</table>');
+		writeln('</td></tr>');
+		writeln('</table>');
+
+		writeln('<table border=0 cellspacing="0" cellpadding="0">');
+		writeln('<tr>');
+		writeln('<td><img src="/graphics/spacer.gif" width="12" height="12"></td>');
+
+		var index = top.tabsSelectedIndex;
+		for (var j=0; j < top.tabsCount; j++) {
+			if (j == index) {
+				writeln('<td><img src="/graphics/lgLeftTab.gif" width="13" height="21"></td>');
+				writeln('<td bgcolor="#cccccc" nowrap>'); 
+				writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+                    top.tabs[j].blackname+
+                    '</b></font></td>');
+				writeln('<td><img src="/graphics/lgRightTab2.gif" width="16" height="21">'+
+                '</td>');
+			}
+			else {
+				writeln('<td><img src="/graphics/dgLeftTab.gif" width="13" height="21"></td>');
+				writeln('<td bgcolor="#999999" nowrap>'+
+                    '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+				    '<a onclick=javascript:top.reloadTabs("'+
+                    j+'"); href='+
+                    top.tabs[j].link+' target="left"><b>'+
+                    top.tabs[j].whitename+'</b></a></font></td>');
+				writeln('<td><img src="/graphics/dgRightTab2.gif" width="16" height="21"></td>');
+			}
+		}
+
+		writeln('</tr>');
+		writeln('</table></td></tr>');
+        writeln('<tr bgcolor=#CCCCCC><td>&nbsp;<br>&nbsp;</td></tr>');
+		writeln('</tr>');
+		writeln('</table>');
+		close();
+
+	}
+}
+
+
+
+//-->
+</script>
+</head>
+
+<script lang="javascript">
+<!--//
+initMenus();
+initTabs();
+//-->
+</script>
+
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> 
+  <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0">
+  <frameset cols="140,1*" border="0" frameborder="NO"> 
+    <frame src="enrollMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left">
+    <frame src="ManUserEnroll.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content">
+  </frameset>
+  <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html
new file mode 100644
index 000000000..9eabc2262
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/profileMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>profile Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+    if (http != 'true') {
+                top.loadMenu(top.tabs[3].menu);
+        } else {
+                top.loadMenu(top.tabs[1].menu);
+        }
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html
new file mode 100644
index 000000000..ec39a7a01
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Retrieval Menu</title>
+</head>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+
+<script lang=javascript>
+//<!--
+    if (http != 'true') {
+		top.loadMenu(top.tabs[3].menu);
+	} else {
+		top.loadMenu(top.tabs[1].menu);
+	}
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html
new file mode 100644
index 000000000..fa810e748
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Revocation Menu</title>
+</head>
+
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[2].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/index.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/index.html
new file mode 100644
index 000000000..efcc3c67d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/index.html
@@ -0,0 +1,393 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/ca/ee/graphics/favicon.ico" />
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang="javascript" src="../cms-funcs.js"></script>
+<script lang="javascript">
+<!--//
+function doResize() {
+    // used by tabs.html
+    // don't call resize for IE - it sometimes crashes
+    if (navigator.appName == 'Netscape' &&
+        ((navMajorVersion() < 4) ||
+         (typeof(crypto.version) == "undefined"))) {
+        top.reloadTabs(-1);
+    }
+}
+
+function tabItem(name, link, menu, defaultIndex)
+{
+	this.name = name;
+	this.blackname = name.fontcolor('black');
+	this.whitename = name.fontcolor('white');
+	this.link = link;
+	this.menu = menu;
+	this.defaultIndex = defaultIndex;
+	this.currentIndex = defaultIndex;
+}
+
+function initTabs()
+{
+
+	top.tabs = new Array();
+
+	var name;
+    top.tabsCount=0;
+
+	name = 'Enrollment';
+	top.tabs[top.tabsCount++] = new tabItem(name, 'profileMenu.html', 
+								 top.ProfileMenu, 1);
+	if (http != 'true') {
+	  name = 'Revocation';
+	  top.tabs[top.tabsCount++] = new tabItem(name, 'revocationMenu.html',
+								 top.RevocationMenu, 0);
+	}
+
+	name = 'Retrieval';
+	top.tabs[top.tabsCount++] = new tabItem(name, 'retrievalMenu.html',
+								 top.RetrievalMenu, 0);
+
+    top.tabsSelectedIndex = 0;
+
+}
+
+
+function menuItem(name, link, desc)
+{
+	this.name = name;
+	this.link = link;
+	this.seldesc   = desc.fontcolor('blue');  // text when selected
+	this.unseldesc = desc.fontcolor('black');   // text when unselected
+	this.desc = desc;
+}
+
+function initMenus()
+{
+	initProfileMenu();
+	if (http != 'true') {
+	  initRevocationMenu();
+	}
+	initRecoveryMenu();
+	initRetrievalMenu();
+}
+
+function initProfileMenu()
+{
+	top.ProfileMenu = new Array();
+
+	var name = 'profileList';
+	top.ProfileMenu[0] = new menuItem(name, 'profileList',
+						   'List Profiles');
+}
+
+function tableItem(name, items)
+{
+	this.name = name; 
+	this.menuItems = items;
+}
+
+
+// Check if a particular authmanager is enabled.
+// The 'authamanager' array is set in 
+// dynamic javascript in the URL /dynamicVars.js
+
+function isAuthMgrEnabled(name)
+{
+	// handle the case when no auth manager is configured
+        if (typeof(authmanager) == 'undefined') {
+               return false;
+        }
+	for (var k=0; k<authmanager.length; k++) {
+		if (authmanager[k] == name) {
+			return true;
+		}
+	}
+	return false;
+}
+
+function initRevocationMenu()
+{
+	top.RevocationMenu = new Array();
+
+	var name='usercert';
+	top.RevocationMenu[0] = new menuItem(name, 'UserRevocation.html',
+							  'User Certificate');
+	//name='servercert';
+	//top.RevocationMenu[1] = new menuItem(name, 'ServerRevocation.html',
+	//					      'Server Certificate');
+
+    name='othercert';
+    top.RevocationMenu[1] = new menuItem(name, 'ChallengeRevoke1.html',
+                              'Certificate (challenge phrase-based)');
+    name='othercert';	
+    top.RevocationMenu[2] = new menuItem(name, 'CMCRevReq.html',
+                              'CMC Revoke');
+}
+
+function initRecoveryMenu()
+{
+	top.RecoveryMenu = new Array();
+	var name;
+
+	name = 'keyRecovery';
+	top.RecoveryMenu[0] = new menuItem(name, 'KeyRecovery.html',
+							'Key Recovery');
+}
+
+function initRetrievalMenu()
+{
+	top.RetrievalMenu = new Array();
+	var name;
+	var count=0;
+
+	name = 'checkrequest';
+	top.RetrievalMenu[count++] = new menuItem(name, 'checkRequest.html',
+							 'Check Request Status');
+
+  if (subsystemname != 'ra') {
+	name = 'listcerts';
+	top.RetrievalMenu[count++] = new menuItem(name, 'queryBySerial.html',
+							 'List Certificates');
+	name = 'searchcerts';
+	top.RetrievalMenu[count++] = new menuItem(name, 'srchCert.html',
+							 'Search Certificates');
+  }
+	name = 'getcachain';
+	top.RetrievalMenu[count++] = new menuItem(name, 'GetCAChain.html',
+							 'Import CA Certificate Chain');
+
+  if (subsystemname != 'ra') {
+	name = 'reviewcrl';
+	if (clacrlurl != '') {
+		top.RetrievalMenu[count++] = new menuItem(name, clacrlurl,
+					 'Import Certificate Revocation List');
+	} else {
+		top.RetrievalMenu[count++] = new menuItem(name, '/getInfo?template=toDisplayCRL',
+					 'Import Certificate Revocation List');
+	}
+  }
+}
+
+// This method draws the left panel
+
+function loadMenu(menu)
+{
+
+	with (top.left.document) {
+        writeln('<body bgcolor="#cccccc" vlink="#444444" link="#444444" alink="#333399">');
+		writeln('<table border=0 width=130 cellspacing=4 cellpadding=4>');
+		writeln('<tr>');
+		writeln('<td>');
+
+		var selbgcol   = '#cccccc';  // cell's background col when selected
+		var unselbgcol = '#cccccc';  //   ""          ""           unselected
+
+		for (var k=0; k<menu.length; k++) {
+			writeln('<tr>');
+
+			// We check if the link is empty. If it is, this means the
+			// menu item should be rendered as a 'title'. See the
+			// 'Browser' heading in initEnrollMenu as an example
+
+            if (menu[k].link != '') {
+
+    			if (k == top.tabs[top.tabsSelectedIndex].currentIndex) {
+
+					// Draw the current element in 'selected' state
+
+	    			writeln('<td bgcolor="'+selbgcol+'">');
+		    		writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+							'<b>'+
+							'<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+								menu[k].link+
+							' target="cms_content" >'+
+							menu[k].seldesc+'</b></a></font>'
+							);
+			    }
+    			else {
+					// Draw the current element in 'unselected' state
+
+	    			writeln('<td bgcolor="'+unselbgcol+'">');
+		    		writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+							'<b>'+
+							'<a onclick=javascript:top.reloadMenu("'+k+'"); href='+
+								menu[k].link+
+							' target="cms_content" >'+
+							menu[k].unseldesc+'</b></a></font>'
+							);
+
+        		}
+
+          }
+          else {   // nice headers go here (enrollment menu)
+          		writeln('<td bgcolor=white>'+
+						'<font face="PrimaSans BT, Verdana, sans-serif"'+
+						'color=black>'+
+						'<b>'+
+                	menu[k].desc+'</b></font>');
+               }
+
+
+			writeln('</td>');
+			writeln('</tr>');
+		}
+
+		writeln('</table>');
+		writeln('</td>');
+		writeln('</tr>');
+		writeln('</table>');
+		close();
+	}
+
+}
+
+function reloadMenu(item)
+{
+	var curMenu = top.tabs[top.tabsSelectedIndex];
+	curMenu.currentIndex = item;
+	top.cms_content.location = curMenu.menu[item].link;
+	loadMenu(curMenu.menu);
+
+
+}
+
+
+function reloadMenuAndContent()
+{
+	var tab = top.tabs[top.tabsSelectedIndex];
+	tab.currentIndex = 0;
+	top.cms_content.location = tab.menu[tab.currentIndex].link;
+	reloadMenu(tab.currentIndex);
+}
+
+function reloadTabs(tabnum)
+{
+    if (tabnum != -1) {
+        top.tabsSelectedIndex = tabnum;
+    }
+    top.reloadMenuAndContent();
+
+    if (navigator.appName != "Netscape") {
+        top.reloadMenu(top.tabs[tabnum].defaultIndex);
+    }
+
+    if ( navigator.appName == 'Netscape') {
+        top.tabsf.location.reload(false);
+    } else {
+       loadTabs();
+    }
+    if ( navigator.appName != 'Netscape') {
+       loadTabs();
+    }
+}
+
+
+
+function loadTabs()
+{
+	with (top.tabsf.document) {
+        writeln('<body onresize="top.doResize();" bgcolor="#9999cc" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">');
+
+		writeln('<table border=0 width="100%" cellspacing="0" cellpadding="0" bgcolor="#9999CC">');
+		writeln('<tr><td>');
+		writeln('<table border=0 cellspacing=0 cellpadding=0 width="100%" >');
+		writeln('<tr><td>');
+		writeln('<table border=0 cellspacing=12 cellpadding=0 width="100%">');
+		writeln('<tr>');
+		writeln('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Netscape<font color="#cccccc" size="-2">&reg;</font>'+
+            '<b><br>Certificate Management<br> System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>');
+		writeln('<td></td>');
+	if (subsystemname == 'ca') {
+		writeln('<td width=350 align=right><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Certificate Manager</b></font></td>');
+	}
+	else {
+		writeln('<td width=350><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Registration Manager</b></font></td>');
+	}
+		writeln('</tr>');
+		writeln('</table>');
+		writeln('</td></tr>');
+		writeln('</table>');
+
+		writeln('<table border=0 cellspacing="0" cellpadding="0">');
+		writeln('<tr>');
+		writeln('<td><img src="/graphics/spacer.gif" width="12" height="12"></td>');
+
+		var index = top.tabsSelectedIndex;
+		for (var j=0; j < top.tabsCount; j++) {
+			if (j == index) {
+				writeln('<td><img src="/graphics/lgLeftTab.gif" width="13" height="21"></td>');
+				writeln('<td bgcolor="#cccccc" nowrap>'); 
+				writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+                    top.tabs[j].blackname+
+                    '</b></font></td>');
+				writeln('<td><img src="/graphics/lgRightTab2.gif" width="16" height="21">'+
+                '</td>');
+			}
+			else {
+				writeln('<td><img src="/graphics/dgLeftTab.gif" width="13" height="21"></td>');
+				writeln('<td bgcolor="#999999" nowrap>'+
+                    '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+				    '<a onclick=javascript:top.reloadTabs("'+
+                    j+'"); href='+
+                    top.tabs[j].link+' target="left"><b>'+
+                    top.tabs[j].whitename+'</b></a></font></td>');
+				writeln('<td><img src="/graphics/dgRightTab2.gif" width="16" height="21"></td>');
+			}
+		}
+
+		writeln('</tr>');
+		writeln('</table></td></tr>');
+        writeln('<tr bgcolor=#CCCCCC><td>&nbsp;<br>&nbsp;</td></tr>');
+		writeln('</tr>');
+		writeln('</table>');
+		close();
+
+	}
+}
+
+
+
+//-->
+</script>
+</head>
+
+<script lang="javascript">
+<!--//
+initMenus();
+initTabs();
+//-->
+</script>
+
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> 
+  <frame src="tabs.html" name="tabsf" frameborder="NO" NORESIZE scrolling="NO" marginwidth="0" marginheight="0">
+  <frameset cols="140,1*" border="0" frameborder="NO"> 
+    <frame src="profileMenu.html" NORESIZE frameborder="NO" marginwidth="0" marginheight="0" name="left">
+    <frame src="profileList" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="cms_content">
+  </frameset>
+  <frame src="blank.html" name="foot" NORESIZE scrolling="NO" frameborder="NO">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html
new file mode 100644
index 000000000..8f19d91b4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/profileMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>profile Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+<script lang="javascript" src="/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+                top.loadMenu(top.tabs[0].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html
new file mode 100644
index 000000000..faafe343e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Retrieval Menu</title>
+</head>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/dynamicVars.js"></script>
+
+<script lang=javascript>
+//<!--
+    if (http != 'true') {
+		top.loadMenu(top.tabs[2].menu);
+	} else {
+		top.loadMenu(top.tabs[1].menu);
+	}
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html
new file mode 100644
index 000000000..21f5f4397
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+
+<head>
+<title>Revocation Menu</title>
+</head>
+
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[1].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileMenu.html
new file mode 100644
index 000000000..b621c230e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/profileMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>profile Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+<script lang=javascript>
+//<!--
+                top.loadMenu(top.tabs[0].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryBySerial.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryBySerial.html
new file mode 100644
index 000000000..d9e55bddb
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryBySerial.html
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>List Certificates Within a Serial Number Range</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script>
+
+<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script>
+
+<script LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+    var canonicalFrom = "", canonicalTo = "";
+
+    if ( form.serialFrom.value!= "") {
+        canonicalFrom = 
+            trim(form.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isHexNumber(canonicalFrom)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return;
+        }
+        form.serialFrom.value = canonicalFrom;
+    }
+
+    if ( form.serialTo.value!= "") {
+        canonicalTo = 
+            trim(form.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isHexNumber(canonicalTo)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return;
+        }
+        form.serialTo.value = canonicalTo;
+    }
+
+    /* Can't do this using parseInt*/
+    /*
+    if (form.serialFrom.value != "" && form.serialTo.value != "" ) {
+        if (parseInt(form.serialFrom.value) > parseInt(form.serialTo.value)) {
+            alert("The low end of the range is larger than the high end.");
+            return;
+        }
+    }
+    */
+
+    if (!form.skipRevoked.checked && !form.skipNonValid.checked) {
+        form.queryCertFilter.value = "(certStatus=*)";
+    } else if (form.skipRevoked.checked && form.skipNonValid.checked) {
+        form.queryCertFilter.value = "(certStatus=VALID)";
+    } else if (form.skipRevoked.checked) {
+        form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=INVALID)(certStatus=EXPIRED))";
+    } else if (form.skipNonValid.checked) {
+        form.queryCertFilter.value = "(|(certStatus=VALID)(certStatus=REVOKED))";
+    }
+
+    if (form.serialFrom.value == "") {
+        form.querySentinelDown.value = "0";
+    } else {
+        form.querySentinelDown.value = form.serialFrom.value;
+        form.querySentinelUp.value = form.serialFrom.value;
+        form.direction.value = "down";
+    }
+
+    form.op.value = "listCerts";
+    form.submit();
+}
+//-->
+</script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">List Certificates</font>
+<br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to list certificates whose serial numbers fall within a 
+specified range.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<form ACTION="listCerts" METHOD=POST>
+  <input TYPE="HIDDEN" NAME="op" VALUE="">
+  <input TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of serial numbers in hexadecimal form (starting with 0x, as in the certificate list) or in decimal form.
+
+<p>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0>
+  <tr>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      Lowest serial number</font>
+	</td>
+    <td><input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+	  (leave blank for no lower limit)</font>
+	</td>
+  </tr>
+  <tr>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+      Highest serial number</font></font></td>
+    <td><input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+    <td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+	  (leave blank for no upper limit)</font>
+	</td>
+  </tr>
+</table>
+
+<p>
+<input TYPE="CHECKBOX" NAME="skipRevoked">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have been revoked
+</font>
+<br>
+<input TYPE="CHECKBOX" CHECKED NAME="skipNonValid">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Do not show certificates that have expired or are not yet valid</font>
+<br>&nbsp;
+<br>&nbsp;
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/ca/ee/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+	  <input TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+<INPUT TYPE="hidden" NAME="querySentinelDown" VALUE="">
+<INPUT TYPE="hidden" NAME="querySentinelUp" VALUE="">
+      <INPUT TYPE="hidden" NAME="direction" VALUE="begin">
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=10 MAXLENGTH=99 VALUE="20">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+	</td>
+  </tr>
+</table>
+</form>
+</body>
+</html>
+
+
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryCert.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryCert.html
new file mode 100644
index 000000000..1855ffaac
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryCert.html
@@ -0,0 +1,1518 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Search for Certificates</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../cms-funcs.js"></script>
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search.  Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form 
+(starting with 0x, as in the certificate list) or in decimal form.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+    return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        canonicalFrom =
+            trim(document.serialNumberRangeCritForm.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isHexNumber(canonicalFrom)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+    }
+
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        canonicalTo =
+            trim(document.serialNumberRangeCritForm.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isHexNumber(canonicalTo)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+        document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Email address: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Common name: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+User ID: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization unit: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Locality: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+State: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Country: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">
+Exact
+</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">
+Partial
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank. 
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank.  Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function subjectCritInUse()
+{
+    return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+    return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by: 
+</font>
+&nbsp;<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=9>Privilege withdrawn
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function revokedByCritInUse()
+{
+    return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+    if (document.revokedByCritForm.revokedBy.value.length == 0) {
+        alert("User id in 'revoked by' filter is empty");
+    	return null;
+    }
+    return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+    return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.revokedOnFrom)) {
+    	from = convertDate(document.revokedOnFrom, 
+			"Start date for revocation time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certRevokedOn>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.revokedOnTo)) {
+    	to = convertDate(document.revokedOnTo, 
+			"End date for revocation time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certRevokedOn<=" + to + ")";
+    }
+  
+    if (from == null && to == null) {
+        alert("You must enter a date for revocation time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Revocation time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+    return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+    var crit = new Array();
+    var sum = null;
+    var next = 0;
+
+    for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+        if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+            crit[next++] = "(x509cert.certRevoInfo="+i+")";
+        }
+    }
+    sum = nsjoin(crit,"");
+    if (next > 1) {
+        sum = "(|" + sum + ")"
+    } else if (next < 1) {
+        alert("You must select at least one revocation reason.");
+        return null;
+    }
+    return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:
+</font>
+&nbsp;<INPUT TYPE="text" NAME="issuedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function issuedByCritInUse()
+{
+    return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+    if (document.issuedByCritForm.issuedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+    	return null;
+    }
+    return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+    return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.issuedOnFrom)) {
+    	from = convertDate(document.issuedOnFrom, 
+			"Start date for issue time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certCreateTime>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.issuedOnTo)) {
+    	to = convertDate(document.issuedOnTo, 
+			"End date for issue time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certCreateTime<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for issue time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Issue time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period: 
+</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotBeforeCritInUse()
+{
+    return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotBeforeFrom)) {
+    	from = convertDate(document.validNotBeforeFrom, 
+		"Start date for the validity beginning time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotBeforeTo)) {
+    	to = convertDate(document.validNotBeforeTo, 
+		"End date for the validity beginning time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for validity beginning range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Validity beginning time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period: </font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotAfterCritInUse()
+{
+    return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotAfterFrom)) {
+    	from = convertDate(document.validNotAfterFrom, 
+		"Start date for the expiration time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509cert.notAfter>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotAfterTo)) {
+    	to = convertDate(document.validNotAfterTo, 
+		"End date for the expiration time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509cert.notAfter<=" + to + ")";
+    }
+    
+    if (from == null && to == null) {
+        alert("You must enter a date for expiration time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Expiration time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a
+validity period: 
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> 
+<OPTION VALUE="31536000000">Year(s)</OPTION> 
+</SELECT> 
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validityLengthCritInUse()
+{
+    return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+   with(document.validityLengthCritForm) {
+	if(!isNumber(count.value,10)) {
+	       alert("Invalid number specified in validity length criterion");
+	       return null;
+	}
+ 
+    return "(x509cert.duration" + 
+    		validityOp.options[validityOp.selectedIndex].value +
+			(count.value * unit.options[unit.selectedIndex].value) +")";
+    }
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types: 
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function certTypeCritInUse()
+{
+    return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+    var result = '';
+    var count = 0;
+
+    for (var i = 1; i < document.certTypeCritForm.length; i++) {
+        var sel = document.certTypeCritForm[i].selectedIndex;
+        if (sel > 0) {
+            count++;
+            result += '(x509cert.nsExtension.' +
+                      document.certTypeCritForm[i].name + '='+
+                      document.certTypeCritForm[i].options[sel].value + ')';
+        }
+    }
+    if (count == 0) {
+        alert("At least one of the certificate types must be selected");
+        return null;
+    }
+
+    return result;
+}
+//-->
+</SCRIPT>
+
+<br>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+	andFilter[critCount++] = "(certRecordId=*)";
+
+    if (serialNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+            return;
+    }	
+    if (subjectCritInUse()) {
+        if ((andFilter[critCount++] = subjectCrit()) == null)
+            return;
+    }
+
+    if (revokedOnCritInUse()) {
+        if ((andFilter[critCount++] = revokedOnCrit()) == null)
+            return;
+    }
+    if (revokedByCritInUse()) {
+        if ((andFilter[critCount++] = revokedByCrit()) == null)
+            return;
+    }
+    if (revocationReasonCritInUse()) {
+        if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+            return;
+    }
+    if (issuedOnCritInUse()) {
+        if ((andFilter[critCount++] = issuedOnCrit()) == null)
+            return;
+    }
+    if (issuedByCritInUse()) {
+        if ((andFilter[critCount++] = issuedByCrit()) == null)
+            return;
+    }
+    if (validNotBeforeCritInUse()) {
+        if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+            return;
+    }
+    if (validNotAfterCritInUse()) {
+        if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+            return;
+    }
+    if (validityLengthCritInUse()) {
+        if ((andFilter[critCount++] = validityLengthCrit()) == null)
+            return;
+    }
+    if (certTypeCritInUse()) {
+        if ((andFilter[critCount++] = certTypeCrit()) == null)
+            return;
+    }
+
+	// At least one section must be selected
+	if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+	}
+
+    form.queryCertFilter.value = "(&"+nsjoin(andFilter,"")+")";
+
+    form.op.value = "listCerts";
+
+    form.submit();	
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="/listCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/ca/ee/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=4 MAXLENGTH=99 VALUE="5">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+	</td>
+  </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryCert.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryCert.template
new file mode 100644
index 000000000..a6dcf31f3
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/queryCert.template
@@ -0,0 +1,499 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 300px;
+  top: 50px;
+  width: 400px;
+  padding: 3px;
+  border: solid;
+  border-width: 2px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+
+
+table#t td {
+  font-size: 0.8em;
+  padding: 0px;
+  margin: 0px;
+}
+
+.r {
+  visibility: visible;
+  background-color: pink;
+}
+
+
+.h {
+  background-color: #eeeeee;
+  font-color: #606060;
+  font-weight: bold;
+}
+
+</STYLE>
+
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+function revokeCert(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else if (oid == "1.2.840.10040.4.1")
+	   return "DSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = number;
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+            (dateTmp.getHours()<10?" ;":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+		dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+	return "<FORM METHOD=post "+
+"ACTION="+ "/ca/ee/ca/displayBySerial" +">"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+serialNumber +"'>\n"+
+"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n";
+}
+
+function renderRevokeButton(serialNumber)
+{
+	return "<FORM METHOD=post "+
+//"onSubmit='return revokeCert("+serialNumber+");' "+
+"ACTION='"+ "/ee/reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumber +"'>\n"+
+"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumber+"))'>\n"+
+"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+
+"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+
+"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+
+"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+
+"</FORM>\n";
+}
+
+
+function getRevocationReason(revocationReason)
+{
+    var reasons = new Array("Unspecified",
+                            "Key compromised",
+                            "CA key compromised",
+                            "Affiliation changed",
+                            "Certificate superceded",
+                            "Cessation of operation",
+                            "Certificate is on hold",
+                            "Unspecified", // value 7 is not used
+                            "Remove from CRL",
+                            "Privilege withdrawn",
+                            "AA key compromise");
+    if (revocationReason < 0 || revocationReason >= reasons.length)
+        revocationReason = 0;
+    return reasons[revocationReason];
+}
+
+function isRevoked(index)
+{
+  return (recordSet[index].revokedOn != null);
+}
+
+
+
+
+function setNode(table,desc,content,style)
+{
+  var row = table.insertRow(-1);
+  if (style)  {
+    row.className = style;
+  }
+  var cell1 = row.insertCell(-1);
+  var desc_text = document.createTextNode(desc);
+  cell1.appendChild(desc_text); 
+  var cell2 = row.insertCell(-1);
+  var content_text = document.createTextNode(content);
+  cell2.appendChild(content_text);
+}
+
+
+ 
+function mouseover(element,event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var index= element.getAttribute("index");
+  if (index == null) { return false; }
+  var cert = recordSet[index];
+
+  element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+  var v;
+  var e = document.getElementById("certMetaDatadiv");
+
+  var t = document.getElementById("t");
+
+  // delete all the rows in the table
+  var i=0;
+  while (i < t.rows.length) {
+    t.deleteRow(0);
+  }
+
+  setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h");
+  setNode(t,"Version:", cert.version+1);
+  setNode(t,"Certificate Type:",cert.type);
+  setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+
+              " with "+ cert.subjectPublicKeyLength+"-bit key");
+  setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore));
+  setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter));
+  setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn));
+  setNode(t,"Issued By:", cert.issuedBy);
+
+  if (isRevoked(index)) {
+    setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r");
+    setNode(t,"Revoked by:", cert.revokedBy, "r");
+    setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r");
+    assumedheight = 210;
+  } else {
+    assumedheight = 180;
+  }
+
+  e.style.left = x+30 + 'px'; // x-offset of floating div
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px';
+
+  // unhide the window
+  e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+//	window.setTimeout("hide",1);
+  var index= element.getAttribute("index");
+  if (recordSet[index].revokedOn != null) {
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE";
+  } else {
+//     element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE";
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+  }
+        hide();
+}
+
+function hide()
+{
+	document.getElementById("certMetaDatadiv").style.display ="none";
+}
+
+
+// overflow: hidden; white-space: nowrap
+
+function displayCertificateRecord(i, cert)
+{
+	document.write(
+//   "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : " style='background-color: #EEEEEE;' ")+">"+
+   "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+
+     "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+            renderHexNumber(cert.serialNumber,0) +"</font></td>\n"+
+     "<td width=16%>"+
+     (cert.revokedOn != null ?"revoked":"valid")+
+     "</td>\n"+
+     "<td style='overflow: hidden; white-space: nowrap;'>"+
+     "     <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+     "   <div style='overflow: hidden; white-space: nowrap;'>"+
+     " <a index='"+i+"' href='/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x"+
+           cert.serialNumber+"' onmouseover='mouseover(this,event);' "+
+           "onmouseout='mouseout(this);'>"+
+         addEscapes(cert.subject)+"</a></div></font>"+
+     "</td>"+
+     "</tr>\n"
+
+	);
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+	document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n"
+	);
+} else {
+
+	document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif'>Issuer:<br> " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+	);
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+	displayNextForm();
+
+	document.write(
+"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+
+"<tr><td width=18%>&nbsp;</td><td width=16%>&nbsp;</td><td>&nbsp;</td></tr>\n"+
+
+"<tr bgcolor='#e5e5e5' style='font-weight: bold'>"+
+"<td>\n"+
+ "<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+ "Serial number</font></td>\n"+
+
+"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Status</td>\n"+
+
+"<td>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Subject name</font></td>"+
+"</tr>\n");
+
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayCertificateRecord(i, result.recordSet[i]);
+	}
+document.write("</table>\n");
+
+	if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) ||
+        (result.header.querySentinelDown != null)) {
+        document.write("<br>&nbsp;\n" +
+            "<table border='0' cellspacing='0' cellpadding='0' background='/graphics/hr.gif' width='100%'>\n"+
+            "<tr><td>&nbsp;</td></tr></table>\n");
+    }
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+
+	if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+		displayRevokeAllForm(result.header.totalRecordCount);
+		document.write("</td><td>\n");
+	}
+
+//	if (result.header.querySentinel != null) {
+	displayNextForm();
+//	}
+
+	document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+	return 	"<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+function doNext(element)
+{
+	var form = element.form;
+//	form.action = "/"+result.header.op;
+    form.action = "/ca/ee/ca/listCerts";
+	form.op.value = result.header.op;
+
+        form.direction.value= "down";
+                                                                                     
+        if (element.name == "begin") {
+          form.querySentinelDown.value = 0;
+          form.direction.value = "begin";
+        } else if (element.name == "end") {
+          form.querySentinelDown.value = result.header.totalRecordCount - result.header.maxCount+1;
+          form.direction.value = "end";
+        } else if (element.name == "down") {
+          form.querySentinelDown.value = result.header.querySentinelDown;
+          form.querySentinelUp.value = result.header.querySentinelUp;
+          form.direction.value = "down";
+        } else if (element.name == "up") {
+          form.querySentinelUp.value = result.header.querySentinelUp;
+          form.querySentinelDown.value = result.header.querySentinelDown;
+          form.direction.value = "up";
+        }
+                                                                                     
+        form.totalRecordCount.value = result.header.totalRecordCount;
+        if (result.header.revokeAll != null) {
+                form.revokeAll.value = result.header.revokeAll;
+        }
+    if (result.header.queryFilterHash != null) {
+        form.queryFilterHash.value = result.header.queryFilterHash;
+    }
+
+ form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+//"<div align=center> \n"+
+"<FORM NAME ='nextForm' METHOD=POST ACTION=''>\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+	document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+    document.write(renderHidden("queryFilterHash"));
+}
+
+var disabledDown = ((result.header.querySentinelDown == null) ||
+                    (result.fixed.maxCount+1 >= result.header.currentRecordCount)) ? "disabled='true'" : "";
+var disabledUp = (result.header.querySentinelUp != null && result.header.querySentinelUp <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME=begin onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME=up onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+
+result.header.queryCertFilter+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelDown VALUE='"+
+result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinelUp VALUE='"+
+result.header.querySentinelUp+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
+result.header.serialTo+ "'>\n"+
+"<INPUT TYPE=hidden NAME=direction VALUE='"+
+result.header.direction+ "'>\n"+
+"<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.header.maxCount+ "'>\n"+
+
+"<button "+disabledDown+" NAME=down onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME=end onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+
+function doRevokeAll(form)
+{
+//	form.action =  result.header.serviceURL;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.revokeAll.value = result.header.queryCertFilter;
+	form.submit();
+}
+
+function displayRevokeAllForm(recordCount)
+{
+//	document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+
+	document.write("<FORM NAME ='revokeAllForm' "+
+		"METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+
+		"ACTION='"+ "/reasonToRevoke" +"'>\n"+
+		"<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+
+		"<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+
+		"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+
+		"<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+
+		"</FORM>\n");
+//		"</FORM></DIV>\n");
+}
+
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+
+<div id="certMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/reasonToRevoke.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/reasonToRevoke.template
new file mode 100644
index 000000000..6d2edf1ec
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/reasonToRevoke.template
@@ -0,0 +1,470 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<TITLE>Certificate Revocation Confirmation</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function validate()
+{
+    var caCert = -1;
+    var filter = "(|";
+    var n = 0;
+
+    if (!dateIsEmpty(document.forms[0])) {
+        var d = convertDate(document.forms[0], "Invalidity Date");
+        if (d == null) return false;
+        document.forms[0].invalidityDate.value = d;
+    }
+
+    for (var i = 0; i < result.recordSet.length; ++i ) {
+        if (result.recordSet[i].serialNumber != null) {
+            for (var j = 0; j < document.forms[0].length; j++) {
+                if (result.recordSet[i].serialNumber ==
+                    document.forms[0].elements[j].name) {
+                    if (document.forms[0].elements[j].checked) {
+                        n++;
+                        filter += "(certRecordId="+
+                                  result.recordSet[i].serialNumberDecimal+")";
+                        if (result.header.caSerialNumber != null &&
+                            result.recordSet[i].serialNumber ==
+                            result.header.caSerialNumber) {
+                            caCert = result.header.caSerialNumber;
+                        }
+                    }
+                    break;
+                }
+            }
+        }
+    }
+    if (n > 0) {
+        filter += ")";
+        document.forms[0].revokeAll.value = filter;
+    } else {
+        alert("No certificate has been selected.");
+        return false;
+    }
+
+    if (caCert > -1) {
+        return confirm("WARNING!!!\n"+
+                       "You are about to do an irreversible operation.\n"+
+                       "Certificate #"+toHex(caCert)+
+                       " belongs to your Certificate Authority.\n"+
+                       "Do you really want to revoke this certificate?");
+    }
+    return true;
+}
+
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+    sign = "-";
+    number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+    absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + '0' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + '0' + number;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year;
+}
+
+function renderCell(cellData)
+{
+    return ("<td><font size=\"-2\" face=\"PrimaSans BT, Verdana, sans-serif\">"+
+            cellData+ "</font></td>\n");
+}
+
+function renderRow(cell1, cell2)
+{
+    var twoCells = renderCell(cell1) + renderCell(cell2);
+    return ("<tr valign=\"TOP\">\n" + twoCells + "</tr>\n");
+}
+
+function renderRowWithCheckbox(serialNumber, cell1, cell2)
+{
+    var allCells = "<td rowspan=4><input TYPE=\"CHECKBOX\" checked NAME=" +
+                   serialNumber + "></td>\n" +
+                   renderCell(cell1) + renderCell(cell2);
+    return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function renderRowWithoutCheckbox(cell1, cell2)
+{
+    var allCells = "<td rowspan=4>&nbsp;</td>\n" +
+                   renderCell(cell1) + renderCell(cell2);
+    return ("<tr valign=\"TOP\">\n" + allCells + "</tr>\n");
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    return outStr;
+}
+
+function displayCertInfo()
+{
+    document.write("<table border=\"0\" cellspacing=\"2\">");
+    for (var i = 0; i < result.recordSet.length; ++i ) {
+        if (result.recordSet[i].serialNumber != null) {
+            if (result.header.caSerialNumber != null &&
+                result.recordSet[i].serialNumber ==
+                result.header.caSerialNumber) {
+                document.write(renderRowWithoutCheckbox("Serial Number: ",
+                               toHex(result.recordSet[i].serialNumber)));
+            } else {
+                document.write(renderRowWithCheckbox(
+                               result.recordSet[i].serialNumber,
+                               "Serial Number: ",
+                               toHex(result.recordSet[i].serialNumber)));
+            }
+        }
+        if (result.recordSet[i].subject != null) {
+            document.write(renderRow("Subject Name:",
+                                     addSpaces(result.recordSet[i].subject)));
+        }
+        if ((result.recordSet[i].validNotBefore != null) &&
+            (result.recordSet[i].validNotAfter != null)) {
+            validity = 'not before: '+
+                       renderDateFromSecs(result.recordSet[i].validNotBefore) +
+                       '&nbsp;&nbsp;and not after: ' +
+                       renderDateFromSecs(result.recordSet[i].validNotAfter);
+            document.write(renderRow("Valid:", validity));
+        }
+        document.write(renderRow(" ", " "));
+    }
+    document.write("</table>");
+}
+
+function renderReason()
+{
+    var reason = new Array("Unspecified",
+                           "Key compromised",
+                           "CA key compromised",
+                           "Affiliation changed",
+                           "Certificate superceded",
+                           "Cessation of operation",
+                           "Certificate is on hold",
+                           "Unspecified", // value 7 is not used
+                           "Remove from CRL",
+                           "Privilege withdrawn",
+                           "AA key compromise");
+    var activeChoice = new Array(1, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0);
+    document.write("<table border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n");
+    for (var i = 0; i < reason.length; i++) {
+        if (activeChoice[i] > 0) {
+            document.write("<tr><td width=\"1%\">\n");
+            document.write("<input type=\"RADIO\"");
+            if ((result.header.reason != null && result.header.reason == i) ||
+                (i == 0 && result.header.reason == null)) {
+                document.write(" checked");
+            }
+            document.write(" name=\"revocationReason\" value=\""+i+"\">\n");
+            document.write("</td><td width=\"99%\">\n");
+            document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+            document.write(reason[i]+"</font></td></tr>\n");
+        }
+    }
+    document.write("</table>\n");
+}
+//-->
+</SCRIPT>
+</head>
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate Revocation Confirmation</font><br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to confirm certificate revocation by selecting appropriate
+revocation reason and submitting the form.</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr valign="TOP">
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Important:</b></font></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">When making this
+      request you must use the browser environment in which you have access to your authentication certificate and key. </font></td>
+  </tr>
+</table>
+<br><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<b>Certificate Details</b><br>
+The details of the certificate being revoked are below:
+</font>
+
+<form method="post" action="/ca/ee/ca/doRevoke" onSubmit="return validate()">
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+if (result.recordSet.length == 0) {
+    document.write("<font size=\"-1\" face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+                   "No Matching Certificates Found</font><br><br>\n");
+} else {
+    displayCertInfo();
+}
+//-->
+</SCRIPT>
+<br>
+
+  <table border="0" width="100%" cellspacing="2" cellpadding="2">
+    <tr>
+      <td valign="TOP" colspan="2">
+        <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Select Invalidity Date</font></b><br>
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Please select the date on which it is known or suspected that the private key
+        was compromised or that the certificate otherwise became invalid.</font>
+      </td>
+    </tr>
+    <tr>
+      <td valign="TOP" colspan="2">
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Invalidity date:&nbsp;
+        <SELECT NAME="day">
+          <OPTION VALUE=0>
+          <OPTION VALUE=1>1
+          <OPTION VALUE=2>2
+          <OPTION VALUE=3>3
+          <OPTION VALUE=4>4
+          <OPTION VALUE=5>5
+          <OPTION VALUE=6>6
+          <OPTION VALUE=7>7
+          <OPTION VALUE=8>8
+          <OPTION VALUE=9>9
+          <OPTION VALUE=10>10
+          <OPTION VALUE=11>11
+          <OPTION VALUE=12>12
+          <OPTION VALUE=13>13
+          <OPTION VALUE=14>14
+          <OPTION VALUE=15>15
+          <OPTION VALUE=16>16
+          <OPTION VALUE=17>17
+          <OPTION VALUE=18>18
+          <OPTION VALUE=19>19
+          <OPTION VALUE=20>20
+          <OPTION VALUE=21>21
+          <OPTION VALUE=22>22
+          <OPTION VALUE=23>23
+          <OPTION VALUE=24>24
+          <OPTION VALUE=25>25
+          <OPTION VALUE=26>26
+          <OPTION VALUE=27>27
+          <OPTION VALUE=28>28
+          <OPTION VALUE=29>29
+          <OPTION VALUE=30>30
+          <OPTION VALUE=31>31
+        </SELECT>
+        <SELECT NAME="month">
+          <OPTION VALUE=13>
+          <OPTION VALUE=0>January
+          <OPTION VALUE=1>February
+          <OPTION VALUE=2>March
+          <OPTION VALUE=3>April
+          <OPTION VALUE=4>May
+          <OPTION VALUE=5>June
+          <OPTION VALUE=6>July
+          <OPTION VALUE=7>August
+          <OPTION VALUE=8>September
+          <OPTION VALUE=9>October
+          <OPTION VALUE=10>November
+          <OPTION VALUE=11>December
+        </SELECT>
+        <SELECT NAME="year">
+          <OPTION VALUE=0>
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+    var today = new Date();
+    var year = today.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    for (var i = year-7; i < year+5; i++) {
+        document.writeln("<OPTION VALUE="+i+">"+i);
+    }
+//-->
+</SCRIPT>
+        </SELECT>
+        <br>&nbsp;
+        </font>
+      </td>
+    </tr>
+    <tr>
+      <td valign="TOP" colspan="2">
+        <b><font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Select Revocation Reason</font></b><br>
+        <font face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif" size="-1">
+        Please select reason for revocation.</font>
+      </td>
+    </tr>
+    <tr>
+      <td>
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+    renderReason();
+//-->
+</SCRIPT>
+<br>
+      </td>
+    </tr>
+    <tr>
+      <td colspan="2">
+        <font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+        <b>Additional Comments</b><br>
+        If you want to include any additional comments in your revocation request, write them here.
+        </font>
+      </td>
+    </tr>
+    <tr>
+      <td> 
+        <textarea name="csrRequestorComments" rows="6" cols="39" wrap="virtual"></textarea>
+      </td>
+    </tr>
+  </table>
+  <br>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+//var caCert = isOnTheListToBeRevoked(result.header.caSerialNumber);
+var caCert = -1;
+if (caCert > -1) {
+    document.write("<font size=\"-1\" color=\"red\" "+
+                   "face=\"PrimaSans BT, Verdana, Arial, Helvetica, sans-serif\">"+
+                   "<b>WARNING!!!</b><br>"+
+                   "You are about to do an irreversible operation.<br>"+
+                   "Certificate #"+toHex(caCert)+
+                   " belongs to your Certificate Authority.<br>"+
+                   "Do you really want to revoke this certificate?"+
+                   "</font><br>&nbsp;<br>&nbsp;\n");
+}
+
+function isOnTheListToBeRevoked(serialNumber)
+{
+    if (result.recordSet.length > 0 && serialNumber != null) {
+        for (var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].serialNumber != null) {
+                if (result.recordSet[i].serialNumber == serialNumber) {
+                   return serialNumber;
+                }
+            }
+        }
+    }
+    return (-1);
+}
+
+function revokeCert(serialNumber)
+{
+    return confirm("WARNING!!! You are about to do an irreversible operation.\n"+
+                   "Certificate # "+toHex(serialNumber)+
+                   " belongs to your Certificate Authority."+
+                   "Do you really want to revoke this certificate ?");
+}
+//-->
+</SCRIPT>
+
+  <table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%">
+    <tr>
+      <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+        <input type="submit" value="Submit" name="submit" width="72">&nbsp;&nbsp;
+        <input type="hidden" name="op" value="doRevoke">
+        <input type="hidden" name="templateType" value="RevocationSuccess">
+        <input type="reset" value="Reset" name="reset" width="72">&nbsp;&nbsp;
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+        document.writeln("<INPUT TYPE=hidden name=serialNumber value=\"" +
+                         result.header.serialNumber +"\">");
+        document.writeln("<INPUT TYPE=hidden name=revokeAll value=\"" +
+                         result.header.revokeAll +"\">");
+        document.writeln("<INPUT TYPE=hidden name=totalRecordCount value=\"" +
+                         result.header.totalRecordCount +"\">");
+        document.writeln("<INPUT TYPE=hidden name=verifiedRecordCount value=\"" +
+                         result.header.verifiedRecordCount +"\">");
+        document.writeln("<INPUT TYPE=hidden name=invalidityDate value=\"0\">");
+        if (result.header.request != null) {
+            document.writeln("<INPUT TYPE=hidden name=requestId value=\"" +
+                             result.header.request +"\">");
+        }
+        if (result.header.b64eCertificate != null) {
+            document.writeln("<INPUT TYPE=hidden name=b64eCertificate value=\"" +
+                             result.header.b64eCertificate +"\">");
+        }
+        if (typeof(result.header.nonce) != "undefined") {
+            document.writeln("<INPUT TYPE=hidden name=nonce value=\"" +
+                              result.header.nonce +"\">");
+        }
+//-->
+</SCRIPT>
+      </td>
+    </tr>
+  </table>
+  </form>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/recoveryMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/recoveryMenu.html
new file mode 100644
index 000000000..c463d2d3d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/recoveryMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Recovery Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[3].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/remoteAuthConfig.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/remoteAuthConfig.template
new file mode 100644
index 000000000..777c61575
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/remoteAuthConfig.template
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title></title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<CMS_TEMPLATE>
+
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Delegated Administrator
+</font>
+<br>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Directory Enrollment Setup.
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.error != null) {
+    document.writeln('Error: '+result.header.error);
+} else {
+    if (result.header.op != null) {
+        if (result.header.op == "add") {
+            document.write('New');
+            if (result.header.instance != null)
+                document.write(' <b>'+result.header.instance+'</b>');
+            document.write(' instance of the');
+            if (result.header.plugin != null)
+                document.write(' <b>'+result.header.plugin+'</b>');
+            else
+                document.write(' directory enrollment');
+            document.writeln(' plugin has been added.');
+        } else if (result.header.op == "delete") {
+            document.write('Instance');
+            if (result.header.instance != null)
+                document.write(' <b>'+result.header.instance+'</b>');
+            document.writeln(' of the directory enrollment plugin has been deleted.');
+        } else {
+            document.writeln('Unknown operation');
+        }
+    }
+}
+</SCRIPT>
+
+</font>
+
+</BODY>
+</HTML>
+
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/renewalMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/renewalMenu.html
new file mode 100644
index 000000000..ca2956b33
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/renewalMenu.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Renewal Menu</title>
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[1].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/requestStatus.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/requestStatus.template
new file mode 100644
index 000000000..b00e55766
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/requestStatus.template
@@ -0,0 +1,221 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Request Status</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="../helpfun.js"></script>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Request Status
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/ca/ee/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left"><td width="20%"></td><td width="80%"></td></tr>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+"&nbsp;"+
+            (dateTmp.getHours()<10?"&nbsp;":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+            dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = number;
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderPkcs7(pkcs7)
+{
+    var len = pkcs7.length;
+    var str = "";
+    for (var i = 0; i < len; i=i+64){
+	if (i+64 < len)
+	    str = str + pkcs7.substring(i,i+64) +"\n";
+	else
+	    str = str + pkcs7.substring(i,len) ;
+    }
+    return str;
+}
+
+if (result.header.requestId != null) {
+    document.writeln('<tr><td valign="top" align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     'Request:</font></td>');
+    document.writeln('<td valign="top">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     '<a href="checkRequest?requestId='+
+                     result.header.requestId+'"'+ 
+                     'onMouseOver=" return helpstatus(\'Click to redisplay this '+
+                     'request \')" onMouseOut="return helpstatus(\'\')">'+
+                     result.header.requestId + '</a></font></td></tr>');
+
+    document.writeln('<tr><td valign="top" align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     'Submitted on:</font></td>');
+    document.writeln('<td valign="top">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                     renderDateFromSecs(result.header.createdOn) +
+                     '</font></td></tr>');
+
+    document.writeln('<tr><td valign="top" align="right">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+                     'Status:</b></font></td>');
+    document.writeln('<td valign="top">'+
+                     '<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>'+
+                     result.header.status + '</b></font></td></tr>');
+
+    if (result.header.requestNotes != null) {
+        document.writeln('<tr><td valign="top" align="right">'+
+          '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+          'Additional Notes:</font></td>');
+        document.writeln('<td valign="top">'+
+          '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+          result.header.requestNotes+'</font></td></tr>');
+    }
+    if (result.recordSet != null && result.recordSet.length > 0) {
+        document.writeln('<tr>');
+        if (result.recordSet.length > 1) {
+            document.writeln('<td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Issued certificates:</font></td>');
+        } else {
+            document.writeln('<td valign="top" align="right">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             'Issued certificate:</font></td>');
+        }
+
+        if (result.header.authority != null && (result.header.authority == 'ra' ||
+            result.recordSet.length > 1)) {
+            document.write('<td valign="top">'+
+                         '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                         '<a href="displayCertFromRequest?requestId='+
+                         result.header.requestId + '"' +
+                         ' onMouseOver=" return helpstatus(\'Click to display this '+
+                         'certificate \')" onMouseOut="return helpstatus(\'\')">');
+            for (var i = 0; i < result.recordSet.length; i++) {
+                document.write(renderHexNumber(result.recordSet[i].serialNumber,8));
+                if (i+1 < result.recordSet.length) {
+                    document.write(' \& ');
+                }
+            }
+            document.writeln('</a></font></td>');
+        } else if (result.header.authority != null && result.header.authority == 'ca') {
+            if (result.recordSet[0].serialNumber != null) {
+                document.writeln('<td valign="top">'+
+                             '<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'+
+                             '<a href="displayBySerial?serialNumber='+
+                             '0x'+result.recordSet[0].serialNumber + '"' +
+                             ' onMouseOver=" return helpstatus(\'Click to display this '+
+                             'certificate \')" onMouseOut="return helpstatus(\'\')">' +
+                             renderHexNumber(result.recordSet[0].serialNumber,8)+'</a>'+
+                             '</font></td>');
+            } else {
+                document.writeln('<td valign="top" ></td>');
+            }
+        }
+
+        document.writeln('</tr>');
+    }
+}
+//-->
+</SCRIPT>
+</table>
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.pkcs7ChainBase64 != null) {
+
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr>');
+document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<p>');
+document.writeln('Certificate with CA certificate chain in pkcs7 format:');
+document.writeln('</font>');
+document.writeln('<p><pre>');
+document.writeln('-----BEGIN CERTIFICATE-----');
+document.writeln(renderPkcs7(result.header.pkcs7ChainBase64));
+document.writeln('-----END CERTIFICATE-----');
+document.writeln('</pre>');
+document.writeln('</tr>');
+document.writeln('</table>');
+}
+
+if (result.header.cmcFullEnrollmentResponse != null) {
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr>');
+document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('<p>');
+document.writeln('Certificate embedded in CMC full enrollment response:');
+document.writeln('</font>');
+document.writeln('<p><pre>');
+document.writeln('-----BEGIN CERTIFICATE-----');
+document.writeln(result.header.cmcFullEnrollmentResponse);
+document.writeln('-----END CERTIFICATE-----');
+document.writeln('</pre>');
+document.writeln('</tr>');
+document.writeln('</table>');
+}
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/retrievalMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/retrievalMenu.html
new file mode 100644
index 000000000..c7d8d13c8
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/retrievalMenu.html
@@ -0,0 +1,36 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Retrieval Menu</title>
+</head>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script lang="javascript" src="/ca/ee/dynamicVars.js"></script>
+
+<script lang=javascript>
+//<!--
+    if (http != 'true') {
+		top.loadMenu(top.tabs[2].menu);
+	} else {
+		top.loadMenu(top.tabs[1].menu);
+	}
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/revocationMenu.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/revocationMenu.html
new file mode 100644
index 000000000..1b1d19a60
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/revocationMenu.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Revocation Menu</title>
+</head>
+
+
+<script lang=javascript>
+//<!--
+top.loadMenu(top.tabs[1].menu);
+//-->
+</script>
+
+</body>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/revocationResult.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/revocationResult.template
new file mode 100644
index 000000000..ddcc66198
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/revocationResult.template
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + number;
+}
+
+if (result.header.revoked == 'yes') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Certificate Revocation Has Been Completed</font><br><br>');
+    if (result.recordSet.length == 0 && result.header.totalRecordCount > 0) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.write('All requested certificates were already revoked.');
+        document.writeln('</font><br>');
+    } else if (result.recordSet.length == 1) {
+        if (result.recordSet[0].error == null) {
+  	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Certificate with serial number <b>' +
+                             toHex(result.recordSet[0].serialNumber) +
+                             '</b> has been revoked.');
+            document.writeln('</font><br>');
+
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.header.updateCRL && result.header.updateCRL == "yes") {
+                if (result.header.updateCRLSuccess != null &&
+                    result.header.updateCRLSuccess == "yes") {
+                    document.writeln('The Certificate Revocation List has been successfully updated.');
+                } else {
+                    document.writeln('The Certificate Revocation List update Failed');
+                    if (result.header.updateCRLSuccess != null)
+                        document.writeln(' with error '+ result.header.updateCRLError);
+                    else
+                        document.writeln('. No further details provided.');
+                }
+            } else {
+                document.writeln(
+                    'The Certificate Revocation List will be updated '+
+                    'automatically at the next scheduled update.');
+            }
+            document.writeln('</font><br>');
+/*
+            if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+       	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                if (result.header.certsUpdated > 0) {
+                    document.write('Directory has been successfully updated.');
+                } else {
+                    document.write('Directory has not been updated.  See log files for more details.');
+                }
+                document.writeln('</font><br>');
+            }
+*/
+        } else {
+  	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Certificate with serial number <b>' +
+                             toHex(result.recordSet[0].serialNumber) +
+                             '</b> is not revoked.<br><br>');
+            document.writeln('Additional Information:');
+            document.writeln('</font>');
+            document.writeln('<blockquote>');
+  	        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(result.recordSet[0].error);
+            document.writeln('</font>');
+            document.writeln('</blockquote>');
+        }
+    } else if (result.recordSet.length > 1) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.write('The following certificates were processed to complete revocation request:');
+        document.writeln('</font>');
+
+        document.writeln('<blockquote>');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        var revokedCerts = 0;
+        for(var i = 0; i < result.recordSet.length; i++) {
+            if (result.recordSet[i].error == null) {
+                revokedCerts++;
+                document.writeln(toHex(result.recordSet[i].serialNumber) + ' - revoked<BR>\n');
+            } else {
+                document.write(toHex(result.recordSet[i].serialNumber) + ' - failed');
+                if (result.recordSet[i].error != null)
+                    document.write(': ' + result.recordSet[i].error);
+                document.writeln('<BR>\n');
+            }
+        }
+        document.writeln('</font>');
+        document.write('</blockquote>');
+
+        if (revokedCerts > 0 && result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+       	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.header.updateCRL && result.header.updateCRL == "yes") {
+                if (result.header.updateCRLSuccess != null &&
+                    result.header.updateCRLSuccess == "yes") {
+                    document.writeln('The Certificate Revocation List has been successfully updated.');
+                } else {
+                    document.writeln('The Certificate Revocation List update Failed');
+                    if (result.header.updateCRLSuccess != null)
+                        document.writeln(' with error '+
+                                         result.header.updateCRLError);
+                    else
+                        document.writeln('. No further details provided.');
+                }
+            } else {
+                document.writeln(
+                    'The Certificate Revocation List will be updated '+
+                    'automatically at the next scheduled update.');
+            }
+            document.writeln('<br>');
+/*
+            if (result.header.certsUpdated > 0) {
+                if (result.header.certsUpdated == result.header.certsToUpdate) {
+                    document.write('Directory has been successfully updated.');
+                } else {
+                    document.write('Directory has been partially updated.  See log files for more details.');
+                }
+            } else {
+                document.write('Directory has not been updated.  See log files for more details.');
+            }
+*/
+            document.writeln('</font><br>');
+        }
+    }
+} else if (result.header.revoked == 'pending') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Revocation Request Has Been Submitted</font><br><br>');
+} else if (result.header.revoked == 'rejected') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Certificate Revocation Has Been Rejected</font><br><br>');
+    if (result.header.error != null) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+        document.writeln('<blockquote>');
+	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+} else {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Revocation Request Cannot Be Completed</font><br><br>');
+    if (result.header.error != null) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Additional information:</font>');
+        document.writeln('<blockquote>');
+	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/srchCert.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/srchCert.html
new file mode 100644
index 000000000..a1ef5657c
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/srchCert.html
@@ -0,0 +1,1683 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Search for Certificates</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"></script>
+<script LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js"></script>
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Search for Certificates
+</font><br>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Use this form to compose queries based on properties of the certificate.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Each section below filters the search.  Check the box at the top of the
+section if you want to use that filter in your search, then complete the fields.
+Leave a box unchecked to ignore that filter.  You can click more than one box
+to get a combination of search criteria.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Serial Number Range</font></b>
+<FORM NAME="serialNumberRangeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="3">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates that fall within the following range:</font>
+</td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Lowest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Highest serial number:</font></td>
+<td><INPUT TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99></td>
+<td><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)</font></td>
+</tr>
+</table>
+</FORM>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter a range of certificate serial numbers in hexadecimal form 
+(starting with 0x, as in the certificate list) or in decimal form.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function serialNumberRangeCritInUse()
+{
+    if (document.serialNumberRangeCritForm.inUse.checked) {
+      document.queryForm.serialNumberRangeInUse.value = 'on';
+    }
+    document.queryForm.serialFrom.value = document.serialNumberRangeCritForm.serialFrom.value;
+    document.queryForm.serialTo.value = document.serialNumberRangeCritForm.serialTo.value;
+    return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        canonicalFrom =
+            trim(document.serialNumberRangeCritForm.serialFrom.value);
+    }
+
+    if (canonicalFrom != "") {
+        if (!isDecimalNumber(canonicalFrom)) {
+            if (isHexNumber(canonicalFrom)) {
+                canonicalFrom = "0x" +
+                    removeColons(stripPrefix(canonicalFrom));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the low end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalFrom)) {
+            alert("You must specify a positive value for the low " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId>=" + canonicalFrom + ")";
+    }
+
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        canonicalTo =
+            trim(document.serialNumberRangeCritForm.serialTo.value);
+    }
+
+    if (canonicalTo != "") {
+        if (!isDecimalNumber(canonicalTo)) {
+            if (isHexNumber(canonicalTo)) {
+                canonicalTo = "0x" +
+                    removeColons(stripPrefix(canonicalTo));
+            } else {
+                alert("You must specify a decimal or hexadecimal value" + 
+                    "for the high end of the serial number range.");
+                return null;
+            }
+        }
+        if (isNegative(canonicalTo)) {
+            alert("You must specify a positive value for the high " +
+                   "end of the serial number range.");
+            return null;
+        }
+        crit[next++] = "(certRecordId<=" + canonicalTo + ")";
+    }
+
+    /* Can not do this using parseInt */
+    /*
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+        document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+            alert("The low end of the range is larger than the high end.");
+            return null;
+        }
+    }
+    */
+
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subject Name</font></b>
+<FORM NAME="subjectCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a subject name matching the following:
+</font>
+</td>
+</tr>
+
+<tr align="left">
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Email address: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="eMail" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Common name: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="commonName" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+User ID: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="userID" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization unit: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="orgUnit" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Organization: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="org" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Locality: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="locality" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+State: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="state" SIZE=30></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Country: 
+</font></td>
+<td><INPUT TYPE="TEXT" NAME="country" VALUE="" SIZE=2 MAXLENGTH=2></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Match Method:</font>
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" NAME="match" VALUE="exact">
+Exact
+</font>
+</td>
+<tr>
+<td>&nbsp;</td>
+<td align="right">&nbsp;</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<INPUT TYPE="RADIO" CHECKED NAME="match" VALUE="partial">
+Partial
+</font>
+</td>
+</tr>
+</table>
+</FORM>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter values for the fields you want to have in your search criteria.
+Leave other fields blank. 
+<br><br>
+Exact match method finds certificates for subjects whose name consists
+<b>exactly</b> of the components that you have filled in above, and contains
+none of the components you have left blank.  Pattern matching wildcard
+values cannot be used in this search.
+<br><br>
+Partial match method finds certificates for subjects whose name consists
+<b>in part</b> of the components you have specified above, and in addition
+may contain arbitrary values for the other components you have left blank above.
+Pattern matching wildcard values can be used in this search.
+</font>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function subjectCritInUse()
+{
+    if (document.subjectCritForm.inUse.checked) {
+      document.queryForm.subjectInUse.value = 'on';
+    }
+    document.queryForm.eMail.value = document.subjectCritForm.eMail.value;
+    document.queryForm.commonName.value = document.subjectCritForm.commonName.value;
+    document.queryForm.userID.value = document.subjectCritForm.userID.value;
+    document.queryForm.orgUnit.value = document.subjectCritForm.orgUnit.value;
+    document.queryForm.org.value = document.subjectCritForm.org.value;
+    document.queryForm.locality.value = document.subjectCritForm.locality.value;
+    document.queryForm.state.value = document.subjectCritForm.state.value;
+    document.queryForm.country.value = document.subjectCritForm.country.value;
+    if (document.subjectCritForm.match[1].checked) {
+      document.queryForm.match.value = 'partial';
+    } else {
+      document.queryForm.match.value = 'exact';
+    }
+    return document.subjectCritForm.inUse.checked;
+}
+function subjectCrit()
+{
+    return computeNameFilter(document.subjectCritForm);
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Revocation Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr align="left">
+<FORM NAME="revokedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked by: 
+</font>
+&nbsp;<INPUT TYPE="text" NAME="revokedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="revokedOnCritForm">
+<td>
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked during the period:</font>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign="top" align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="revokedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="revocationReasonCritForm">
+<td valign="top" align="left">
+<INPUT TYPE="CHECKBOX" NAME="inUse">
+</td>
+</FORM>
+<td valign="top" align="left">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates revoked from the reason:</font>&nbsp;
+</td>
+<FORM NAME="revocationReasonForm">
+<td valign="top" nowrap>
+<SELECT NAME="revocationReason" size=4 multiple>
+<OPTION VALUE=0>Unspecified
+<OPTION VALUE=1>Key compromised
+<OPTION VALUE=2>CA key compromised
+<OPTION VALUE=3>Affiliation changed
+<OPTION VALUE=4>Certificate superceded
+<OPTION VALUE=5>Cessation of operation
+<OPTION VALUE=6>Certificate is on hold
+<OPTION VALUE=9>Privilege withdrawn
+</SELECT>
+</td>
+</FORM>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function revokedByCritInUse()
+{
+    if (document.revokedByCritForm.inUse.checked) {
+      document.queryForm.revokedByInUse.value = 'on';
+    }
+    document.queryForm.revokedBy.value = document.revokedByCritForm.revokedBy.value;
+    return document.revokedByCritForm.inUse.checked;
+}
+function revokedByCrit()
+{
+    if (document.revokedByCritForm.revokedBy.value.length == 0) {
+        alert("User id in 'revoked by' filter is empty");
+    	return null;
+    }
+    return "(certRevokedBy="+ document.revokedByCritForm.revokedBy.value +")";
+}
+
+function revokedOnCritInUse()
+{
+    if (document.revokedOnCritForm.inUse.checked) {
+      document.queryForm.revokedOnInUse.value = 'on';
+    }
+    d = convertToTime(document.revokedOnFrom);
+    if (d != null) {
+      document.queryForm.revokedOnFrom.value = d;
+    }
+    d = convertToTime(document.revokedOnTo);
+    if (d != null) {
+      document.queryForm.revokedOnTo.value = d;
+    }
+    return document.revokedOnCritForm.inUse.checked;
+}
+function revokedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.revokedOnFrom)) {
+    	from = convertDate(document.revokedOnFrom, 
+			"Start date for revocation time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certRevokedOn>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.revokedOnTo)) {
+    	to = convertDate(document.revokedOnTo, 
+			"End date for revocation time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certRevokedOn<=" + to + ")";
+    }
+  
+    if (from == null && to == null) {
+        alert("You must enter a date for revocation time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Revocation time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+
+function revocationReasonCritInUse()
+{
+    if (document.revocationReasonCritForm.inUse.checked) {
+      document.queryForm.revocationReasonInUse.value = 'on';
+    }
+    var values = new Array();
+    var next = 0;
+    for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+        if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+          values[next++] = i;
+        }
+    }
+    document.queryForm.revocationReason.value = values;
+    return document.revocationReasonCritForm.inUse.checked;
+}
+function revocationReasonCrit()
+{
+    var crit = new Array();
+    var sum = null;
+    var next = 0;
+
+    for (var i = 0; i < document.revocationReasonForm.revocationReason.length; i++) {
+        if (document.revocationReasonForm.revocationReason.options[i].selected == true) {
+            crit[next++] = "(x509cert.certRevoInfo="+i+")";
+        }
+    }
+    sum = nsjoin(crit,"");
+    if (next > 1) {
+        sum = "(|" + sum + ")"
+    } else if (next < 1) {
+        alert("You must select at least one revocation reason.");
+        return null;
+    }
+    return sum;
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Issuing Information</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="issuedByCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued by:
+</font>
+&nbsp;<INPUT TYPE="text" NAME="issuedBy" SIZE=10>
+</td>
+</FORM>
+</tr>
+
+<tr>
+<FORM NAME="issuedOnCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td colspan="2"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates issued during the period:</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="issuedOnTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function issuedByCritInUse()
+{
+    if (document.issuedByCritForm.inUse.checked) {
+      document.queryForm.issuedByInUse.value = 'on';
+    }
+    document.queryForm.issuedBy.value = document.issuedByCritForm.issuedBy.value;
+    return document.issuedByCritForm.inUse.checked;
+}
+function issuedByCrit()
+{
+    if (document.issuedByCritForm.issuedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+    	return null;
+    }
+    return "(certIssuedBy="+ document.issuedByCritForm.issuedBy.value +")";
+}
+
+
+function issuedOnCritInUse()
+{
+    if (document.issuedOnCritForm.inUse.checked) {
+      document.queryForm.issuedOnInUse.value = 'on';
+    }
+    d = convertToTime(document.issuedOnFrom);
+    if (d != null) {
+      document.queryForm.issuedOnFrom.value = d;
+    }
+    d = convertToTime(document.issuedOnTo);
+    if (d != null) {
+      document.queryForm.issuedOnTo.value = d;
+    }
+    return document.issuedOnCritForm.inUse.checked;
+}
+function issuedOnCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.issuedOnFrom)) {
+    	from = convertDate(document.issuedOnFrom, 
+			"Start date for issue time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(certCreateTime>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.issuedOnTo)) {
+    	to = convertDate(document.issuedOnTo, 
+			"End date for issue time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(certCreateTime<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for issue time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Issue time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Dates of Validity</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotBeforeCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates effective during the period: 
+</font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotBeforeTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotBeforeCritInUse()
+{
+    if (document.validNotBeforeCritForm.inUse.checked) {
+      document.queryForm.validNotBeforeInUse.value = 'on';
+    }
+    d = convertToTime(document.validNotBeforeFrom);
+    if (d != null) {
+      document.queryForm.validNotBeforeFrom.value = d;
+    }
+    d = convertToTime(document.validNotBeforeTo);
+    if (d != null) {
+      document.queryForm.validNotBeforeTo.value = d;
+    }
+    return document.validNotBeforeCritForm.inUse.checked;
+}
+
+function validNotBeforeCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotBeforeFrom)) {
+    	from = convertDate(document.validNotBeforeFrom, 
+		"Start date for the validity beginning time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509Cert.notBefore>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotBeforeTo)) {
+    	to = convertDate(document.validNotBeforeTo, 
+		"End date for the validity beginning time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509Cert.notBefore<=" + to + ")";
+    }
+
+    if (from == null && to == null) {
+        alert("You must enter a date for validity beginning range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Validity beginning time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<FORM NAME="validNotAfterCritForm">
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates expired during the period: </font></td>
+</FORM>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Start date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterFrom">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+
+<tr>
+<td>&nbsp;</td>
+<td valign=top align=right>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">End date:</font>
+</td>
+<td valign="top" nowrap>
+<FORM NAME="validNotAfterTo">
+<SELECT NAME="day">
+<OPTION VALUE=0>
+<OPTION VALUE=1>1
+<OPTION VALUE=2>2
+<OPTION VALUE=3>3
+<OPTION VALUE=4>4
+<OPTION VALUE=5>5
+<OPTION VALUE=6>6
+<OPTION VALUE=7>7
+<OPTION VALUE=8>8
+<OPTION VALUE=9>9
+<OPTION VALUE=10>10
+<OPTION VALUE=11>11
+<OPTION VALUE=12>12
+<OPTION VALUE=13>13
+<OPTION VALUE=14>14
+<OPTION VALUE=15>15
+<OPTION VALUE=16>16
+<OPTION VALUE=17>17
+<OPTION VALUE=18>18
+<OPTION VALUE=19>19
+<OPTION VALUE=20>20
+<OPTION VALUE=21>21
+<OPTION VALUE=22>22
+<OPTION VALUE=23>23
+<OPTION VALUE=24>24
+<OPTION VALUE=25>25
+<OPTION VALUE=26>26
+<OPTION VALUE=27>27
+<OPTION VALUE=28>28
+<OPTION VALUE=29>29
+<OPTION VALUE=30>30
+<OPTION VALUE=31>31
+</SELECT>
+<SELECT NAME="month">
+<OPTION VALUE=13>
+<OPTION VALUE=0>January
+<OPTION VALUE=1>February
+<OPTION VALUE=2>March
+<OPTION VALUE=3>April
+<OPTION VALUE=4>May
+<OPTION VALUE=5>June
+<OPTION VALUE=6>July
+<OPTION VALUE=7>August
+<OPTION VALUE=8>September
+<OPTION VALUE=9>October
+<OPTION VALUE=10>November
+<OPTION VALUE=11>December
+</SELECT>
+<SELECT NAME="year">
+<OPTION VALUE=0>
+<OPTION VALUE=1997>1997
+<OPTION VALUE=1998>1998
+<OPTION VALUE=1999>1999
+<OPTION VALUE=2000>2000
+<OPTION VALUE=2001>2001
+<OPTION VALUE=2002>2002
+<OPTION VALUE=2003>2003
+<OPTION VALUE=2004>2004
+<OPTION VALUE=2005>2005
+<OPTION VALUE=2006>2006
+<OPTION VALUE=2007>2007
+<OPTION VALUE=2008>2008
+<OPTION VALUE=2009>2009
+<OPTION VALUE=2010>2010
+<OPTION VALUE=2011>2011
+<OPTION VALUE=2012>2012
+</SELECT>
+</FORM>
+</td>
+</tr>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validNotAfterCritInUse()
+{
+    if (document.validNotAfterCritForm.inUse.checked) {
+      document.queryForm.validNotAfterInUse.value = 'on';
+    }
+    d = convertToTime(document.validNotAfterFrom);
+    if (d != null) {
+      document.queryForm.validNotAfterFrom.value = d;
+    }
+    d = convertToTime(document.validNotAfterTo);
+    if (d != null) {
+      document.queryForm.validNotAfterTo.value = d;
+    }
+    return document.validNotAfterCritForm.inUse.checked;
+}
+
+function validNotAfterCrit()
+{
+    var from = null, to = null;
+    var crit = new Array();
+    var next = 0;
+    if (!dateIsEmpty(document.validNotAfterFrom)) {
+    	from = convertDate(document.validNotAfterFrom, 
+		"Start date for the expiration time range criterion");
+    	if (from == null) return null;
+    	crit[next++] = "(x509cert.notAfter>=" + from + ")";
+    }
+    if (!dateIsEmpty(document.validNotAfterTo)) {
+    	to = convertDate(document.validNotAfterTo, 
+		"End date for the expiration time range criterion");
+    	if (to == null) return null;
+    	to += 86399999;
+    	crit[next++] = "(x509cert.notAfter<=" + to + ")";
+    }
+    
+    if (from == null && to == null) {
+        alert("You must enter a date for expiration time range.");
+        return null;
+    }
+    if (from != null && to != null && from > to) {
+    	alert("Expiration time range specified is empty");
+    	return null;
+    }
+    return nsjoin(crit,"");
+}
+//-->
+</SCRIPT>
+
+<table border="0" cellspacing="2" cellpadding="2">
+<FORM NAME="validityLengthCritForm">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates with a
+validity period: 
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td>
+<SELECT NAME="validityOp">
+<OPTION VALUE="&lt;="> not greater
+<OPTION VALUE="&gt;="> not less
+</SELECT>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">than</font>
+<INPUT NAME="count" TYPE="text" MAXSIZE=2 SIZE=2>
+<SELECT NAME="unit">
+<OPTION VALUE="86400000">Day(s)</OPTION>
+<OPTION VALUE="604800000">Week(s)</OPTION>
+<OPTION SELECTED VALUE="2592000000">Month(s)</OPTION> 
+<OPTION VALUE="31536000000">Year(s)</OPTION> 
+</SELECT> 
+</td></tr>
+</FORM>
+</table>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function validityLengthCritInUse()
+{
+    if (document.validityLengthCritForm.inUse.checked) {
+      document.queryForm.validityLengthInUse.value = 'on';
+    }
+    document.queryForm.validityOp.value = document.validityLengthCritForm.validityOp.value;
+    document.queryForm.count.value = document.validityLengthCritForm.count.value;
+    document.queryForm.unit.value = document.validityLengthCritForm.unit.value;
+    return document.validityLengthCritForm.inUse.checked;
+}
+
+function validityLengthCrit()
+{
+   with(document.validityLengthCritForm) {
+	if(!isNumber(count.value,10)) {
+	       alert("Invalid number specified in validity length criterion");
+	       return null;
+	}
+ 
+    return "(x509cert.duration" + 
+    		validityOp.options[validityOp.selectedIndex].value +
+			(count.value * unit.options[unit.selectedIndex].value) +")";
+    }
+}
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Type</b></font>
+
+<FORM NAME="certTypeCritForm">
+<table border="0" cellspacing="2" cellpadding="2">
+<tr>
+<td><INPUT TYPE="CHECKBOX" NAME="inUse"></td>
+<td align="left" colspan="2">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Show certificates of the following types: 
+</font></td>
+</tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL client:</font>
+</td>
+<td>
+<SELECT NAME="SSLClient">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">SSL server:</font>
+</td>
+<td>
+<SELECT NAME="SSLServer">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Secure email:</font>
+</td><td>
+<SELECT NAME="SecureEmail">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate SSL CA:</font>
+</td><td>
+<SELECT NAME="SubordinateSSLCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+<tr>
+<td>&nbsp;</td>
+<td align="right">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Subordinate email CA:</font>
+</td><td>
+<SELECT NAME="SubordinateEmailCA">
+<OPTION SELECTED VALUE="">Do not care
+<OPTION VALUE="on">On
+<OPTION VALUE="off">Off
+</SELECT>
+</td></tr>
+</table>
+</FORM>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function certTypeCritInUse()
+{
+    if (document.certTypeCritForm.inUse.checked) {
+      document.queryForm.certTypeInUse.value = 'on';
+    }
+    document.queryForm.SSLClient.value = document.certTypeCritForm.SSLClient.value;
+    document.queryForm.SSLServer.value = document.certTypeCritForm.SSLServer.value;
+    document.queryForm.SecureEmail.value = document.certTypeCritForm.SecureEmail.value;
+    document.queryForm.SubordinateSSLCA.value = document.certTypeCritForm.SubordinateSSLCA.value;
+    document.queryForm.SubordinateEmailCA.value = document.certTypeCritForm.SubordinateEmailCA.value;
+    return document.certTypeCritForm.inUse.checked;
+}
+
+function certTypeCrit()
+{
+    var result = '';
+    var count = 0;
+
+    for (var i = 1; i < document.certTypeCritForm.length; i++) {
+        var sel = document.certTypeCritForm[i].selectedIndex;
+        if (sel > 0) {
+            count++;
+            result += '(x509cert.nsExtension.' +
+                      document.certTypeCritForm[i].name + '='+
+                      document.certTypeCritForm[i].options[sel].value + ')';
+        }
+    }
+    if (count == 0) {
+        alert("At least one of the certificate types must be selected");
+        return null;
+    }
+
+    return result;
+}
+//-->
+</SCRIPT>
+
+<br>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    if (serialNumberRangeCritInUse()) {
+        if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+            return;
+    }	
+    if (subjectCritInUse()) {
+        if ((andFilter[critCount++] = subjectCrit()) == null)
+            return;
+    }
+
+    if (revokedOnCritInUse()) {
+        if ((andFilter[critCount++] = revokedOnCrit()) == null)
+            return;
+    }
+    if (revokedByCritInUse()) {
+        if ((andFilter[critCount++] = revokedByCrit()) == null)
+            return;
+    }
+    if (revocationReasonCritInUse()) {
+        if ((andFilter[critCount++] = revocationReasonCrit()) == null)
+            return;
+    }
+    if (issuedOnCritInUse()) {
+        if ((andFilter[critCount++] = issuedOnCrit()) == null)
+            return;
+    }
+    if (issuedByCritInUse()) {
+        if ((andFilter[critCount++] = issuedByCrit()) == null)
+            return;
+    }
+    if (validNotBeforeCritInUse()) {
+        if ((andFilter[critCount++] = validNotBeforeCrit()) == null)
+            return;
+    }
+    if (validNotAfterCritInUse()) {
+        if ((andFilter[critCount++] = validNotAfterCrit()) == null)
+            return;
+    }
+    if (validityLengthCritInUse()) {
+        if ((andFilter[critCount++] = validityLengthCrit()) == null)
+            return;
+    }
+    if (certTypeCritInUse()) {
+        if ((andFilter[critCount++] = certTypeCrit()) == null)
+            return;
+    }
+
+	// At least one section must be selected
+	if (critCount == 0) {
+        alert("You must choose at least one section on this form.");
+        return;
+	}
+
+    var f = nsjoin(andFilter,"");
+    if (f.length == 0) f = "(certRecordId=*)";
+    form.queryCertFilter.value = "(&"+f+")";
+
+    form.op.value = "srchCerts";
+
+    form.submit();	
+}
+//-->
+</SCRIPT>
+
+
+<FORM NAME="queryForm" ACTION="srchCerts" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="queryCertFilter" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialNumberRangeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="serialTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="subjectInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="eMail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="commonName" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="userID" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="orgUnit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="org" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="locality" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="state" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="country" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="match" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revokedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReasonInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="revocationReason" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedByInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedBy" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="issuedOnTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotBeforeTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterFrom" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validNotAfterTo" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityLengthInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="validityOp" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="count" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="unit" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="certTypeInUse" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateEmailCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SubordinateSSLCA" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SecureEmail" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLClient" VALUE="">
+<INPUT TYPE="HIDDEN" NAME="SSLServer" VALUE="">
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Maximum results:</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Time limit (in seconds):</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="timeLimit" VALUE=5 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+</table>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=6 WIDTH="100%" background="/ca/ee/graphics/gray90.gif">
+  <tr>
+    <td ALIGN=RIGHT BGCOLOR="#E5E5E5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick='doSubmit(queryForm)'>&nbsp;&nbsp;
+	</td>
+  </tr>
+</table>
+
+</form>
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/srchCert.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/srchCert.template
new file mode 100644
index 000000000..6381cec87
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/srchCert.template
@@ -0,0 +1,487 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 300px;
+  top: 50px;
+  width: 400px;
+  padding: 3px;
+  border: solid;
+  border-width: 2px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+
+
+table#t td {
+  font-size: 0.8em;
+  padding: 0px;
+  margin: 0px;
+}
+
+.r {
+  visibility: visible;
+  background-color: pink;
+}
+
+
+.h {
+  background-color: #eeeeee;
+  font-color: #606060;
+  font-weight: bold;
+}
+
+</STYLE>
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Search Results
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function revokeCert(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to revoke certificate # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else if (oid == "1.2.840.10040.4.1")
+	   return "DSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = number;
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" "+
+            (dateTmp.getHours()<10?" ":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+            dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function renderDetailsButton(serialNumber)
+{
+	return "<FORM METHOD=post "+
+"ACTION="+ "/displayBySerial" +">"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "displayBySerial" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ "0x"+ serialNumber +"'>\n"+
+"<INPUT TYPE=submit VALUE='Details' width='72'></FORM>\n";
+}
+
+function renderRevokeButton(serialNumber)
+{
+	return "<FORM METHOD=post "+
+//"onSubmit='return revokeCert("+serialNumber+");' "+
+"ACTION='"+ "/reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='op' VALUE='"+ "reasonToRevoke" +"'>\n"+
+"<INPUT TYPE=hidden NAME='serialNumber' VALUE='"+ serialNumber +"'>\n"+
+"<INPUT TYPE=hidden NAME='revokeAll' VALUE='(&(certRecordId="+serialNumber+"))'>\n"+
+"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='1'>\n"+
+"<INPUT TYPE=hidden NAME='commit' VALUE='yes'>"+
+"<INPUT TYPE=hidden NAME='updateCRL' VALUE='yes'>"+
+"<INPUT TYPE=submit VALUE='Revoke' width='72'>"+
+"</FORM>\n";
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    return outStr;
+}
+
+function addEscapes(str)
+{
+    var outStr = str.replace(/</g, "&lt;");
+    outStr = outStr.replace(/>/g, "&gt;");
+    return outStr;
+}
+
+function getRevocationReason(revocationReason)
+{
+    var reasons = new Array("Unspecified",
+                            "Key compromised",
+                            "CA key compromised",
+                            "Affiliation changed",
+                            "Certificate superceded",
+                            "Cessation of operation",
+                            "Certificate is on hold",
+                            "Unspecified", // value 7 is not used
+                            "Remove from CRL",
+                            "Privilege withdrawn",
+                            "AA key compromise");
+    if (revocationReason < 0 || revocationReason >= reasons.length)
+        revocationReason = 0;
+    return reasons[revocationReason];
+}
+ 
+function isRevoked(index)
+{
+  return (recordSet[index].revokedOn != null);
+}
+
+
+
+
+function setNode(table,desc,content,style)
+{
+  var row = table.insertRow(-1);
+  if (style)  {
+    row.className = style;
+  }
+  var cell1 = row.insertCell(-1);
+  var desc_text = document.createTextNode(desc);
+  cell1.appendChild(desc_text); 
+  var cell2 = row.insertCell(-1);
+  var content_text = document.createTextNode(content);
+  cell2.appendChild(content_text);
+}
+
+
+ 
+function mouseover(element,event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var index= element.getAttribute("index");
+  if (index == null) { return false; }
+  var cert = recordSet[index];
+
+  element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+  var v;
+  var e = document.getElementById("certMetaDatadiv");
+
+  var t = document.getElementById("t");
+
+  // delete all the rows in the table
+  var i=0;
+  while (i < t.rows.length) {
+    t.deleteRow(0);
+  }
+
+  setNode(t,"Certificate details for serial #", " 0x" +cert.serialNumber+" ("+cert.serialNumberDecimal+")","h");
+  setNode(t,"Version:", cert.version+1);
+  setNode(t,"Certificate Type:",cert.type);
+  setNode(t,"Key algorithm:",renderOidName(cert.subjectPublicKeyAlgorithm)+
+              " with "+ cert.subjectPublicKeyLength+"-bit key");
+  setNode(t,"Not Valid Before:", renderDateFromSecs(cert.validNotBefore));
+  setNode(t,"Not Valid After:", renderDateFromSecs(cert.validNotAfter));
+  setNode(t,"Issued On:", renderDateFromSecs(cert.issuedOn));
+  setNode(t,"Issued By:", cert.issuedBy);
+
+  if (isRevoked(index)) {
+    setNode(t,"Revoked on:", renderDateFromSecs(cert.revokedOn),"r");
+    setNode(t,"Revoked by:", cert.revokedBy, "r");
+    setNode(t,"Revocation Reason:", getRevocationReason(cert.revocationReason), "r");
+    assumedheight = 210;
+  } else {
+    assumedheight = 180;
+  }
+
+  e.style.left = x+30; // x-offset of floating div
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  e.style.top = y+ offset + window.pageYOffset+document.body.scrollTop + 'px';
+
+  // unhide the window
+  e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+//	window.setTimeout("hide",1);
+  var index= element.getAttribute("index");
+  if (recordSet[index].revokedOn != null) {
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFEEEE";
+  } else {
+//     element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEFFEE";
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+  }
+        hide();
+}
+
+function hide()
+{
+	document.getElementById("certMetaDatadiv").style.display ="none";
+}
+
+function displayCertificateRecord(i, cert)
+{
+	document.write(
+//   "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : " style='background-color: #EEEEEE;' ")+">"+
+   "<tr"+ (cert.revokedOn !=null ? " style='background-color: #FFEEEE;' " : "")+">"+
+     "<td width=18%><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+            renderHexNumber(cert.serialNumber,0) +"</font></td>\n"+
+     "<td width=16%>"+(cert.revokedOn != null ?"revoked":"valid")+"</td>\n"+
+     "<td style='overflow: hidden; white-space: nowrap;'>"+
+     "     <font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+     "   <div style='overflow: hidden; white-space: nowrap;'>"+
+     " <a index='"+i+"' href='/ca/ee/ca/displayBySerial?op=displayBySerial&serialNumber=0x"+
+           cert.serialNumber+"' onmouseover='mouseover(this,event);' "+
+           "onmouseout='mouseout(this);'>"+
+         addEscapes(cert.subject)+"</div></font>"+
+     "</a></td>"+
+     "</tr>\n"
+
+	);
+}
+
+function displaySearchResults()
+{
+if (result.recordSet.length == 0) {
+	document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='+1'>No Matching Certificates Found</font>\n"
+	);
+} else {
+
+	document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif'>Issuer: " +
+(result.header.issuerName != null ? result.header.issuerName : "UNKNOWN") +
+"</font><br>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Total number of records found: "+result.header.totalRecordCount+
+"</font>\n"
+	);
+
+   if (result.header.totalRecordCount == result.header.maxSize) {
+        document.write(
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"(Maximum size reached)"+
+"</font>\n"
+        );
+    }
+
+	document.write(
+"<table border='0' width='100%' cellspacing='2' cellpadding='2'>\n"+
+"<tr><td width=18%>&nbsp;</td><td width=16%>&nbsp;</td><td>&nbsp;</td></tr>\n"+
+"<tr bgcolor='#e5e5e5'><td>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Serial number</font></td>\n"+
+
+"<td><font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Status</td>\n"+
+
+"<td\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"Subject name</font></td></tr>\n");
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayCertificateRecord(i, result.recordSet[i]);
+	}
+document.write("</table>\n");
+
+
+	if ((result.header.revokeAll != null && result.header.totalRecordCount > 1) ||
+        (result.header.querySentinel != null)) {
+        document.write("<br>&nbsp;\n" +
+            "<table border='0' cellspacing='0' cellpadding='0' background='/graphics/hr.gif' width='100%'>\n"+
+            "<tr><td>&nbsp;</td></tr></table>\n");
+    }
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+
+	if (result.header.revokeAll != null && result.header.totalRecordCount > 1) {
+		displayRevokeAllForm(result.header.totalRecordCount);
+		document.write("</td><td>\n");
+	}
+
+	if (result.header.querySentinel != null) {
+		displayNextForm();
+	}
+
+	document.write("</td></tr></table>\n");
+}
+}
+
+function renderHidden(name,value)
+{
+	return 	"<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+function doNext(form)
+{
+//	form.action = "/"+result.header.op;
+    form.action = "listCerts";
+	form.op.value = result.header.op;
+	form.querySentinel.value = result.header.querySentinel;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	if (result.header.revokeAll != null) {
+		form.revokeAll.value = result.header.revokeAll;
+	}
+    if (result.header.queryFilterHash != null) {
+        form.queryFilterHash.value = result.header.queryFilterHash;
+    }
+	// form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+//"<div align=center> \n"+
+"<FORM NAME ='nextForm' METHOD=POST onSubmit='doNext(nextForm);' "+
+"ACTION=''>\n"+
+renderHidden("op"));
+
+if (result.header.revokeAll != null) {
+	document.write(renderHidden("revokeAll"));
+}
+
+if (result.header.queryFilterHash != null) {
+    document.write(renderHidden("queryFilterHash"));
+}
+
+document.write("<INPUT TYPE=submit VALUE='Find' width='72'>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"&nbsp;next</font>\n"+
+"<INPUT TYPE=hidden NAME=totalRecordCount VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE=hidden NAME=queryCertFilter VALUE='"+
+result.header.queryCertFilter+ "'>\n"+
+"<INPUT TYPE=hidden NAME=querySentinel VALUE='"+
+result.header.querySentinel+ "'>\n"+
+"<INPUT TYPE=hidden NAME=serialTo VALUE='"+
+result.header.serialTo+ "'>\n"+
+"<INPUT TYPE=text SIZE=4 MAXLENGTH=3 NAME=maxCount VALUE='"+
+result.header.maxCount+ "'>\n"+
+"<font face='PrimaSans BT, Verdana, sans-serif' size='-1'>\n"+
+"&nbsp;record(s)</font>\n"+
+"</FORM>\n");
+//"</FORM></DIV>\n");
+}
+
+function doRevokeAll(form)
+{
+//	form.action =  result.header.serviceURL;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.revokeAll.value = result.header.queryCertFilter;
+	form.submit();
+}
+
+function displayRevokeAllForm(recordCount)
+{
+//	document.write("<DIV align=center><FORM NAME ='revokeAllForm' "+
+	document.write("<FORM NAME ='revokeAllForm' "+
+		"METHOD=POST onSubmit='doRevokeAll(revokeAllForm);' "+
+		"ACTION='"+ "/reasonToRevoke" +"'>\n"+
+		"<INPUT TYPE=hidden NAME='op' VALUE='reasonToRevoke'>\n"+
+		"<INPUT TYPE=hidden NAME='revokeAll' VALUE=''>\n"+
+		"<INPUT TYPE=hidden NAME='totalRecordCount' VALUE='"+ recordCount +"'>\n"+
+		"<INPUT TYPE=submit VALUE='Revoke ALL "+ recordCount +" Certificates'>\n"+
+		"</FORM>\n");
+//		"</FORM></DIV>\n");
+}
+
+
+displaySearchResults();
+
+//-->
+</SCRIPT>
+
+<div id="certMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td/></tr>
+</table>
+</div>
+
+
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/tabs.html b/dogtag/ca-ui/shared/webapps/ca/ee/ca/tabs.html
new file mode 100644
index 000000000..2cf6ee3be
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/tabs.html
@@ -0,0 +1,35 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>CA End-Entity</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/dynamicVars.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js"> </SCRIPT>
+</head>
+
+<body bgcolor="#4f52b5" onresize="top.doResize();">
+<script lang="javascript">
+<!--//
+top.loadTabs();
+//-->
+</script>
+</body>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/toDisplayCRL.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/toDisplayCRL.template
new file mode 100644
index 000000000..ccc6ffd3e
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/toDisplayCRL.template
@@ -0,0 +1,231 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Review Certificate Revocation List</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/cms-funcs.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript" SRC="/ca/ee/helpfun.js">
+
+</SCRIPT>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function checkSubmit(form)
+{
+    if (typeof(form.crlIssuingPoint) == 'undefined') {
+        alert("CRL issuing points are not available.");
+        return false;
+    }
+    if (form.op[0].checked || form.op[1].checked) {
+        if (form.certSerialNumber.value != "") {
+            form.certSerialNumber.value =
+                trim(form.certSerialNumber.value);
+        }
+        if (form.certSerialNumber.value != "") {
+            if (!isNumber(form.certSerialNumber.value,10)) {
+                if (isNumber(form.certSerialNumber.value,16)) {
+                    canonicalHex = "0x" +
+                        removeColons(stripPrefix(form.certSerialNumber.value));
+                    form.certSerialNumber.value = canonicalHex;
+                } else {
+                    alert("You must enter a valid hexadecimal "+
+                          "or decimal certificate serial number.");
+                    return false;
+                }
+            }
+        } else {
+            alert("You must enter a certificate serial number.");
+            return false;
+        }
+
+        if (isNegative(form.certSerialNumber.value)) {
+            alert("Certificate serial number can only "+
+                  "be represented by positive number.");
+            return false;
+        }
+    }
+    return true;
+}
+//-->
+</SCRIPT>
+</HEAD>
+
+<CMS_TEMPLATE>
+
+
+<body bgcolor="#FFFFFF">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Import Certificate Revocation List
+</font><br>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Use this form to check whether a particular certificate has been revoked or 
+to import the latest Certificate Revocation List. 
+</font>
+
+<table BORDER=0 CELLSPACING=2 CELLPADDING=2 WIDTH="100%" BACKGROUND="/ca/ee/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM action=getCRL method=post onSubmit="return checkSubmit(this)">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Select CRL issuing point</b></font>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+var issuingPoint;
+var i;
+
+if (result.header.crlIssuingPoints != null &&
+    result.header.crlIssuingPoints.length > 0) {
+    issuingPoint = result.header.crlIssuingPoints.split('+');
+} else {
+    issuingPoint = null;
+}
+
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr><td align="right" width="20%">');
+document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+document.writeln('Issuing point:</font></td>');
+document.writeln('<td align="left">');
+if (issuingPoint != null && issuingPoint.length > 0) {
+    document.writeln('<SELECT NAME="crlIssuingPoint">');
+    for (i = 0; i < issuingPoint.length; i++) {
+        document.write('<OPTION VALUE="' + issuingPoint[i] + '"');
+        if (result.header.masterCRLIssuingPoint == issuingPoint[i])
+            document.write(' SELECTED');
+        document.writeln('>' + issuingPoint[i] + '</OPTION>');
+    }
+    document.writeln('</SELECT>');
+} else {
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('not available</font>');
+}
+document.writeln('</td></tr></table>');
+//-->
+</SCRIPT>
+
+<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+<b>Select one of these actions</b></font>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td><input type=RADIO name="op" value="checkCRLcache" checked></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Check whether the following certificate is included in CRL cache</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="checkCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Check whether the following certificate is listed by CRL</font>
+    </td>
+  </tr>
+  <tr>
+    <td></td>
+    <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Certificate serial number:&nbsp;</font>
+      <input type=text size=10 MAXLENGTH=99 name="certSerialNumber" value="">
+    </td>
+  </tr>
+  <tr>
+    <td></td>
+    <td></td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="importCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Import the latest CRL to your browser</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="importDeltaCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Import the latest delta CRL to your browser</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="getCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	  Download the latest CRL in binary form</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="getDeltaCRL"></td>
+    <td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+	  Download the latest delta CRL in binary form</font>
+    </td>
+  </tr>
+  <tr>
+    <td><input type=RADIO name="op" value="displayCRL"></td>
+	<td>
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+      Display the CRL information:</font>&nbsp;&nbsp;
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+        document.writeln('<SELECT NAME="crlDisplayType">');
+        if (result.header.master_host != null && result.header.master_host.length &&
+            result.header.master_port != null && result.header.master_port.length) {
+            document.write('<OPTION VALUE="entireCRL" SELECTED>Entire CRL');
+        } else {
+            document.write('<OPTION VALUE="cachedCRL" SELECTED>Cached CRL');
+            document.write('<OPTION VALUE="entireCRL">Entire CRL');
+        }
+        document.write('<OPTION VALUE="crlHeader">CRL header');
+        document.write('<OPTION VALUE="base64Encoded">Base64 encoded');
+        if (result.header.isDeltaCRLEnabled != null &&
+            result.header.isDeltaCRLEnabled == true) {
+            document.write('<OPTION VALUE="deltaCRL">Delta CRL');
+        }
+        document.writeln('</SELECT>');
+//-->
+</SCRIPT>
+    </td>
+  </tr>
+</table>
+
+<br>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="6" bgcolor="#E5E5E5" background="/ca/ee/graphics/gray90.gif">
+  <tr> 
+    <td ALIGN=RIGHT>
+      <input TYPE="hidden" NAME="pageStart" VALUE="1">
+      <input TYPE="hidden" NAME="pageSize" VALUE="50">
+      <input type="submit" value="Submit" name="submit" width="72">
+    </td>
+  </tr>
+</table>
+
+</FORM>
+
+</body>
+</html>
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/ca/unrevocationResult.template b/dogtag/ca-ui/shared/webapps/ca/ee/ca/unrevocationResult.template
new file mode 100644
index 000000000..b876f6f5f
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/ca/unrevocationResult.template
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE></TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+function toHex1(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + '0x' + absValue;
+}
+
+function toHex(number)
+{
+    return '0x' + number;
+}
+
+if (result.header.unrevoked == 'yes') {
+    var s = (result.header.serialNumber.indexOf(",") > 0)? "s": "";
+    var ve = (result.header.serialNumber.indexOf(",") > 0)? "ve": "s";
+
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('Certificate'+s+' Ha'+ve+' Been Released From Hold</font><br><br>');
+
+
+    if (result.header.error == null) {
+  	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+                         result.header.serialNumber +
+                         '</b> ha'+ve+' been released from hold.');
+        document.writeln('</font><br>');
+
+		document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+		if (result.header.updateCRL && result.header.updateCRL == "yes") {
+			if (result.header.updateCRLSuccess != null && 
+				result.header.updateCRLSuccess == "yes") {
+				document.writeln('The Certificate Revocation List has been successfully updated.');
+			}
+			else {
+				document.writeln('The Certificate Revocation List update Failed');
+				if (result.header.updateCRLSuccess != null) 
+					document.writeln(' with error '+
+						result.header.updateCRLError);
+				else 
+					document.writeln('. No further details provided.');
+			}
+		}
+		else {
+			document.writeln(
+				'The Certificate Revocation List will be updated '+
+				'automatically at the next scheduled update.');
+		}
+		document.writeln('</font><br>');
+/*
+        if (result.header.dirEnabled != null && result.header.dirEnabled == 'yes') {
+       	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.header.dirUpdated == 'yes') {
+                document.write('Directory has been successfully updated.');
+            } else {
+                document.write('Directory has not been updated.  See log files for more details.');
+            }
+            document.writeln('</font><br>');
+        }
+*/
+    } else {
+  	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Certificate'+s+' with serial number'+s+' <b>' +
+                         result.header.serialNumber +
+                         '</b> ha'+ve+' not been released from hold..<br><br>');
+        document.writeln('Additional Information:');
+        document.writeln('</font>');
+        document.writeln('<blockquote>');
+  	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+} else if (result.header.unrevoked == 'pending') {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Unrevocation Request Has Been Submitted</font><br><br>');
+} else {
+    document.write('<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+	document.writeln('Unrevocation Request Cannot Be Completed</font><br><br>');
+    if (result.header.error != null) {
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">Addition information:</font>');
+        document.writeln('<blockquote>');
+	    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln(result.header.error);
+        document.writeln('</font>');
+        document.writeln('</blockquote>');
+    }
+}
+//-->
+</SCRIPT>
+</BODY>
+</HTML>
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/cms-funcs.js b/dogtag/ca-ui/shared/webapps/ca/ee/cms-funcs.js
new file mode 100644
index 000000000..800e4afc9
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/cms-funcs.js
@@ -0,0 +1,703 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+// This file holds definitions of various utility functions
+// used on the EE pages.
+
+// tabs=4
+
+// Before enrolling, we compare the client's clock against
+// a value the server sends (some javascript in the URL at
+// at /dynamicVar.js sets a variable called serverdate to
+// the current time of the server).
+//
+// If the values are different, we alert the user, because
+// they may have problems using the cert if their clock is
+// set to before the validity period of the certificate.
+
+function checkClientTime()
+{
+   var speed;
+   var server_date;
+   var client_date = new Date();
+   var zone = client_date.getTimezoneOffset(); 
+   var timediff = 0;
+
+   var serverutc;
+   var clientutc = client_date.getTime();
+
+   if (serverdate == null) {
+		return;
+   }
+   server_date = new Date(serverdate); 
+   serverutc   = server_date.getTime();
+
+   var offset = clientutc - serverutc;
+   if (offset >0) { 
+      speed = 'fast'; 
+      } else { 
+	  speed = 'slow'; 
+   } 
+   timediff = Math.round(Math.abs(offset/1000/60)); 
+
+    if (timediff > 10) { 
+       msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed  +
+             '\n\nYou may encounter problems using your certificate\n' +
+             'as your clock is set incorrectly.\n\n' +
+             'According to the server, the time is:\n  ' + server_date +
+             '\n\nPlease correct your clock before proceeding with enrollment'+
+             '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+             'If you change your timezone, you may need to restart your browser\n'+
+             'before continuing.';
+             alert(msg);
+             return false;
+       }
+	return true;
+}
+
+
+
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+
+function alertIfDoubleQuotes(element, fieldname)
+{
+    if (doubleQuotes(element.value) == true) {
+	alert('Double quotes are not allowed in the '+fieldname+' field');
+	element.value = '';
+	element.focus();
+	return true;
+    }
+    else {
+	return false;
+    }
+}
+
+function appendToDN(DN, newcomponent)
+{
+    if (DN.value != '') {  DN.value += ', '; }
+
+    DN.value += newcomponent;
+
+}
+
+function formulateDN(form, DN)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        DN.value = '';
+
+	if (form.E != null && E.value != '') {
+	    if (alertIfDoubleQuotes(E,"E-mail")) { return; }
+	    appendToDN(DN,'E='+escapeDNComponent(E.value));
+	}
+	if (form.CN != null && CN.value != '') {
+	    if (alertIfDoubleQuotes(CN,"Common Name")) { return; }
+	    appendToDN(DN,'CN='+escapeDNComponent(CN.value));
+	}
+	if (form.UID != null && UID.value != '') {
+	    if (alertIfDoubleQuotes(UID,"User ID")) { return; }
+	    appendToDN(DN,'UID='+escapeDNComponent(UID.value));
+	}
+	if (form.OU != null && OU.value != '') {
+	    if (alertIfDoubleQuotes(OU,"Organizational Unit")) { return; }
+	    appendToDN(DN,'OU='+escapeDNComponent(OU.value));
+	}
+	if (form.O != null && O.value != '') {
+	    if (alertIfDoubleQuotes(O,"Organization")) { return; }
+	    appendToDN(DN,'O='+escapeDNComponent(O.value));
+	}
+	if (form.L != null && L.value != '') {
+	    if (alertIfDoubleQuotes(L,"Locality")) { return; }
+	    appendToDN(DN,'L='+escapeDNComponent(L.value));
+	}
+	if (form.ST != null && ST.value != '') {
+	    if (alertIfDoubleQuotes(ST,"State")) { return; }
+	    appendToDN(DN,'ST='+escapeDNComponent(ST.value));
+	}
+	if (form.C != null && C.value != '') {
+	    if (alertIfDoubleQuotes(C,"Country")) { return; }
+	    appendToDN(DN,'C='+escapeDNComponent(C.value));
+	}
+    }
+}
+
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a crash in Netscape Navigator <4.6
+    // that is triggered when doing client-auth to a server whose 
+	// SSL-cert (or the signer of it) does not have an O in the DN
+	// There are some other bugs in Nav 3 relating to importing the
+	// CA cert without the OU or O fields.
+
+    if ((form.OU.value == '') && (form.O.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape
+	// Navigator 3.0 and 3.01 that are triggered on formation
+	// of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.CN.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required
+	// for Navigator and Communicator.  The CSR field checks are 
+	// to avoid server side rejection of the submission.  These
+	// checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+
+    with (form) {
+		if (email != null) {
+	   		if (E.value == "" && email.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (CN.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+
+		if (csrRequestorPhone != null && csrRequestorEmail != null) {
+        	if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "")    {
+            	alert("You must supply a contact phone number or e-mail address.");
+            	return false;
+        	}
+        	return true;
+		}
+    }
+}
+
+function isNegative(string) {
+  if (string.charAt(0) == '-')
+     return true;
+  else
+     return false;
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  // skip leading space
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function isDecimalNumber(string)
+{
+	return isNumber(string,10);
+}
+
+function isHexNumber(string)
+{
+	return isNumber(string,16);
+}
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (asPattern) { 
+   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+   }
+   else if (value != "")
+   	list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+    with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+    	makeComponent(result,"E",E.value,asPattern);
+    	makeComponent(result,"CN",CN.value,asPattern);
+    	makeComponent(result,"UID",UID.value,asPattern);
+    	makeComponent(result,"OU",OU.value,asPattern);
+    	makeComponent(result,"O",O.value,asPattern);
+   		makeComponent(result,"L",L.value,asPattern);
+    	makeComponent(result,"ST",ST.value,asPattern);
+		makeComponent(result,"C",C.value,asPattern);
+    }
+    if (result.length == 0)
+    	return asPattern ? "0 == 0" : "0 == 1";
+    else 
+        return "subject" + ( asPattern ? " ~= " : " == ") +
+    				escapeValue(result.join(', '));
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+
+
+//   these functions below were originally in funcs.js
+
+
+
+function trim(string) {
+    var i, k, newString;
+
+    for (i = 0; i < string.length; i++) {
+        if (string.charAt(i) != ' ' )
+            break;
+    }
+    for (k = string.length - 1; k > i; k--) {
+        if (string.charAt(k) != ' ' )
+            break;
+    }
+    k++;
+
+    if (k > i)
+        newString = string.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day) {
+        alert(fieldName + " is invalid");
+        return null;
+     }
+     else 
+     	return date.getTime();
+}
+
+function convertToTime(form)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day) {
+        return null;
+     }
+     else 
+     	return date.getTime();
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' || c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (value != "") {
+    if (asPattern) {
+        list[last] = "(x509Cert.subject=*"+tag+"=*"+
+            escapeValueRfc1779(value)+"*)";
+    } else {
+        // exact match (either the end, or appended with ",")
+        list[last] = "(|(x509Cert.subject=*"+tag+"="+
+            escapeValueRfc1779(value)+",*)"
+            +"(x509Cert.subject=*"+tag+"="+
+            escapeValueRfc1779(value)+"))";
+    }
+   }
+}
+
+
+
+function computeNameFilter(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponentFilter(result,"E",eMail.value,asPattern);
+		makeComponentFilter(result,"CN",commonName.value,asPattern);
+		makeComponentFilter(result,"UID",userID.value,asPattern);
+		makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+		makeComponentFilter(result,"O",org.value,asPattern);
+		makeComponentFilter(result,"L",locality.value,asPattern);
+		makeComponentFilter(result,"ST",state.value,asPattern);
+		makeComponentFilter(result,"C",country.value,asPattern);
+	}
+	if (result.length == 0) {
+		return "(x509Cert.subject=*)";
+	} else  {
+		if (asPattern) {
+        		return "(|" + nsjoin(result,"") + ")";
+		} else {
+        		return "(&" + nsjoin(result,"") + ")";
+		}
+	}
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+
+function isHex(string)
+{
+      if (string.charAt(0) == '0' &&
+      (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+        return true;
+      } else {
+        return false;
+      }
+}
+
+function writeError(errorDetails)
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (errorDetails != null) {
+                document.write(errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+              "further information.");
+}
+
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+  val = "";
+  for (i=0; i<array.length; i++) {
+    val = val + array[i];
+    if (i < (array.length-1)) val = val+str;
+    }
+  return val;
+}
+//-->
+
+
+
+//-->
+
+
+
+
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/alertl.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/alertl.gif
new file mode 100644
index 000000000..453d1b2bd
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/alertl.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/delete.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/delete.gif
new file mode 100644
index 000000000..53a5a3a9b
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/delete.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgLeftTab.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgLeftTab.gif
new file mode 100644
index 000000000..35a76c859
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgLeftTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgRightTab.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgRightTab.gif
new file mode 100644
index 000000000..a519bc759
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgRightTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgRightTab2.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgRightTab2.gif
new file mode 100644
index 000000000..f43ef3a8c
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/dgRightTab2.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/error.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/error.gif
new file mode 100644
index 000000000..ba9c07e17
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/error.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/favicon.ico b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/favicon.ico
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/folder.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/folder.gif
new file mode 100644
index 000000000..fe7796c73
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/folder.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/gray90.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/gray90.gif
new file mode 100644
index 000000000..c6f811102
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/gray90.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/hr.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/hr.gif
new file mode 100644
index 000000000..14f8acf92
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/hr.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgLeftTab.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgLeftTab.gif
new file mode 100644
index 000000000..a78fbc89d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgLeftTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgRightTab.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgRightTab.gif
new file mode 100644
index 000000000..71852402d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgRightTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgRightTab2.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgRightTab2.gif
new file mode 100644
index 000000000..76b2f67f1
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/lgRightTab2.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/listclosed.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/listclosed.gif
new file mode 100644
index 000000000..4907361c6
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/listclosed.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/logo_header.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/logo_header.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/messagel.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/messagel.gif
new file mode 100644
index 000000000..e46c67a09
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/messagel.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/spacer.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/spacer.gif
new file mode 100644
index 000000000..13acffe53
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/spacer.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whLeftTab.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whLeftTab.gif
new file mode 100644
index 000000000..525e6e73d
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whLeftTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whRightTab.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whRightTab.gif
new file mode 100644
index 000000000..f3740ee9b
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whRightTab.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whRightTab2.gif b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whRightTab2.gif
new file mode 100644
index 000000000..81f8daac5
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/graphics/whRightTab2.gif
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/helpfun.js b/dogtag/ca-ui/shared/webapps/ca/ee/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) { 
+
+     var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500"); 
+
+     HelpWin.location = helptopic;
+     HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+     window.status = helpline;
+
+     return true;
+
+}
+
diff --git a/dogtag/ca-ui/shared/webapps/ca/ee/index.html b/dogtag/ca-ui/shared/webapps/ca/ee/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/ee/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/index.html b/dogtag/ca-ui/shared/webapps/ca/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/ca-ui/shared/webapps/ca/services.template b/dogtag/ca-ui/shared/webapps/ca/services.template
new file mode 100644
index 000000000..c3238e7cd
--- /dev/null
+++ b/dogtag/ca-ui/shared/webapps/ca/services.template
@@ -0,0 +1,106 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>CA Services</title>
+    <link rel="shortcut icon" href="img/favicon.ico" />
+    <link rel="stylesheet" href="css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System CA Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+for (var i=0; i<result.recordSet.length; ++i) {
+    document.write('<tr valign="TOP">');
+    document.write('<td>');
+    document.write('<td>');
+    document.write('<font size=4 face="PrimaSans BT, Verdana, sans-serif">');
+    document.write('<li><a href="');
+    document.write(result.recordSet[i].prefix + "://" +
+      result.recordSet[i].host + ":" + result.recordSet[i].port + "/"+
+      result.recordSet[i].uri);
+    if (result.recordSet[i].type == "admin") {
+        document.write('">Admin Services</a></font>');
+    } else if (result.recordSet[i].type == "agent") {
+        document.write('">Agent Services</a></font>');
+    } else if (result.recordSet[i].type == "ee") {
+        document.write('">SSL End Users Services</a></font>');
+    }
+
+    document.write('</font></td></tr>');
+}
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</center>
+<div id="footer">
+</div>
+</body>
+</html>
diff --git a/dogtag/common-ui/CMakeLists.txt b/dogtag/common-ui/CMakeLists.txt
new file mode 100644
index 000000000..c4288e51a
--- /dev/null
+++ b/dogtag/common-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(common-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/common-ui/LICENSE b/dogtag/common-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/common-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/common-ui/build.xml b/dogtag/common-ui/build.xml
new file mode 100644
index 000000000..416754f35
--- /dev/null
+++ b/dogtag/common-ui/build.xml
@@ -0,0 +1,273 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="common-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./shared"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./shared"
+                        mode="644"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/common-ui/build_dogtag b/dogtag/common-ui/build_dogtag
new file mode 100755
index 000000000..194bfbcfc
--- /dev/null
+++ b/dogtag/common-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-common-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="common-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/common-ui/dogtag-pki-common-ui.spec b/dogtag/common-ui/dogtag-pki-common-ui.spec
new file mode 100644
index 000000000..c730f3444
--- /dev/null
+++ b/dogtag/common-ui/dogtag-pki-common-ui.spec
@@ -0,0 +1,62 @@
+Name:           dogtag-pki-common-ui
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - PKI Common Framework User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-common-ui = %{version}.%{release}
+
+Obsoletes:      pki-common-ui < %{version}.%{release}
+
+Conflicts:      null-pki-common-ui
+Conflicts:      redhat-pki-common-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag PKI Common Framework User Interface contains the graphical
+user interface for the Dogtag PKI Common Framework.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="common-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_datadir}/pki/
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
diff --git a/dogtag/common-ui/shared/admin/console/config/adminauthenticatepanel.vm b/dogtag/common-ui/shared/admin/console/config/adminauthenticatepanel.vm
new file mode 100644
index 000000000..7d5aade5f
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/adminauthenticatepanel.vm
@@ -0,0 +1,52 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<p>
+The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem.
+#if ($systemType != "tps")
+<br/>
+If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one.
+#end
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<p>
diff --git a/dogtag/common-ui/shared/admin/console/config/adminpanel.vm b/dogtag/common-ui/shared/admin/console/config/adminpanel.vm
new file mode 100644
index 000000000..5db27e00d
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/adminpanel.vm
@@ -0,0 +1,219 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT ID=Send_OnClick type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    var email = document.forms[0].email.value;
+    var name = document.forms[0].name.value;
+    var o = '$securityDomain';
+    if (name == '') {
+        alert("Name is empty");
+        return;
+    }
+    if (email == '') {
+        alert("Email is empty");
+        return;
+    }
+    var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o;
+    document.forms[0].subject.value = dn;
+    var keyGenAlg = "rsa-dual-use";
+    var keyParams = null;
+    if (document.forms[0].keytype.value == 'ecc') {
+        keyGenAlg = "ec-dual-use";
+        keyParams = "curve=nistp256"
+    }
+
+    if (navigator.appName == "Netscape" &&
+      typeof(crypto.version) != "undefined") {
+
+        crmfObject = crypto.generateCRMFRequest(
+          dn, "regToken", "authenticator", null,
+          "setCRMFRequest();", 2048, keyParams, keyGenAlg);
+    } else {
+        Send_OnClick();
+    }
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+        cert_request.value = crmfObject.request;
+        submit();
+    }
+}
+
+</SCRIPT>
+<SCRIPT type="text/VBS">
+<!--
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Set TheForm = Document.f
+
+
+  ' Contruct the X500 distinguished name
+  szName = "CN=NAME"
+
+  ' IE doesnt like the dn containing the O component
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   Enroll.providerType = 1
+   Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0"
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security'
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection the user would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.cert_request.Value = szCertReq
+  TheForm.cert_request_type.Value = "pkcs10"
+  TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value
+
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+
+-->
+</SCRIPT>
+
+<SCRIPT type="text/VBS">
+<!--
+FindProviders
+
+Function FindProviders
+        Dim i, j
+        Dim providers()
+        i = 0
+        j = 1
+        Dim el
+        Dim temp
+        Dim first
+        Dim TheForm
+        Set TheForm = document.f
+        On Error Resume Next
+        first = 0
+
+        Do While True
+        temp = ""
+        Enroll.providerType = j
+        temp = Enroll.enumProviders(i,0)
+        If Len(temp) = 0 Then
+        If j < 1 Then
+          j = j + 1
+          i = 0
+        Else
+          Exit Do
+        End If
+        Else
+        set el = document.createElement("OPTION")
+        el.text = temp
+        el.value = j
+        If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+          first = j
+        End If
+        TheForm.cryptprovider.add(el)
+        If first = 0  Then
+          first = 1
+          TheForm.cryptprovider.selectedIndex = 0
+        Else
+          TheForm.cryptprovider.selectedIndex = first
+        End If
+        i = i + 1
+        End If
+        Loop
+End Function
+
+-->
+</SCRIPT>
+The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel.
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+    <br/>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>UID:</th>
+        <td><input type=text name=uid value="$admin_uid"></td>
+      </tr>
+      <tr>
+        <th>Name:</th>
+        <td><input size=35 type=text name=name value="$admin_name"></td>
+      </tr>
+      <tr>
+        <th>Email:</th>
+        <td><input size=35 type=text name=email value="$admin_email"></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td>
+      </tr>
+      <tr>
+        <th>Password (Again):</th>
+                                                                              
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td>
+<input type="hidden" name="cert_request" value=""/>
+<input type="hidden" name="display" value=$displayStr />
+<input type="hidden" name="profileId" value="caAdminCert" />
+<input type="hidden" name="cert_request_type" value="crmf" />
+<input type="hidden" name="import" value=$import />
+<input type="hidden" name="uid" value="admin" />
+<input type="hidden" name="securitydomain" value="$securityDomain" />
+<input type="hidden" name="subject" value="cn=x" />
+      </tr>
+      <tr>
+        <th>Key Type:</th>
+        <td><select name="keytype"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td>
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/agentauthenticatepanel.vm b/dogtag/common-ui/shared/admin/console/config/agentauthenticatepanel.vm
new file mode 100644
index 000000000..2124e7a36
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/agentauthenticatepanel.vm
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<br/>
+The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests.
+<br/>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/common-ui/shared/admin/console/config/backupkeycertpanel.vm b/dogtag/common-ui/shared/admin/console/config/backupkeycertpanel.vm
new file mode 100644
index 000000000..471f7e09f
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/backupkeycertpanel.vm
@@ -0,0 +1,57 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Export Keys and Certificates</h2>
+<p>
+To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) as well as the CA certificate chains need to be exported, and later imported into the cloned subsystem. All of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password specified below. This export operation is performed only when the master subsystem's keys and certificates are stored in the software token.
+<p>
+If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to export them.
+<p>
+For cloning, if the keys and certificates are stored in a hardware token, clones should use the same hardware token as that of the Master.
+<p>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+<b><input $dobackup type=radio name=choice value="backupkey">&nbsp;Export subsystem keys and certificates </b>
+<br/>
+    <table class="details">
+      <tr>
+        <th>Password to protect the PKCS #12 file:</th>
+
+        <td><input type="password" size="40" name="__pwd" value="$pwd" autocomplete="off" /></td>
+      </tr>
+      <tr>
+        <th>Password again:</th>
+
+        <td><input type="password" size="40" name="__pwdagain" value="$pwdagain" autocomplete="off"/></td>
+      </tr>
+    </table>
+<br/>
+<b><input $nobackup type=radio name=choice value="nobackupkey">&nbsp;Don't export subsystem keys and certificates </b>
+<br/>
diff --git a/dogtag/common-ui/shared/admin/console/config/certchainpanel.vm b/dogtag/common-ui/shared/admin/console/config/certchainpanel.vm
new file mode 100644
index 000000000..08bcc1331
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/certchainpanel.vm
@@ -0,0 +1,49 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<b>Pretty Print of Certificates on this subsystem.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/certprettyprintpanel.vm b/dogtag/common-ui/shared/admin/console/config/certprettyprintpanel.vm
new file mode 100644
index 000000000..ac8da10ee
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/certprettyprintpanel.vm
@@ -0,0 +1,49 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+The following certificates were installed on this instance.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/certrequestpanel.vm b/dogtag/common-ui/shared/admin/console/config/certrequestpanel.vm
new file mode 100644
index 000000000..3eb5ebdf9
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/certrequestpanel.vm
@@ -0,0 +1,219 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 250px;
+  top: 50px;
+  width: 600px;
+  padding: 3px;
+  border: solid;
+  border-width: 5px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+</style>
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function showcert(element, event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var content = element.getAttribute("content");
+  var content_d = element.getAttribute("content_desc");
+
+  if (content == null) { return false; }
+
+  var n = element.getAttribute("n");
+
+  var editableType = element.getAttribute("editableType");
+  var desc;
+  var d;
+  var c;
+  if (editableType == "cert")
+  {
+    d = document.getElementById(n+"_editCertDiv");
+    c = document.getElementById(n+"_text");
+    desc = document.getElementById(n+"_desc_t");
+  } else if (editableType == "certchain") {
+    d = document.getElementById(n+"_editCertChainDiv");
+    c = document.getElementById(n+"_cc_text");
+    desc = document.getElementById(n+"_cc_desc_t");
+  } else {
+    d = document.getElementById(n+"_showCertDiv");
+    c = document.getElementById(n+"_pre");
+    desc = document.getElementById(n+"_desc_p");
+  }
+
+  if (desc.hasChildNodes())
+  {
+    desc.removeChild(desc.childNodes[0]);
+  }
+  var content_desc = document.createTextNode(content_d);
+  desc.appendChild(content_desc);
+    
+  if (c.hasChildNodes())
+  {
+    c.removeChild(c.childNodes[0]);
+  }
+  var content_text = document.createTextNode(content);
+  c.appendChild(content_text);
+    
+  d.style.left = x+30; // x-offset of floating div
+  assumedheight = 1000;
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  d.style.top = y+ offset +document.body.scrollTop;
+
+  // unhide the window
+  d.style.display ="block";
+
+}
+
+function hide(tag)
+{
+    document.getElementById(tag+"_showCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertChainDiv").style.display ="none";
+}
+
+</SCRIPT>
+A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate.
+<p>
+If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully.
+<p>
+However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation.
+<p>
+Press the [Apply] button after certificates and chains are pasted in.
+<p>
+Press the [Next] button once all certificates have been generated successfully.
+<p>
+#foreach ($item in $reqscerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr>
+  <td width=10%></td>
+  <td width=20%></td>
+  <td width=70%></td>
+</tr>
+
+<tr>
+  <td>&nbsp;</td>
+#if ($item.getCert() == "...paste certificate here...") 
+  <td><font color=red>action required</font><br>
+<img alt="" src="../img/no-certificate.png"/></td>
+#elseif ($item.getCert() == "...certificate be generated internally...")
+<td>
+  <img alt="" src="../img/no-certificate.png"/><br>
+  certificate will be generated internally
+  </td>
+#elseif ($item.getCert() == "")
+  <td>
+<img alt="" src="../img/no-certificate.png"/><br>
+  No Certificate Generated. Please import.<br>
+  </td>
+#else
+  <td>
+<img alt="" src="../img/certificate.png"/><br>
+  Certificate Generated Successfully
+  </td>
+#end
+
+<td>
+
+
+#if ($item.getCert() == "...paste certificate here...") 
+<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p>
+<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p>
+<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p>
+#elseif ($item.getCert() == "...certificate be generated internally...")
+<p>
+#else
+<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p>
+<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p>
+<a content="$item.getEscapedCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p>
+#end
+
+
+</td>
+</tr>
+</table>
+                                                                                
+<div id="$item.getCertTag()_showCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_stable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_p"></td>
+</tr>
+<tr>
+<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertChainDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_cc_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_cc_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td>
+</tr>
+</table>
+</div>
+
+
+#end
+
+    <p>
+
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/config_addhsm.vm b/dogtag/common-ui/shared/admin/console/config/config_addhsm.vm
new file mode 100644
index 000000000..c10f6c18e
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_addhsm.vm
@@ -0,0 +1,96 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/icon-software.gif" />
+  Security Modules</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Registering a New Security Module</H2>
+<form name=configForm action="config_addhsm" method="post">
+<p>
+If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here.
+<table>
+<tr>
+  <td>
+Library Path: <input type=text name="modulePath" value="">
+  </td>
+</tr>
+<tr>
+  <td>
+Module Name: <input type=text name="moduleName" value="">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/config_clone.vm b/dogtag/common-ui/shared/admin/console/config/config_clone.vm
new file mode 100644
index 000000000..521836050
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_clone.vm
@@ -0,0 +1,108 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body>
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/icon-software.gif" />
+  Clone CA</h1>
+
+A cloned subsystem setup provides scalability and high-availability. The connection information of the master CA's internal database is required so that the setup wizard can setup the appropriate replication agreements between the authorities.
+    <p>
+    <form action="config_clone" method="post">
+                                                                                
+<H2>Master Fedora Directory Server Database Info</H2>
+    <table class="details">
+      <tr>
+        <th width=10%>Host:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="host" value="localhost" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Port:</th>
+                                                                                
+        <td><input type="text" length="64" size="40" name="port" value="389" /></td>
+      </tr>       <tr>
+        <th>Bind DN:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="dn" value="cn=directory manager" /></td>
+                                                                                
+      <tr>
+        <th>Bind Password:</th>
+                                                                                
+        <td><input type="password" length="128" size="40" name="__bindpassword" autocomplete="off"/></td>
+      </tr>
+    </table>
+
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: window.close()" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/config_db.vm b/dogtag/common-ui/shared/admin/console/config/config_db.vm
new file mode 100644
index 000000000..b53c5d9ef
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_db.vm
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function donePanel(errorStr, displayS) {
+      if (displayS == "loaded") {
+        if (errorStr == '') {
+            window.close();
+        }
+      }
+    }
+</SCRIPT>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="donePanel('$errorString', '$displayStr')">
+<div id="wrap">
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/icon-software.gif" />
+  Internal Database </h1>
+
+    <form name=configForm action="config_db" method="post">
+    <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Port:</th>
+                                                                                
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+      <tr>
+        <th>Database:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+                                                                                
+        <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+        <td><input type="hidden" name="display" value=$displayStr /></td>
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/config_hsm.vm b/dogtag/common-ui/shared/admin/console/config/config_hsm.vm
new file mode 100644
index 000000000..5aa3ebc7b
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_hsm.vm
@@ -0,0 +1,176 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+#include ( "admin/console/config/topmenu.vm" )
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/rhn-icon-software.gif" />
+  Security Modules </h1>
+
+<form name=configForm action="config_hsm" method="post">
+
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below.
+<p>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+
+  </td>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_hsm value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/config_hsmloginpanel.vm b/dogtag/common-ui/shared/admin/console/config/config_hsmloginpanel.vm
new file mode 100644
index 000000000..147425bae
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_hsmloginpanel.vm
@@ -0,0 +1,79 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+  <h1>
+  Security Modules Login Panel</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<br/>
+<H2>Security Token Login</H2>
+<form name=configHSMLoginForm action="config_hsmlogin" method="post">
+<p>
+The user has chosen to login to the following security module: <b>$SecToken</b>
+<p>
+#if ($status == "alreadyLoggedIn")
+	Token already logged in.
+#elseif ($status == "tokenPasswordNotInitialized")
+	Token password not initialized.
+#elseif ($status == "justLoggedIn")
+	Token logged in successfully.
+#else
+<table>
+<tr>
+  <td>
+Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b>
+  </td>
+</tr>
+<tr>
+  <td>
+Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+#end
+
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+    <p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+
+
diff --git a/dogtag/common-ui/shared/admin/console/config/config_join.vm b/dogtag/common-ui/shared/admin/console/config/config_join.vm
new file mode 100644
index 000000000..e79720a0e
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_join.vm
@@ -0,0 +1,125 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+                                                                                
+                                                                                
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/icon-software.gif" />
+  Join the PKI Network </h1>
+
+To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing.
+    <p>
+    <form action="config_join" method="post" name="f">
+                                                                                
+<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA.
+<p>
+<table width=100%>
+<tr>
+  <td width=50%>Certificate Request to a CA:</td>
+  <td>Certificate Chain From a CA:</td>
+  </td>
+</tr>
+<tr>
+  <td>
+<textarea rows=8 cols=40 name="req">$certreq</textarea>
+  </td>
+  <td>
+<textarea rows=8 cols=40 name="cert">$cert</textarea>
+  </td>
+</tr>
+</table>
+<p>
+<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority
+<br>
+    <table class="details">
+      <tr>
+        <th width=10%>URL:</th>
+        <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>UID:</th>
+        <td><input type="text" length="64" size="40" name="uid" value="agent" /></td>
+      </tr>       
+      <tr>
+        <th>Password:</th>
+        <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td>
+      </tr>       
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit();" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/config_rootca.vm b/dogtag/common-ui/shared/admin/console/config/config_rootca.vm
new file mode 100644
index 000000000..9647cfd32
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/config_rootca.vm
@@ -0,0 +1,113 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+
+
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/icon-software.gif" />
+  Root CA </h1>
+
+A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide.
+    <p>
+
+<form name="f" action="config_rootca" method="post">
+                                                                                
+<H2>CA Certificate Profile</H2>
+
+<p>
+    <table class="details">
+      <tr>
+        <th width=10%>Profile:</th>
+                                                                                
+        <td><select name="profile">
+#foreach ($p in $profiles)
+#if ($p.getID() == $selected_profile_id)
+        <option selected value="$p.getID()">$p.getName()</option>
+#else
+        <option value="$p.getID()">$p.getName()</option>
+#end
+#end
+        </select>
+        </td>
+      </tr>
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit()" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/createsubsystempanel.vm b/dogtag/common-ui/shared/admin/console/config/createsubsystempanel.vm
new file mode 100644
index 000000000..9d3ec86b8
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/createsubsystempanel.vm
@@ -0,0 +1,101 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Subsystem Configuration</h2>
+<p>
+#if ($systemType != "tps")
+This instance can be configured as either a new $systemname subsystem or a clone of an existing $systemname. If the cloning option is chosen, please provide the URL to an existing $systemname instance.
+#else
+This instance can be configured as a new $systemname subsystem.
+#end
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+<b><input $check_newsubsystem type=radio name=choice value="newsubsystem">&nbsp;Configure this Instance as a New $systemname Subsystem </b>
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTP EE URL (unsecure): </th>
+        <td>http://$machineName:$http_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS Agent URL (clientauth): </th>
+        <td>https://$machineName:$https_agent_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS EE URL (non-clientauth): </th>
+        <td>https://$machineName:$https_ee_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS Admin URL (non-clientauth): </th>
+        <td>https://$machineName:$https_admin_port</td>
+      </tr>
+    </table>
+<p>
+#if ($disableClone == "true")
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled">&nbsp;Clone an Existing $systemname Subsystem </b>
+#else
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem">&nbsp;Clone an Existing $systemname Subsystem </b>
+#end
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+#if ($disableClone == "true")
+        <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname Clone 1)</td>
+#else
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname Clone 1)</td>
+#end
+      </tr>
+      <tr>
+        <th>Subsystem URL: </th>
+#if ($disableClone == "true")
+        <td><select name="urls" disabled="disabled">
+#else
+        <td><select name="urls">
+#end
+           #if ($urls.size() > 0) 
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #else
+               <option selected value="none">NONE</option>
+           #end
+        </select>
+        </td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/common-ui/shared/admin/console/config/databasepanel.vm b/dogtag/common-ui/shared/admin/console/config/databasepanel.vm
new file mode 100644
index 000000000..95086808b
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/databasepanel.vm
@@ -0,0 +1,132 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Please provide information to an existing Fedora Directory Server that can be used as the internal database for this instance. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<p>
+Each instance needs access to a Fedora Directory Server instance to store requests and records. Each PKI instance may create its own associated internal database, or may share an existing internal database. To share an existing internal database instance, a PKI instance would only need to establish a unique distinguished name (DN) using the field entitled <b>Base DN</b> and a unique database name using the field entitled <b>Database</b>. 
+#if ($clone == "clone")
+<p>
+<p>
+Replication agreements between the master and clone database instances may be customized.  If no master and replication ports are provided, then replication will occur on the same ports used by the Certificate Sever instances to communicate with the directory server.  If these ports are LDAPS ports, then the replication traffic will be SSL encrypted.  It is still possible to require the replication traffic to be SSL encrypted on the non-SSL port by selecting TLS for Replication Security.  In order for this operation to be successful though, the database instances must be SSL enabled before continuing beyond this panel.
+#end
+</div>
+<p>
+<i>Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used.</i>
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>                                                                            
+
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+        <td><input type="text" size="40" name="host" value="$hostname" /></td>
+      </tr>
+            
+      <tr>
+        <th>Port:</th>
+                                
+        <td><input type="text" size="40" name="port" value="$portStr" />  
+            <input type="CHECKBOX" NAME="secureConn">SSL
+        </td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+#if ($clone == "clone")
+        <td><input type="text" size="40" name="basedn" value="$basedn" readonly/></td>
+#else 
+        <td><input type="text" size="40" name="basedn" value="$basedn" /></td>
+#end
+      </tr>
+      <tr>
+        <th>Database:</th>
+
+        <td><input type="text" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+
+        <td><input type="password" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+    </table>
+    <input type="hidden" name="display" value=$displayStr />
+    <input type="CHECKBOX" NAME="removeData">Remove the existing data from the <b>Base DN</b> shown above.<p>
+
+#if ($clone == "clone")
+
+    #set ($check_none="")
+    #set ($check_tls="")
+    #set ($check_ssl="")
+    #if ($replicationSecurity == "TLS") #set ($check_tls="CHECKED")
+    #elseif ($replicationSecurity == "SSL") #set ($check_ssl="CHECKED")
+    #else #set ($check_none="CHECKED") #end
+
+    <table class="details" >
+      <tr><th>Replication Details</th></tr>
+      <tr>
+        <th>Master Replication Port:</th>
+        <td><input type="text" size="40" name="masterReplicationPort" value="$masterReplicationPort" /></td>
+      </tr>
+
+      <tr>
+        <th>Clone Replication Port:</th>
+        <td><input type="text" size="40" name="cloneReplicationPort" value="$cloneReplicationPort" /></td>
+      </tr>
+
+      <tr>
+        <th>Replication Security:</th>
+        <td>
+            <input type="radio" name="replicationSecurity" value="None" $check_none />None</input>
+            <input type="radio" name="replicationSecurity" value="TLS"  $check_tls  />TLS</input>
+            <input type="radio" name="replicationSecurity" value="SSL"  $check_ssl  />SSL</input>
+        </td>
+      </tr>
+      <p>
+#end
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/displaycertchainpanel.vm b/dogtag/common-ui/shared/admin/console/config/displaycertchainpanel.vm
new file mode 100644
index 000000000..73348189d
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/displaycertchainpanel.vm
@@ -0,0 +1,49 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>$panelname</h2>
+<br/>
+A certificate chain is a list of all certificates chained up to the root.
+<br/>
+If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance.
+<br/>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<p>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+
+#if ($certchain.size() > 0)
+#foreach ($p in $certchain)
+<pre>
+$p
+</pre>
+<br/>
+#end
+#end
diff --git a/dogtag/common-ui/shared/admin/console/config/donepanel.vm b/dogtag/common-ui/shared/admin/console/config/donepanel.vm
new file mode 100644
index 000000000..062025825
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/donepanel.vm
@@ -0,0 +1,64 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<input type="hidden" name="host" value=$host />
+<input type="hidden" name="port" value=$port />
+<input type="hidden" name="systemType" value=$systemType />
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+#if ($systemType.equals("tks"))
+As 'root', restart the server on the command line by typing the following command:
+<br>
+$initCommand restart $instanceId
+<br>
+After performing this restart, the server should become operational. 
+#else
+#if ($externalCA.equals("true") && $systemType.equals("kra"))
+As 'root', restart the server on the command line by typing the following command:
+<br>
+$initCommand restart $instanceId
+<br>
+Startup the administration console to add the peer CA to the Trusted Manager's Group. Make sure to add the transport certificate and connector information to the peer CA. After performing this restart, the server should become operational.
+#else
+As 'root', restart the server on the command line by typing the following command:
+<br>
+$initCommand restart $instanceId
+<br>
+After performing this restart, the server should become operational.
+<br/>
+Please go to the <A href="https://$host:$port/$systemType/services"><b>services page</b></A> to access all of the available interfaces.
+<br/>
+#end
+#end
+<br/>
+To create additional instances, type "/usr/bin/pkicreate" on the command line.
+<br>
+#if ($systemType != "tps")
+To start the administration console, type "/usr/bin/pkiconsole" on the command line.
+#end
diff --git a/dogtag/common-ui/shared/admin/console/config/footer.vm b/dogtag/common-ui/shared/admin/console/config/footer.vm
new file mode 100644
index 000000000..a596e45b1
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/footer.vm
@@ -0,0 +1,19 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+  <div id="footer">
+  </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/header.vm b/dogtag/common-ui/shared/admin/console/config/header.vm
new file mode 100644
index 000000000..7966ba745
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/header.vm
@@ -0,0 +1,25 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="../img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+    </div>
+</div>
diff --git a/dogtag/common-ui/shared/admin/console/config/hierarchypanel.vm b/dogtag/common-ui/shared/admin/console/config/hierarchypanel.vm
new file mode 100644
index 000000000..64b77a8bd
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/hierarchypanel.vm
@@ -0,0 +1,56 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+  setURL();
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>PKI Hierarchy</h2>
+<p>
+This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA.
+</div>
+
+<p>
+<b><input $check_root type=radio name=choice value="root">&nbsp;Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="../img/rootca.gif"></b>
+<p>
+<b><input $check_join type=radio name=choice value="join">&nbsp;Make this a subordinate CA of another CA. <img alt="" src="../img/sub.gif"></b>
+
+<p>
diff --git a/dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm b/dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm
new file mode 100644
index 000000000..9eea5d277
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/importadmincertpanel.vm
@@ -0,0 +1,66 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<font color="red">$info</font>
+<p>
+    <p>
+                                                                                
+    <table class="details">
+      <tr>
+<SCRIPT LANGUAGE="JavaScript">
+#if ($ca == 'true' && $import == 'true')
+if (navigator.appName == "Netscape") {
+document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>');
+} else {
+document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>');
+}
+#else
+#if ($import == 'true')
+if (navigator.appName == "Netscape") {
+document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=netscape"></iframe>');
+} else {
+document.writeln('<iframe scrolling=yes frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true&browser=ie"></iframe>');
+}
+#end
+#end
+</SCRIPT>
+<input type="hidden" name="serialNumber" value=$serialNumber />
+<input type="hidden" name="caHost" value=$caHost />
+<input type="hidden" name="caPort" value=$caPort />
+<input type="hidden" name="pkcs7" value=$pkcs7 />
+
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/importcachainpanel.vm b/dogtag/common-ui/shared/admin/console/config/importcachainpanel.vm
new file mode 100755
index 000000000..f0774c5ee
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/importcachainpanel.vm
@@ -0,0 +1,65 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+     with (document.forms[0]) {
+         submit();
+     }
+}
+
+</SCRIPT>
+The CA's certificate chain needs to be imported into your browser.  Also, you must trust the CA. Once this is done, click Next.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <p>
+                                                                                
+    <table class="details">
+      <tr>
+<SCRIPT LANGUAGE="JavaScript">
+
+function importCAChain()
+{
+    var importcachain = document.getElementById("importcachain");
+
+    if(!importcachain)
+        return;
+
+    alert("You will now be asked to import and trust the Certificate Chain from the CA. Please do so.");
+
+    importcachain.src="http://$machineName:$http_port/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert";
+}
+
+#if ($ca == 'true' && $import == 'true')
+document.writeln('<iframe scrolling=yes id="importcachain" frameborder=0 height=0 width=0></iframe>');
+window.setTimeout(importCAChain,700);
+#end
+
+</SCRIPT>
+
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/login.vm b/dogtag/common-ui/shared/admin/console/config/login.vm
new file mode 100644
index 000000000..98a7c5bf5
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/login.vm
@@ -0,0 +1,113 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body><div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+#include ( "admin/console/config/topmenu.vm" )
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+  -
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+         
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/icon-software.gif" />
+  Login</h1>
+
+A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue.
+
+    <p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <p>
+    <form name="f" action="login" method="post">
+                                                                                
+    <table class="details">
+      <tr>
+        <th>PIN:</th>
+        <td><input type=password name="pin"></td>
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+<td align=right>
+<input type=button onclick="javascript: document.f.submit();" name=login value="Login">
+</td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+#include ( "admin/console/config/footer.vm" )
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/modulepanel.vm b/dogtag/common-ui/shared/admin/console/config/modulepanel.vm
new file mode 100644
index 000000000..f0952ecbe
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/modulepanel.vm
@@ -0,0 +1,162 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<br/>
+Key pairs for this instance will be generated and stored on a device called a security module.
+<br/>
+A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>.
+<br/>
+<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included.
+<br/>
+Before any security module solution can be used, a user must first always be authenticated to this security module via a token.  To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software.
+<br/>
+Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot.  For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication.
+<br/>
+Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue.
+</div>
+<br/>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isPresent() && $token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+   #if ($token.isPresent() && $token.isLoggedIn())
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+   #end
+  </td>
+  <td>
+	#if ($token.isPresent() && !$token.isLoggedIn())
+<a href="wizard?p=$subpanelno&amp;SecToken=$token.getNickName()">Login</a>
+	#end
+</td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isPresent() && $token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td>
+	#if ($token.isPresent() && !$token.isLoggedIn())
+<a href="wizard?p=$subpanelno&amp;SecToken=$token.getNickName()">Login</a>
+	#end
+</td>
+</tr>
+#end
+#end
+
+</table>
+
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/namepanel.vm b/dogtag/common-ui/shared/admin/console/config/namepanel.vm
new file mode 100644
index 000000000..ef5c564e6
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/namepanel.vm
@@ -0,0 +1,105 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names.  Each certificate will be stored in the security module using a unique nickname.<a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<br/>
+Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields. 
+<br/>
+</div>
+
+    <p>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#foreach ($item in $certs)
+<H2>$item.getUserFriendlyName()</H2>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>DN:</th>
+#if ($item.isEnable())
+        <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getEscapedDN()"/></td>
+#else
+        <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getEscapedDN()" disabled="disabled" /></td>
+#end
+      </tr>
+      <tr> 
+       <th>Nickname:</th>
+#if ($item.isEnable())
+        <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td>
+#else
+        <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()" disabled="disabled" /></td>
+#end
+      </tr>
+    </table>
+<br/>
+#end
+<br/>
+<hr>
+<p>
+A Certificate Authority (CA) is responsible for issuing different kinds of certificates.  To obtain the certificates required internally by this subsystem, the user must select a URL to a CA that has been registered in the security domain or to an "External CA".
+<p>
+<i>Note:  An "External CA" is defined to be a CA that is not part of the 'Security Domain'.  Verisign<sup>&reg;</sup>, GeoTrust<sup>&reg;</sup>, and Netscape<sup>&reg;</sup> Certificate Management System (CMS) 6.x are examples of "External CAs".</i>
+<br/>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+#if ($isRoot == "true")
+        <td><select name="urls" disabled="disabled">
+#else
+        <td><select name="urls">
+#end
+           #if ($urls.size() > 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+
+   <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm b/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm
new file mode 100644
index 000000000..8ef78bf36
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/restorekeycertpanel.vm
@@ -0,0 +1,54 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Import Keys and Certificates</h2>
+<br/>
+To setup a cloned subsystem, the master subsystem's keys and certificates (with the exception of the SSL server key and certificate) need to be imported.  For a software token, all of these keys and certificates are stored in a single file in the PKCS #12 format which is protected by the password provided during the creation of this file.  To import this PKCS #12 file, first copy the PKCS #12 file to the alias directory for the cloned subsystem.  Then enter an appropriate filename and password in the form specified below.
+<p>
+If these keys and certificates are stored in a hardware token, the hardware token vendor needs to be consulted for information on how to import them.
+<p>
+For keys and certificates stored in an external software token, please refer to the Dogtag documentation for instructions. 
+<p>
+By default, if the path is left blank, no PKCS #12 file will be imported.
+<br/>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>PKCS #12 filename:</th>
+
+        <td><input type="text" size="40" name="path" value="$path"/></td>
+      </tr>
+      <tr>
+        <th>PKCS #12 Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/common-ui/shared/admin/console/config/savepkcs12panel.vm b/dogtag/common-ui/shared/admin/console/config/savepkcs12panel.vm
new file mode 100644
index 000000000..de7d86467
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/savepkcs12panel.vm
@@ -0,0 +1,40 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Save Keys and Certificates</h2>
+<br/>
+This Subsystem is attempting to return the keys and certificates in a PKCS #12 format.
+<p>
+A popup dialog box from the browser should appear, prompting the user to save these keys and certificates to a PKCS #12 file located on the local filesystem.  Follow the instructions within this dialog to save this PKCS #12 file to a safe location.
+<br/>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+<iframe scrolling=no frameborder=0 height=0 width=0 src="/$subsystemtype/admin/console/config/savepkcs12"></iframe>
+<br/>
diff --git a/dogtag/common-ui/shared/admin/console/config/securitydomainloginpanel.vm b/dogtag/common-ui/shared/admin/console/config/securitydomainloginpanel.vm
new file mode 100644
index 000000000..d3c5e901b
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/securitydomainloginpanel.vm
@@ -0,0 +1,109 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/ca/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/ca/css/pki-base.css" type="text/css" />
+<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+  </head>
+
+
+<div id="wrap">
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/ca/admin/console/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/ca/admin/console/img/icon-software.gif" />
+  Security Domain ($name) Login </h1>
+
+    <form name=sdForm action="getCookie" method="post">
+    <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p>
+#if ($errorString != "")
+<img src="/ca/admin/console/img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Password:</th>
+                                                                                
+        <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td>
+      </tr>       
+<input type=hidden name=url value="$url">
+
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<div align="right">
+<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> 
+</div>
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/securitydomainpanel.vm b/dogtag/common-ui/shared/admin/console/config/securitydomainpanel.vm
new file mode 100644
index 000000000..0e6a902eb
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/securitydomainpanel.vm
@@ -0,0 +1,115 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>$panelname</h2>
+<br/>
+A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<br/>
+This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority.
+<br/>
+If the user is creating a new security domain, this CA Administrator is also
+the security domain Administrator.
+<br/>
+If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator
+requested in the next panel.
+</div>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#if ($cstype == "CA") 
+<b><input $check_newdomain type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTP EE URL (unsecure): </th>
+        <td>http://$machineName:$http_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Agent URL (clientauth): </th>
+        <td>https://$machineName:$https_agent_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS EE URL (non-clientauth): </th>
+        <td>https://$machineName:$https_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td>https://$machineName:$https_admin_port</td>
+      </tr>
+    </table>
+<br/>
+<b><input $check_existingdomain type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#else
+<b><input disabled="disabled" type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+    </table>
+<br/>
+<b><input checked type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#end
+<br/>
+Enter the URL to an existing security domain.
+<br/>
+    <table class="details">
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td>
+      </tr>
+    </table>
+<br/>
+<table>
+<tr>
+<td valign="top"><b>NOTE:&nbsp;&nbsp; </b></td>
+<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$initCommand status $instanceId" from the command-line.</td>
+</tr>
+</table>
+<br/>
diff --git a/dogtag/common-ui/shared/admin/console/config/sidemenu.vm b/dogtag/common-ui/shared/admin/console/config/sidemenu.vm
new file mode 100644
index 000000000..09fe16870
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/sidemenu.vm
@@ -0,0 +1,30 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<div id="sidenav">
+<ul>
+  <li><a href="welcome">Welcome</a></li>
+  <li><a href="database">Internal Database</a></li>
+  <li><a href="module">Security Modules</a></li>
+  <li><a href="size">Key Size</a></li>
+  <li><a href="name">Issuer Name</a></li>
+  <li><a href="hierarchy">PKI Hierarchy</a></li>
+  <li><a href="admin">Administrator</a></li>
+  <li><a href="done">Finish</a></li>
+</ul>
+</div>
diff --git a/dogtag/common-ui/shared/admin/console/config/sizepanel.vm b/dogtag/common-ui/shared/admin/console/config/sizepanel.vm
new file mode 100644
index 000000000..ef80ecf20
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/sizepanel.vm
@@ -0,0 +1,685 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<style type="text/css">
+div#advance
+{
+  margin: 0px 20px 0px 20px;
+  display: none;
+}
+div#simple
+{
+  margin: 0px 20px 0px 20px;
+  display: block;
+}
+</style>
+
+<SCRIPT type="text/JavaScript">
+
+var rsalist="${rsalist}";
+var ecclist="${ecclist}"; 
+var curvelist="${curvelist}";
+var displaycurvelist = "${displaycurvelist}";
+var rsaTags = "${rsaTags}";
+var additionalMessage = "";
+if (rsaTags.length > 0) {
+  additionalMessage = (rsaTags.indexOf(",") != -1)?
+    "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing, Transport, and Storage functionality <b>ONLY</b> support RSA keys.  Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that RSA keys are selected for the Audit Log Signing Certificate, Transport Certificate, and Storage Certificate. All other keys can be ECC.</i>":
+    "<p><b>IMPORTANT:</b> <i>Currently, the Audit Log Signing functionality <b>ONLY</b> supports RSA keys.  Users that require ECC keys <b>MUST</b> first select the ECC key type and then verify on the Advanced tab that an RSA key is selected for the Audit Log Signing Certificate. All other keys can be ECC.</i>";
+}
+
+function myOnLoad() {
+   var form = document.forms[0];
+   var keyTypeSelect = form.elements['keytype'];
+
+   setSigningAlgOptions(keyTypeSelect.value, "commontag");
+   setAllSigningAlgOptions(keyTypeSelect.value);
+
+   setAlgOptions(keyTypeSelect.value, "commontag");
+   setAllAlgOptions(keyTypeSelect.value);
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function toggleLayer(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function toggleLayer1(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else if (style2.display == "") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function toggleOn(whichLayer)
+{
+  if (document.getElementById) {
+    var style2 = document.getElementById(whichLayer).style;
+    style2.display = "block";
+  }
+}
+
+function toggleOff(whichLayer)
+{
+  if (document.getElementById) {
+    var style2 = document.getElementById(whichLayer).style;
+    style2.display = "none";
+  }
+}
+
+function keyAlgorithmChange()
+{
+  var form = document.forms[0];
+  var keyTypeSelect = document.forms[0].elements['keyalgorithm'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_keyalgorithm') != -1) {
+      form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+    }
+  }
+}
+
+function signingAlgorithmChange()
+{
+  var form = document.forms[0];
+  var keyTypeSelect = document.forms[0].elements['signingalgorithm'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_signingalgorithm') != -1) {
+      form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+    }
+  }
+}
+
+function setAllAlgOptions(keyType)
+{
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    var ind = name.indexOf('_keyalgorithm');
+    if (ind != -1) {
+      var tag = name.substring(0,ind);
+      setAlgOptions(keyType, tag);
+    }
+  }
+}
+
+function setAlgOptions(keyType, certTag)
+{
+  var algSelect;
+  var list;
+  if (certTag == "commontag") {
+    algSelect = document.forms[0].elements['keyalgorithm'];
+  } else {
+    algSelect = document.forms[0].elements[certTag + '_keyalgorithm'];
+  }
+  if (typeof(algSelect) == "undefined") {
+    return;
+  }
+  algSelect.options.length=0;
+  if (keyType == "rsa") {
+    list = rsalist.split(",");
+  } else {
+    list = ecclist.split(",");
+  }
+  for (i=0; i < list.length; i++) {
+    algSelect.options[algSelect.options.length] = new Option(list[i], list[i]);
+  }
+}
+
+function setAllSigningAlgOptions(keyType)
+{
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    var ind = name.indexOf('_signingalgorithm');
+    if (ind != -1) {
+      var tag = name.substring(0,ind);
+      setSigningAlgOptions(keyType, tag);
+    }
+  }
+}
+
+function setSigningAlgOptions(keyType, certTag)
+{
+  var algSelect;
+  var list;
+  if (certTag == "commontag") {
+    algSelect = document.forms[0].elements['signingalgorithm'];
+  } else {
+    algSelect = document.forms[0].elements[certTag + '_signingalgorithm'];
+  }
+  if (typeof(algSelect) == "undefined") {
+    return;
+  }
+  algSelect.options.length=0;
+  if (keyType == "rsa") {
+    list = rsalist.split(",");
+  } else {
+    list = ecclist.split(",");
+  }
+  for (i=0; i < list.length; i++) {
+    algSelect.options[algSelect.options.length] = new Option(list[i], list[i]);
+  }
+}
+
+function toggleKeyCurve(keyType, certTag)
+{
+  if (keyType == "rsa") {
+    toggleOn(certTag + '_custom_display_keysize');
+    toggleOff(certTag + '_custom_display_curvename');
+  } else {
+    toggleOff(certTag + '_custom_display_keysize');
+    toggleOn(certTag + '_custom_display_curvename');
+  }
+}
+
+function toggleAllKeyCurves(keyType)
+{
+  var form = document.forms[0];
+  if (keyType == "rsa") {
+    toggleOn('simple_keysize');
+    toggleOff('simple_curvename');
+  } else {
+    toggleOn('simple_curvename');
+    toggleOff('simple_keysize');
+  } 
+
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    var ind = name.indexOf('_keytype');
+    
+    if (ind != -1) {
+      var tag = name.substring(0,ind);
+      if (keyType =="rsa") {
+          toggleOff(tag + '_custom_display_curvename');
+          toggleOn(tag + '_custom_display_keysize');
+      } else {
+          toggleOn(tag + '_custom_display_curvename');
+          toggleOff(tag + '_custom_display_keysize');
+      }
+    }
+  }
+}
+
+function indexOfTag(tag)
+{
+  var index = rsaTags.indexOf(tag);
+  if (index > 0) {
+    if (rsaTags.charAt(index-1) != ',') {
+      index = -1;
+    }
+  }
+  return index;
+}
+
+function keyTypeChange(certTag)
+{
+  var form = document.forms[0];
+  var keyTypeSelect;
+  if (certTag == "commontag") {
+    keyTypeSelect = document.forms[0].elements['keytype'];
+    for (var i = 0; i < form.length; i++) {
+      var name = form[i].name;
+      var k = name.indexOf('_keytype');
+      if (k != -1) {
+        var tag = name.substring(0, k);
+        if ((keyTypeSelect.value.indexOf('ecc') != -1) &&
+            (indexOfTag(tag) == -1)) {
+          form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+          setAlgOptions(keyTypeSelect.value, tag);
+          setSigningAlgOptions(keyTypeSelect.value, tag);
+          toggleKeyCurve(keyTypeSelect.value, tag);
+        }
+      }
+    }
+  } else {
+      keyTypeSelect = document.forms[0].elements[certTag + '_keytype'];
+      toggleKeyCurve(keyTypeSelect.value, certTag);
+  }
+  setAlgOptions(keyTypeSelect.value, certTag);
+  setSigningAlgOptions(keyTypeSelect.value, certTag);
+}
+
+function defaultChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function customChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function textChange()
+{
+  var customSize = document.forms[0].elements['custom_size'];
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_custom_size') != -1) {
+      form.elements[name].value = customSize.value;
+    }
+  }
+}
+
+function matchCurve(curve)
+{
+  var list = curvelist.split(",");
+  for (var i=0; i < list.length; i++) {
+    if (list[i] == curve) return true;
+  }
+  return false;
+}
+
+function curveChange()
+{
+  var customCurve = document.forms[0].elements['custom_curvename'];
+  var check = matchCurve(customCurve.value);
+  if (check == false) {
+    alert("The curve name " + customCurve.value + " is not in the set of allowed curves.\n" +
+          "To see a list of allowed curves, click on Details.");
+    return;
+  }
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_custom_curvename') != -1) {
+      form.elements[name].value = customCurve.value;
+    }
+  }
+}
+
+function displayCurveList()
+{
+  var list = displaycurvelist.split(",");
+  var linelen = 0;
+  for (var i=0; i < list.length -1 ; i++) {
+    document.write(list[i] + ",");
+    linelen = linelen + list[i].length;
+    if (linelen >= 60) {
+      document.write("<br/>");
+      linelen=0;
+    }
+  }
+  document.write(list[list.length -1]);
+}
+  
+</SCRIPT>
+Select the key pair type(s), associated key pair size(s) or curve name(s), and signature algorithm(s) from the pulldown menus.  
+<SCRIPT type="text/JavaScript">
+document.write(additionalMessage);
+</SCRIPT>
+  <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<br/>
+<p>
+Each certificate can have its own key pair generated with its own independent settings or common settings can be applied to all key pairs. At minimum, each key pair has to define what <i>type</i> it is by identifying a cipher family and then has to set a <i>strength</i> for that key.
+</p>
+<ul>
+<li>
+<b><i>Key Type</i></b>. Sets the cipher family to use to generate the key pair. RSA and ECC key types have slightly different strength options.
+</li>
+<li>
+<b><i>RSA strength: Key Size</i></b>. Sets the key length for the generated pair. Longer keys are stronger, which makes them more secure. 
+However, longer key pair sizes also increase the time required to perform operations such as signing certificates, so long keys can affect performance.
+</li>
+<li>
+<b><i>ECC strength: Curve Name</i></b>. Sets the curve algorithm to use, which can be any one of the curves listed below.  The curves that are included in parenthesis are equivalent - and either name can be used.  Note that not all curves may be supported by the token.
+<br/><ul style="list-style:none"><li><i>
+<SCRIPT type="text/JavaScript">
+displayCurveList();
+</SCRIPT></i></li></ul>
+</li>
+<li>
+<b><i>Signing Algorithm</i></b>. <i>Signing certificates only.</i> Sets the signing algorithm which will be used to sign objects issued by the subsystem. This is only displayed for certificates which are used for object signing, such as the CA signing certificate or the OCSP signing certificate.
+</li>
+<li><b><i>Signed With</i></b>. <i>Root CAs only.</i> Sets the signing algorithm used to sign the CA signing certificate itself.
+</li>
+</ul>
+<br/>
+</div>
+#if ($select == "clone")
+For a cloned subsystem, only the key for an SSL server certificate is generated.
+#end
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+<div id="simple">
+<br/>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td>
+</tr>
+</table>
+<br/>
+<H2>Common Key Settings</H2>
+<br/>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+        <td><select name="keytype" onChange="keyTypeChange('commontag')"><option value="rsa">RSA</option><option value="ecc">ECC</option></select></td>
+      </tr>
+</table>
+
+#if ($subsystemtype == "ca")
+#if ($hselect == "root")
+<table width=100% class="details">
+      <tr> 
+        <th width="30%">Signed With:</th>
+        <td><select name="keyalgorithm" onChange="keyAlgorithmChange()">
+            </select></td>
+      </tr>
+</table>
+#end
+#end
+
+#if ($show_signing == "true")
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Signing Algorithm:</th>
+        <td><select name="signingalgorithm" onChange="signingAlgorithmChange()">
+            </select></td>
+      </tr>
+</table>
+#end
+
+<div id="simple_keysize"> 
+<p>
+
+    <input checked onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits)</b>.
+    <p>
+    <input onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key size:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size:</th>
+        <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="2048" /></td>
+      </tr>
+</table>
+
+</div>
+
+<div id="simple_curvename" style="display: none;">
+<p>
+
+    <input checked onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default curve ($default_ecc_curvename)</b>.
+    <p>
+    <input onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following curve:</b>
+
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th width=30%>Curve Name:</th>
+        <td><input onChange="curveChange()" type="text" size="20" name="custom_curvename" value="$default_ecc_curvename" /></td>
+      </tr>
+</table>
+
+</div>
+
+<!-- to be used when we can do a google-style horizontal combo-box
+<div id="simple_curvename" style="display: none;">
+
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Curve Name:</th>
+        <td><select name="custom_curvename">
+                #set ($x=0)
+                #foreach ($p in ${curvelist})
+                    <option value="$x">$p</option>
+                    #set ($x=$x+1)
+                #end
+            </select></td>
+      </tr>
+</table>
+</div>
+-->
+
+</div>
+<p>
+
+<div id="advance" style="display: none;">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td>
+</tr>
+</table>
+#foreach ($item in $certs)
+<H2>Key for $item.getUserFriendlyName()</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+#if ($item.isEnable())
+        <td><select name="$item.getCertTag()_keytype" onChange="keyTypeChange('$item.getCertTag()')"><option value=rsa>RSA</option><option value="ecc">ECC</option></select></td>
+#else
+        <td><select name="$item.getCertTag()_keytype" disabled="disabled" onChange="keyTypeChange('$item.getCertTag()')"><option value=rsa>RSA</option><option value="ecc">ECC</option></select></td>
+#end
+      </tr>
+</table>
+
+#if ($subsystemtype == "ca")
+#if ($hselect == "root")
+#if ($item.getCertTag() == "signing")
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Signed With:</th>
+        <td><select name="$item.getCertTag()_keyalgorithm">
+            </select></td>
+      </tr>
+</table>
+#end
+#end
+#end
+
+#if ($item.isSigningRequired())
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Signing Algorithm:</th>
+        <td><select name="$item.getCertTag()_signingalgorithm">
+            </select></td>
+      </tr>
+</table>
+#end
+
+<div id="$item.getCertTag()_custom_display_keysize">
+<br/>
+#if ($item.isEnable())
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits).
+#else
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default" disabled="disabled"><b>Use the default key size ($default_keysize bits).
+#end
+    <br/>
+#if ($item.isEnable())
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key size:</b>
+#else
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom" disabled="disabled"><b>Use the following custom key size:</b>
+#end
+                                                                                
+    <br/>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size:</th>
+#if ($item.isEnable())
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_size value=$item.getCustomKeysize() /></td>
+#else
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_size value=$item.getCustomKeysize() disabled="disabled"/></td>
+#end
+      </tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_custom_display_curvename" style="display: none;">
+<br/>
+#if ($item.isEnable())
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default"><b>Use the default curve ($default_ecc_curvename).
+#else
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default" disabled="disabled"><b>Use the default curve ($default_ecc_curvename).
+#end
+    <br/>
+#if ($item.isEnable())
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following curve:</b>
+#else
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom" disabled="disabled"><b>Use the following curve:</b>
+#end
+
+    <br/>
+<table width=100% class="details">
+      <tr>
+        <th width=30%>Curve Name:</th>
+#if ($item.isEnable())
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename() /></td>
+#else
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename() disabled="disabled"/></td>
+#end
+      </tr>
+</table>
+</div>
+
+<!-- to be used when we can do a google-style combo-box
+<div id="$item.getCertTag()_custom_display_curvename" style="display: none;">
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Curve Name:</th>
+#if ($item.isEnable())
+        <td><select name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename()>
+                #set ($x=0)
+                #foreach ($p in $curvelist)
+                    <option value="$x">$p</option>
+                    #set ($x=$x+1)
+                #end
+            </select>
+        </td>
+#else
+        <td><select name=$item.getCertTag()_custom_curvename value=$item.getCustomCurvename() disabled="disabled">
+                #set ($x=0)
+                #foreach ($p in $curvelist)
+                    <option value="$x">$p</option>
+                    #set ($x=$x+1)
+                #end
+            </select>
+        </td>
+#end
+      </tr>
+</table>
+</div>
+-->
+
+#end
+</div>
+<br/>
+<br/>
+<br/>
+#if ($firsttime == 'false')
+<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p>
+#end
+<br/>
+    <div align="right">
+      <hr />
+<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete.  Please wait for the next panel to appear.</i>
+      &nbsp;
+    </div>
diff --git a/dogtag/common-ui/shared/admin/console/config/topmenu.vm b/dogtag/common-ui/shared/admin/console/config/topmenu.vm
new file mode 100644
index 000000000..64881066f
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/topmenu.vm
@@ -0,0 +1,21 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li>
+</ul>
diff --git a/dogtag/common-ui/shared/admin/console/config/welcomepanel.vm b/dogtag/common-ui/shared/admin/console/config/welcomepanel.vm
new file mode 100644
index 000000000..07b0d641f
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/welcomepanel.vm
@@ -0,0 +1,56 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<H2>$panelname</H2>
+The $fullsystemname configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname ($systemname). <a href="javascript:toggle_details();">[Details]</a>
+                                                                                
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates.
+<p>
+Dogtag Certificate System (DCS) $productversion
+ is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC).
+<p>
+For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem.
+#if ($systemType != "tps")
+<p>
+Additionally, this wizard may also be used to clone any existing instance to achieve scalability and high-availability.
+#end
+</div>
diff --git a/dogtag/common-ui/shared/admin/console/config/wizard.vm b/dogtag/common-ui/shared/admin/console/config/wizard.vm
new file mode 100644
index 000000000..22574a970
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/wizard.vm
@@ -0,0 +1,152 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="../img/favicon.ico" />
+    <link rel="stylesheet" href="../../../css/pki-base.css" type="text/css" />
+
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+  </head>
+
+  <body onLoad="myOnLoad();">
+
+<SCRIPT type="text/JavaScript">
+function process(fop) {
+    with (document.forms[0]) {
+        op.value = fop;
+        if (fop == 'next') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else if (fop == 'apply') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else {
+            document.getElementById('progress').style.visibility = "visible";
+            submit();
+        }
+    }
+}
+
+</SCRIPT>
+
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li>
+</ul>
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+          
+<div id="sidenav">
+<ul>
+#foreach ($panel in $panels)
+#if (!$panel.isSubPanel())
+#if ($panel.isPanelDone())
+  <li><center><font color=white size="2">$panel.getName()</font></center></li>
+#else
+  <li><center><font color=black size="2">$panel.getName()</font></center></li>
+#end
+#end
+
+#end
+</ul>
+</div>
+
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img alt="" src="../img/icon-software.gif" />
+  $title </h1>
+
+<OBJECT classid="clsid:127698E4-E730-4E5C-A2b1-21490A70C8A1"
+    codebase="xenroll.dll"
+    id=Enroll >
+</OBJECT>
+
+<form name=f method=post action="wizard">
+<input type=hidden name=p value="$p">
+
+#parse ( $panel )
+
+<input type=hidden name="op" value=''>
+
+</form>
+
+<table width=100% border=0 cellspacing=0 cellpadding=0>
+<tr bgcolor="#eeeeee">
+<td><img alt="" id=progress style="visibility: hidden;" src="../img/bigrotation2.gif" /></td>
+<td align=right>
+
+#if ($showApplyButton == true)
+<input type=button onclick="process('apply')" name=back value="Apply">
+#end
+
+#if ($lastpanel == true)
+&nbsp;
+#else
+<input type=button onclick="process('next')" name=back value="Next>">
+#end
+
+</td>
+</tr>
+</table>
+
+	</td>
+      </tr>
+    </table>
+
+#include ( "admin/console/config/footer.vm" )
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/common-ui/shared/admin/console/config/xml.vm b/dogtag/common-ui/shared/admin/console/config/xml.vm
new file mode 100644
index 000000000..ee4bc2c97
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/config/xml.vm
@@ -0,0 +1,21 @@
+<?xml version='1.0' encoding='utf-8'?>
+<!-- BEGIN COPYRIGHT BLOCK
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     END COPYRIGHT BLOCK -->
+<response>
+  $xml 
+</response>
diff --git a/dogtag/common-ui/shared/admin/console/img/badge.png b/dogtag/common-ui/shared/admin/console/img/badge.png
new file mode 100644
index 000000000..5fe0223b5
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/badge.png
diff --git a/dogtag/common-ui/shared/admin/console/img/bigrotation2.gif b/dogtag/common-ui/shared/admin/console/img/bigrotation2.gif
new file mode 100644
index 000000000..5bb90fd6a
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/bigrotation2.gif
diff --git a/dogtag/common-ui/shared/admin/console/img/certificate.png b/dogtag/common-ui/shared/admin/console/img/certificate.png
new file mode 100644
index 000000000..2ea9f88bb
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/certificate.png
diff --git a/dogtag/common-ui/shared/admin/console/img/clearpixel.gif b/dogtag/common-ui/shared/admin/console/img/clearpixel.gif
new file mode 100644
index 000000000..ae710460b
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/clearpixel.gif
diff --git a/dogtag/common-ui/shared/admin/console/img/favicon.ico b/dogtag/common-ui/shared/admin/console/img/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/favicon.ico
diff --git a/dogtag/common-ui/shared/admin/console/img/icon-software.gif b/dogtag/common-ui/shared/admin/console/img/icon-software.gif
new file mode 100644
index 000000000..dd64b485c
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/icon-software.gif
diff --git a/dogtag/common-ui/shared/admin/console/img/icon_crit_update.gif b/dogtag/common-ui/shared/admin/console/img/icon_crit_update.gif
new file mode 100644
index 000000000..cf3c47907
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/icon_crit_update.gif
diff --git a/dogtag/common-ui/shared/admin/console/img/id.png b/dogtag/common-ui/shared/admin/console/img/id.png
new file mode 100644
index 000000000..2c54191e1
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/id.png
diff --git a/dogtag/common-ui/shared/admin/console/img/idkey.png b/dogtag/common-ui/shared/admin/console/img/idkey.png
new file mode 100644
index 000000000..3e27d2d05
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/idkey.png
diff --git a/dogtag/common-ui/shared/admin/console/img/key.png b/dogtag/common-ui/shared/admin/console/img/key.png
new file mode 100644
index 000000000..db2896248
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/key.png
diff --git a/dogtag/common-ui/shared/admin/console/img/lock.png b/dogtag/common-ui/shared/admin/console/img/lock.png
new file mode 100644
index 000000000..56be3b755
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/lock.png
diff --git a/dogtag/common-ui/shared/admin/console/img/logo_header.gif b/dogtag/common-ui/shared/admin/console/img/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/logo_header.gif
diff --git a/dogtag/common-ui/shared/admin/console/img/no-certificate.png b/dogtag/common-ui/shared/admin/console/img/no-certificate.png
new file mode 100644
index 000000000..7d93a41c3
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/no-certificate.png
diff --git a/dogtag/common-ui/shared/admin/console/img/rootca.gif b/dogtag/common-ui/shared/admin/console/img/rootca.gif
new file mode 100644
index 000000000..303e25c10
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/rootca.gif
diff --git a/dogtag/common-ui/shared/admin/console/img/sub.gif b/dogtag/common-ui/shared/admin/console/img/sub.gif
new file mode 100644
index 000000000..e4cca8384
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/img/sub.gif
diff --git a/dogtag/common-ui/shared/admin/console/js/misc.js b/dogtag/common-ui/shared/admin/console/js/misc.js
new file mode 100644
index 000000000..d4dc336ab
--- /dev/null
+++ b/dogtag/common-ui/shared/admin/console/js/misc.js
@@ -0,0 +1,30 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * This function is to submit the form's parameters and to decide if the 
+ * window should remain open.
+ *
+ * @param f The form
+ * @param fclose true if you want to close the window; otherwise false.
+ */
+function saveConfig(f, fclose) {
+    f.submit();
+    if (fclose == true)
+        window.close();
+}
diff --git a/dogtag/common-ui/shared/css/pki-360.css b/dogtag/common-ui/shared/css/pki-360.css
new file mode 100644
index 000000000..bdcd7ed3b
--- /dev/null
+++ b/dogtag/common-ui/shared/css/pki-360.css
@@ -0,0 +1,941 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+/* 
+color scheme:
+
+light gray:  #e6e6e6
+medium gray:
+dark gray:
+
+link blue: #06c
+
+red: #900
+
+*/
+
+
+/* This establishes background pattern and centering of content area as well
+as font-styles for the site */
+body {
+	margin: 0;
+	padding: 0;
+	color: #333;
+	text-align: center;
+	background: #fff url(/img/bkgrnd_greydots.png) repeat;
+	font-family: "Luxi Sans", "Bitstream Vera Sans", "Lucida Grande", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	}
+	
+td, th { /* for ie55  */
+    font-size: x-small;      
+    /* false value for WinIE4/5 */
+    voice-family: "\"}\"";   
+    /* trick WinIE4/5 into thinking rule is over */
+    voice-family: inherit;   
+    /* recover from trick */
+    font-size: small;
+    /* intended value for better browsers */
+	}
+	
+img {
+	border: 0;
+	}
+	
+a {
+	text-decoration: none;
+	}
+	
+a:link {
+	color: #06c;
+	}
+	
+a:visited {
+	color: #06c;
+	}
+
+/* This is the container for the content that is centered */
+#wrap {
+	margin: 0 20px 10px 20px;
+	padding: 10px 15px;
+	text-align: left;
+	background: #fff;
+/*
+	min-width: 900px;
+*/
+	}
+
+/* The following styles establish the header, top nav bar and systems and
+search areas */	
+#header {
+	height: 31px;	/* changed height added bottom margin  */
+	margin-top: 10px;
+	margin-bottom: 20px;
+	}
+	
+#headertitle {
+	height: 31px;          /* same as header */
+	margin-top: 10px;      /* same as header */
+	margin-right: 100px;   /* "myLogo" margin-left + "logo_header.gif" */
+	margin-bottom: 20px;   /* same as header */
+	font-size: large;
+	font-weight: bold;
+	}
+
+#headerpaddedtitle {
+	height: 31px;          /* same as header */
+	margin-top: 10px;      /* same as header */
+	margin-bottom: 20px;   /* same as header */
+	font-size: large;
+	font-weight: bold;
+	padding-left: 115px;   /* "myLogo" margin-left +
+	                          "logo_header.gif" + 15px */
+	}
+
+img#myLogo {
+	float: left;
+	margin-left: 15px;
+	}
+	
+img#pkiLogo {
+	float: left;
+	}
+	
+#account {
+	float: right;
+	width: 450px;
+	margin-right: 15px;
+	padding-top: 7px;	/* removed margin-bottom, added padding-top  */
+	}
+	
+#account dl {
+	float: right;
+	padding: 0;
+	margin: 0;
+	}
+	
+#account dt {
+	float: left;
+	width: 66px;
+	height: 1.1em;
+	background: url(/img/account_loggedin.gif) 100% 100% no-repeat;
+	}
+	
+#account dd {	/* note changes to dl, dt and dd   */
+	float: left;
+	margin-left: 10px;
+	}
+	
+#account p {
+	float: right;
+	margin: 0 0 0 30px;
+	padding: 0;
+	}
+	
+#account p a {
+	width: 56px;
+	height: 1.1em;
+	background: url(/img/account_signout.gif) 100% 100% no-repeat;
+	display: block;
+	}
+	
+#account span {
+	display: none;
+	}
+
+#bar {
+	margin-bottom: 10px; 
+	background-color: #e6e6e6
+	}
+	
+#bar:after {
+    content: "."; 
+    display: block;
+    height: 0px;	/* took out negative margin and set height to 0  */
+    overflow: hidden;
+    clear: both; 
+    visibility: hidden;
+    }
+
+    /* Holly Hack Targets IE Win only \*/
+    * html #bar {height: 1%;}
+    /* End Holly Hack */
+	
+#systembar {
+	float: right;
+	width: 34%;
+	background: #e6e6e6 url(/img/greybar_tr.gif) 100% 0 no-repeat;
+	}
+	
+#systembarinner {
+	background: url(/img/greybar_br.gif) 100% 100% no-repeat;
+	height: 2.8em;
+	/* text-align: center; */
+	text-align: right;
+	padding-right: 10px;
+	}
+	
+#systembarinner div {
+	color: #000;
+	font-variant: small-caps;
+	padding-top: 5px;
+	}
+	
+#searchbar {
+	float: left;
+	width: 66%;
+	background: #e6e6e6 url(/img/greybar_tl.gif) 0 0 no-repeat;
+	}
+	
+#searchbarinner {
+	padding-left: 10px;
+	background: url(/img/greybar_bl.gif) 0 100% no-repeat;
+	height: 2.8em;
+	/*
+	text-align: left;
+	text-align: center;
+	*/
+	text-align: right;
+
+	}
+	
+#systembarinner form,
+#searchbarinner form {
+	margin: 0;
+	padding-top: 5px;	/* changed to padding-top: 5px  */
+	/*text-align: center;*/
+	}
+/* end header */
+	
+/* The following styles establish the new side nav bar */
+#sidenav {	/* for ie55  */
+	width: 132px;
+	background-color: #999;
+	background-image: url(/img/corner_sidenav_top.gif);
+	background-position: top right;
+	background-repeat: no-repeat;
+	font-family: "Luxi Sans", verdana, arial, sans-serif;	
+	font-size: xx-small;
+    /* false value for WinIE4/5 */
+    voice-family: "\"}\"";   
+    /* trick WinIE4/5 into thinking rule is over */
+    voice-family: inherit;   
+    /* recover from trick */
+    font-size:  x-small;
+    /* intended value for better browsers */
+	font-weight: bold;
+	}
+
+	
+#sidenav ul {
+	background-image: url(/img/corner_sidenav_bottom.gif);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	list-style: none;
+	padding: 10px 0 10px 0;
+	margin: 0;
+	}
+	
+#sidenav ul ul {
+	background: none;
+	/* background-color: #c1c1c1; */
+	background-color: #ccc;
+	margin: 0;
+	padding: 0;
+	border-top: 1px solid #999;
+	}
+	
+#sidenav ul li {
+	border-bottom: 1px solid #a7a7a7;
+	margin: 0;
+	}
+	
+#sidenav ul li:last-child {
+	border-bottom: 1px solid #999;
+	}
+
+#sidenav ul li.sidenav-selected {
+	/*
+	background: #8a8a8a;
+	background: #7b7b7b;
+	*/
+	background: #6c6c6c;
+	/* border-top: 1px solid #999; */
+	}
+
+#sidenav ul li.sidenav-selected span {
+	display: none;
+	}
+	
+#sidenav ul li a {
+	display: block;
+	color: white;
+	text-decoration: none;
+	padding: 3px 5px 3px 15px;
+	margin: 0;
+	}
+	
+#sidenav ul ul li.sidenav-selected {
+	background: #6c6c6c;
+	/* background: #7b7b7b;
+	background: #8a8a8a;
+	*/
+	}
+
+	
+#sidenav ul ul li:last-child {
+	border-bottom: none;
+	}
+	
+#sidenav ul ul li a {
+	padding-left: 30px;
+	color: #555;
+	}
+
+#sidenav ul ul li.sidenav-selected a {
+	padding-left: 30px;
+	color: white;
+	}
+
+
+#content {
+	clear: both;
+	}
+
+/* The following styles establish the legend boxes in the left sidebar */
+.sideleg {
+	width: 132px;
+	background: url(/img/sidelegend_top.gif) 0 0 no-repeat;
+	padding-top: 9px;
+	margin-top: 1em;
+	}
+	
+	
+.sideleg h2 {
+	font-size: x-small;
+	color: #666;
+	border: 1px solid #acacac;
+	border-top: none;
+	padding: 0 0 3px 15px;
+	margin: 0;
+	}
+	
+.sideleg ul {
+	padding: 0 0 9px 0 ;
+	margin: 0;
+	list-style: none;
+	background: url(/img/sidelegend_bottom.gif) 0 100% no-repeat;
+	}
+	
+.sideleg ul li {
+	padding: 12px 0 6px 15px;
+	font-size: x-small;
+	color: #666;
+	border-left: 1px solid #acacac;
+	border-right: 1px solid #acacac; /* removed clear:left  */
+	}
+	
+.sideleg ul li img {
+	float: left;
+	padding-right: 3px;
+	margin-top: -3px;
+	}
+	
+h1 {
+	margin-top: 0;
+	}
+	
+/* existing PKI STYLES - modded - these need to be inserted carefully */
+
+.sidebar {
+	padding-right: 15px;
+    vertical-align: top;
+}
+
+table.iso_dl {
+    border-collapse: collapse;
+}    
+
+table.iso_dl td {
+    padding: 4px;
+}
+
+table.iso_dl th {
+    color: #999;
+    background-color: #eee;
+    border:  1px solid #999;
+    padding: 6px 3px;
+    text-align: right;
+}
+
+table.iso_dl th.first {
+    text-align: left;
+}
+
+th {
+	padding: 4px 6px;
+	color: #fff;
+   /* background-color: #b4b19a; */
+	text-align: left;
+	font-size: small;
+}
+
+
+/* -- YOUR PKI stuff -- */
+table.half-table {
+	background: #b4b19a url(/img/table_corner_tr.gif) 100% 0 no-repeat;
+	padding: 0px;
+	margin: 0px;
+	}
+
+.half-table td {
+	background-color: #fff;
+}	
+
+table.your-pki table.half-table td { 
+  padding: 2px 8px;
+}
+
+table.your-pki table.full-table td { 
+  padding-left: 4px;
+  padding-right: 4px;
+  padding-top: 4px;
+}
+
+table.half-table thead th:first-child { 
+	background: url(/img/table_corner_tl.gif) top left no-repeat;
+	}
+
+
+
+
+/* -- General list stuff -- */
+table.list {
+	font-size: 10px;
+	background: #b4b19a url(/img/table_corner_tr.gif) top right no-repeat;
+	border-bottom: 1px solid #b4b19a;
+}
+
+/* Holly Hack Targets IE Win only \*/
+    * html table.list, * html table.half-table {background-image: none;}
+    /* End Holly Hack */
+
+
+
+table.list thead th:first-child {
+	background: url(/img/table_corner_tl.gif) top left no-repeat;
+	}
+
+table.list-pagination {
+	font-size: smaller;
+}
+
+
+td.first-column {
+	border-left: 1px solid #b4b19a;
+}
+
+td.last-column  {
+	border-right: 1px solid #b4b19a;
+}
+
+td.only-column  {
+	border-right: 1px solid #b4b19a;
+	border-left: 1px solid #b4b19a;
+}
+
+
+.list-checkbox {
+	text-align: center;
+	border-left: 1px solid #b4b19a;
+}
+
+.list-checkbox-header {
+	text-align: center;
+}
+
+.list th a {
+	display: inline;
+	}
+
+.list a:hover {
+	text-decoration: underline;
+}
+
+/* list row classes */
+.list-row-even td{
+	background-color: #F1EBDC;
+}
+.list-row-odd td {
+        background-color: #ffffff;
+}
+.list-row-summary {
+	text-align: right;
+	font-weight: bold;
+	border: 1px solid #ccc;
+	background-color: #eee;
+}
+.list-row-even td, .list-row-odd td, .list-row-summary td {
+	padding: 4px 8px;
+}
+
+.list-horiz-separator hr {
+	border: 0;
+	border-bottom: 1px solid #ccc;
+	padding: 0px;
+}
+
+
+/* default class def for row color toggling */
+.list-row-even-selected {
+        background-color: #dde5ff;
+}
+.list-row-odd-selected {
+        background-color: #dde5ff;
+}
+
+.list-row-odd-selected td, .list-row-even-selected td {
+	border-bottom: 1px solid #ccc;
+	padding: 4px 8px;
+}
+
+/* special column classes */
+th + th {
+	border-left: 0;
+}
+a[name]:hover {
+	color: inherit;
+}
+
+
+
+
+/* --- TABLE TREE VIEW --- */
+tr.table-tree-even td, tr.table-tree-odd td {
+   padding: 10px 15px;
+}
+tr.table-tree-even img,
+tr.table-tree-odd img {
+   margin-left: 4px;
+}
+tr.table-tree-odd {
+   background-color: #F1EBDC;
+}
+tr.table-tree-even {
+   background-color: #fff;
+}
+                                                                                                                                                             
+/* padding for parent+child channels  */
+tr.table-tree-even + tr.table-tree-even td,
+tr.table-tree-odd + tr.table-tree-odd td {
+   padding-top: 0;
+}
+
+
+
+
+/* signin page stuff start */
+#footer {
+        /*
+	border-top: 2px dotted #ccc;
+	padding: 2em 4em 2em 4em;
+	*/
+	padding: 1em;
+	margin: 1em 4em 1em 4em;
+	text-align: center;
+	font-size: 10px;
+	color: #aaa;
+
+	margin-left: auto;
+	margin-right: auto;
+        margin-top: 64px;
+}
+
+h1#pki_welcome {
+	background-image: url(/img/pki_welcome.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	padding-bottom: 5px;
+	height: 20px;
+	}
+	
+h1#pki_welcome2 {
+	background-image: url(/img/pki_welcome2.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	height: 37px;
+	}
+	
+h1#pki_welcome3 {
+	background-image: url(/img/pki_welcome3.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	height: 40px;
+	}
+	
+h1#pki_welcome span {
+	display: none;
+	}
+	
+h1#pki_welcome2 span {
+	display: none;
+	}
+	
+h1#pki_welcome3 span {
+	display: none;
+	}
+	
+ul.linkage {
+	list-style: none;
+	padding: 8px;
+	margin: 0px;
+	}
+	
+ul.linkage li{
+	background-image: url(/img/bullet_arrowblue.png);
+	background-repeat: no-repeat;
+	background-position: 0 .4em;
+	padding-left: 10px;
+	margin: .4em 0;
+	}
+
+#contentLeft {
+	float: left;
+	margin-top: 20px;
+}
+
+#contentRight {
+	margin: 0 15px 0 295px;
+}
+
+ /**** following styles define the CLEAR BOX W/ROUNDED CORNERS */
+ 
+ .clearBox {
+ 	width: 279px;
+ 	background: url(/img/corner_halflinebox_top.png) top right no-repeat;
+ 	}
+ 	
+ .clearBox {
+ 	padding-top: 7px;
+ 	margin-bottom: 15px;
+ 	}
+ 	
+ .clearBoxInner {
+ 	background: url(/img/corner_halflinebox_bottom.png) bottom left no-repeat;
+ 	}
+ 	
+ .clearBoxInner {
+ 	width: 100%;
+ 	padding-bottom: 7px;
+ 	}
+ 	
+ .clearBoxBody {
+ 	padding: 5px 14px;
+ 	border-left: 1px solid #b4b4b4;
+ 	border-right: 1px solid #b4b4b4;
+ 	}
+ 	
+ .clearBoxBody h2 {
+ 	font-size: small;
+ 	}
+ 	
+div.formrow {
+  	padding: 5px 0;
+  	font-size: x-small;
+  	}
+  	
+div.formrow:after {
+    content: "."; 
+    display: block; 
+    height: 0;
+    overflow: hidden;
+    clear: right; 
+    visibility: hidden;
+    }
+
+    /* Holly Hack Targets IE Win only \*/
+    * html .formrow {height: 1%;}
+    /* End Holly Hack */
+
+div.formrow span.label {
+	float: left;
+	width: 110px;
+	text-align: right;
+	font-weight: bold;
+	padding: .5em 0;
+	}
+
+div.formrow span.formfield {
+	float: right;
+	width: 130px;
+	text-align: left;
+	}
+	
+p#intro {
+	font-size: 1.3em;
+	line-height: 1.2em;
+	color: #000;
+	}
+	
+p.endnote {
+	font-size: smaller;
+	margin-top: 3em;
+	padding-top: 10px;
+	line-height: 1.5em;
+	border-top: 1px solid #333;
+	}
+
+
+/* CONTENT-NAV - begin */
+	
+.content-nav {
+	margin: 0;
+	padding: 0;
+}
+
+.content-nav a:visited {
+    color: #06c;
+}
+		
+.content-nav ul {
+	list-style-type: none;
+	margin: 0;
+	padding: 0;
+	font-size: 10px;
+      	font-family: "Luxi Sans", verdana, arial, sans-serif;
+	}
+		
+.content-nav:after,
+.content-nav ul:after {
+	content: "."; 
+	display: block;
+	height: 1px;
+	margin-top: -1px;
+	overflow: hidden;
+	clear: both; 
+	visibility: hidden;
+	}
+
+/* Holly Hack Targets IE Win only */
+* html .content-nav {height: 1%;}
+* html .content-nav ul {height: 1%;}
+/* End Holly Hack */
+		
+ul.content-nav-rowone,
+ul.content-nav-rowthree {
+	margin-left: 10px;
+	}
+		
+ul.content-nav-rowone {
+	border-bottom: 3px solid #e6e6e6;
+	margin-bottom: -3px;
+	}
+		
+/* Holly Hack Targets IE Win only \*/
+* html ul.content-nav-rowone {margin-right: 8px;}
+* html ul.content-nav-rowone {margin-bottom: -2px;}
+/* End Holly Hack */
+		
+ul.content-nav-rowone li, ul.content-nav-rowthree li {
+	float: left;
+	}
+	
+ul.content-nav-rowone li a, ul.content-nav-rowthree li a {
+	display: block;
+	padding: 4px 8px;
+	}
+		
+ul.content-nav-rowtwo {
+	background: url(/img/contentnav_rowtwo_b.gif) bottom left no-repeat;
+	padding-bottom: 6px;
+	margin-right: 8px;
+	}
+		
+ul.content-nav-rowtwo li {
+	display: inline;
+	padding-left: 18px;
+	}
+		
+a.content-nav-selected-link {
+	color: #000;
+	font-weight: bold;
+	}
+		
+ul.content-nav-rowone li.content-nav-selected {
+	background: url(/img/contentnav_tabr.gif) top right no-repeat;
+	}
+		
+ul.content-nav-rowone a.content-nav-selected-link {
+	background: url(/img/contentnav_tabl.gif) top left no-repeat;
+	}
+		
+ul.content-nav-rowthree li.content-nav-selected {
+	background: url(/img/contentnav_tabr.gif) bottom right no-repeat;
+	}
+		
+ul.content-nav-rowthree a.content-nav-selected-link {
+	background: url(/img/contentnav_tabl.gif) bottom left no-repeat;
+	}
+		
+div.contentnav-row2 {
+	background: #e6e6e6 url(/img/contentnav_rowtwo_t.gif) top left no-repeat;
+	padding: 0px;
+	clear: left;
+	}
+		
+div.contentnav-row2 div.top {
+	background: url(/img/contentnav_rowtwo_t.gif) top right no-repeat;
+	margin-left: 8px;
+	height: 6px;
+	font-size: 0;
+	}
+		
+div.contentnav-row2 div.bottom {
+	background: url(/img/contentnav_rowtwo_b.gif) bottom right no-repeat;
+	}
+		
+/* CONTENTNAV - end */
+
+
+
+
+/************************************************************** MAIN NAVIGATION */
+	
+#mainNavOuter {
+	width: 100%;
+	background-image: url(/img/corner_mainnav_bottom_chopped.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	background-color: #4f52b5;
+	}
+	
+#mainNav {
+	width: 100%;
+	font-weight: bold;
+	font-family: "Luxi Sans", verdana, helvetica, arial, sans-serif;
+	font-size: x-small;
+	}
+	
+	
+/* float clear hack that has been hacked for Moz 1.5x and below */
+#mainNavOuter:after {
+    content: "."; 
+    display: block; 
+    height: 1px;
+    margin-top: -1px;
+    overflow: hidden;
+    clear: both; 
+    visibility: hidden;
+    }
+    /* Holly Hack Targets IE Win only \*/
+    * html .mainNavOuter {height: 1%;}
+    /* End Holly Hack */
+    
+    
+#mainNavInner {
+	width: 100%;
+	height: 7px;
+	background-image: url(/img/corner_mainnav_top_chopped.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul {
+	padding: 0;
+	margin: 0;
+	list-style-type: none;
+	background-image: url(/img/corner_mainnav_tl.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li {
+	background: #b70000;
+	display: block;
+	float: left;
+	padding: 0;
+	margin: 0;
+	}
+	
+#mainNav li#mainFirst-active,
+#mainNav li#main-active,
+#mainNav li#mainLast-active {
+	background-color: #000080;
+	}
+	
+
+/* special casing for left-most top tab */
+#mainNav ul li a.mainFirstLink {
+	background-image: url(/img/corner_mainnav_tl.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainFirst-active a.mainFirstLink {
+	background-image: url(/img/corner_mainnav_tl_hi.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li#mainFirst {
+	background-image: url(/img/corner_mainnav_bl.png);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainFirst-active {
+	background-image: url(/img/corner_mainnav_bl_hi.png);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	}
+
+/* special casing for right-most top tab */	
+#mainNav ul li a.mainLastLink {
+	background-image: url(/img/corner_mainnav_tr.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainLast-active a.mainLastLink {
+	background-image: url(/img/corner_mainnav_tr_hi.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li#mainLast {
+	background-image: url(/img/corner_mainnav_br.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainLast-active {
+	background-image: url(/img/corner_mainnav_br_hi.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li a {
+	display: block;
+	float: left;
+	text-decoration: none;
+	color: #fff;
+	padding: 5px 15px;
+	font-size: 11px;
+	text-decoration: none !important;
+	}
+
diff --git a/dogtag/common-ui/shared/css/pki-base.css b/dogtag/common-ui/shared/css/pki-base.css
new file mode 100644
index 000000000..1892b75dc
--- /dev/null
+++ b/dogtag/common-ui/shared/css/pki-base.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+@import url("pki.css");
+@import url("pki-360.css");
+
+/* The following styles are for ALL browsers, including Netscape
+   Navigator 4.x.  Put more detailed CSS in pki.css. */
+
+
+/* from rob byers */
+
+/* This establishes background pattern and centering of content area as well
+as font-styles for the site */
+body {
+	margin: 0;
+	padding: 0;
+	color: #333;
+	text-align: center;
+	font-family: "Luxi Sans", "Bitstream Vera Sans", "Lucida Grande", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size: small;
+	}
+	
+img {
+	border: 0;
+	}
+
+#broken-browser-warning { 
+        text-align: center;
+}
+
+.sidebar {
+	padding: 10px 0 0 0;	/* changed padding parameters */
+	/*border-right: 1px solid #ccc;*/
+        vertical-align: top;
+}
+.sidebar-title {
+	color: #999;
+	font-size: 10px;
+	text-align: center;
+	border-bottom: 1px solid #ccc;
+}
+.sidebar-links {
+	font-size: 10px;
+	margin: 0;
+	padding: 0 0 0 15pt;
+	color: #999;
+}
+.sidebar-title + .sidebar-links {
+	margin-top: -0.5em;
+}
+
+.sidebar-info {
+  padding: 4px 4px;
+}
+.sidebar-info h2 {
+  padding-left: 10px;
+  margin: 4px;
+}
+.legend-row {
+  padding: 0px 2px;
+  white-space: nowrap;
+}
+.legend-row img {
+  vertical-align: middle;
+  margin: 3px 4px;
+  padding: 0;
+}
+
+.tab-row img {
+        vertical-align: bottom;
+}
+
+.bar-undertabs div {
+	background: #900 url("/img/tab-bar.gif") repeat-x bottom;
+        height: 11px;
+        font-size: 1px;
+        margin: 0;
+        padding: 0;
+}
+.bar-status form { 
+        margin: 0;
+}
+
+.bar-status {
+	background-color: #ddd;
+	font-size: 10px;
+	padding: 5px;
+	margin: 0;
+	border: 1px solid #ccc;
+	border-top: none;
+	/*
+	text-align: left;
+	*/
+}
+
+#footer {
+        /*
+	border-top: 2px dotted #ccc;
+	padding: 2em 4em 2em 4em;
+	*/
+	padding: 1em;
+	margin: 1em 4em 1em 4em;
+	text-align: center;
+	font-size: 10px;
+	color: #aaa;
+
+	margin-left: auto;
+	margin-right: auto;
+        margin-top: 64px;
+}
+
+ul#help-url-list ul {
+
+}
+ul#help-url-list li {
+  list-style: none;
+  padding-top: 10px;
+  padding-bottom: 10px;
+}
+
+ul#help-url-list li a {
+  font-weight: bold;
+}
+
+ul#faq-list { 
+  padding-left: 2px;
+  margin-left: 0;
+}
+
+#faq-list li { 
+  list-style: none;
+  margin-left: 10px;
+  margin-top: 10px;
+  margin-bottom: 10px;
+}
+
+#faq-list a {
+}
+
+#faq-details { 
+  margin-left: 1em;
+}
+
+#faq-details a.faq-back-to-top { 
+  float: right;
+}
+
+#faq-details p + h3 { 
+  padding-top: 2em;
+}
+
+div.login-component { 
+  text-align: center;
+}
+
+div.login-box { 
+  border: 1px solid #999;
+  text-align: right;
+  padding: 12px 10px;
+  margin: 4px;
+  background-color: #eee;
+  width: 210px;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+div.login-box form { 
+  margin: 0;
+}
+
+div.login-box div.input-row { 
+  font-weight: bold;
+  font-size: 10px;
+  white-space: nowrap;
+}
+
+div.login-box div.input-row input { 
+  font-weight: normal;
+  vertical-align: middle;
+}
+
+div.filter-input { 
+}
+div.filter-input input { 
+  vertical-align: middle;
+  font-size: 10px;
+}
+
+/*
+ Devel environment only.
+
+b, i, u, font, center, .fixme, blockquote { 
+  background-color: #eaa;
+  text-decoration: line-through;
+}
+*/
diff --git a/dogtag/common-ui/shared/css/pki.css b/dogtag/common-ui/shared/css/pki.css
new file mode 100644
index 000000000..8149eccf4
--- /dev/null
+++ b/dogtag/common-ui/shared/css/pki.css
@@ -0,0 +1,742 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+/* This file is for more detailed compliance (basically any browser
+"better" than NN 4.x */
+
+#broken-browser-warning { 
+  display: none;
+}
+
+
+table.namespaces {
+	font-size: 10px;
+	border: 1px solid #999;
+}
+
+table.list-pagination {
+	font-size: 10px;
+}
+
+.list-empty-message {
+  margin: 0 2%;
+  cursor: text;
+  font-weight:  bold;
+}
+.list-filterbox {
+	font-size: 10px;
+}
+.list-alphabar {
+	text-align: right;
+	font-size: 12px;
+        white-space: nowrap;
+}
+.list-alphabar a {
+        padding: 0px 2px;
+}
+.list-alphabar-enabled {
+        padding: 0px 2px;
+}
+.list-alphabar-disabled {
+        padding: 0px 2px;
+	color:  #aaa;
+        cursor: default;
+}
+.list-box {
+	border: 1px solid #ccc;
+}
+.list-data-number {
+	text-align: right;
+}
+
+
+/* sample reddish toggle class def... */
+.remove-even-selected {
+	background-color: #fcc;
+}
+.remove-odd-selected {
+        background-color: #fcc;
+}
+.remove-even-selected td, .remove-odd-selected td {
+	border-bottom: 1px solid #aaa;
+	padding: 4px;
+}
+
+
+/* sample greenish toggle class def... */
+.green-even-selected {
+	background-color: #e5ffdd;
+}
+.green-odd-selected {
+        background-color: #e5ffdd;
+}
+.green-even-selected td, .green-odd-selected td {
+	border-bottom: 1px solid #ccc;
+	padding: 4px;
+}
+
+
+
+.list-navbuttons {
+	white-space: nowrap;
+}
+.list-infotext {
+	white-space: nowrap;
+	color: #777;
+}
+.list-channel a {
+}
+.list-channel ul {
+	padding: 0;
+	margin: 0;
+}
+.list-channel li {
+	list-style: none;
+}
+.list-channel li + li {
+	padding-top: 0;
+}
+.list-channel li + li li {
+	padding-top: 0;
+}
+.list-channel li li {
+	list-style-image: url("/img/branch.gif");
+	margin-left: 2.5em;
+}
+
+
+
+
+
+
+
+
+
+.invisible-buttons input {
+	font-size: 10px;
+}
+a:hover, .invisible-buttons input:hover {
+	color: #f00;
+}
+
+:visited {
+	color: #3850a9;
+}
+:link {
+	color: #2843c9;
+}
+a { 
+	text-decoration: none;
+}
+a:hover {
+	text-decoration: underline !important;
+}
+a[name] {
+	text-decoration: inherit;
+}
+a[name]:hover {
+	text-decoration: none !important;
+}
+
+.tab-row td {
+	background: #fff url("/img/tab-bar-top.gif") repeat-x bottom;
+}
+
+hr {
+	border: 0;
+	border-bottom: 1px dashed #ccc;
+	padding: 0.5em;
+}
+
+.site-info {
+        border: 2px solid #002244;
+        background-color: #225580;
+        color: white;
+
+        padding: 0.5em;
+        margin-bottom: 0.5em;
+        margin-top: 2px;
+        font-size: 14px;
+        text-align: center;
+}
+
+.site-info a:link {
+        color: #99ddff;
+        font-weight: bold;
+}
+
+.site-info a:visited {
+        color: #99ddff;
+        font-weight: bold;
+}
+
+.site-alert {
+        border: 3px solid #d00;
+	background-color: #924;
+        color: white;
+
+        padding: 0.4em;
+        margin-bottom: 0.5em;
+        margin-top: 2px;
+	text-align: left;
+}
+.local-info {
+        color: #7782aa;
+
+	text-align: left;
+        font-size: 14px;
+}
+.local-alert {
+        color: #d00;
+    padding-top:7px;
+    padding-left:4px;
+	text-align: left;
+        font-size: 14px;
+}
+
+.bar-search {
+	font-size: 10px;
+	text-align: center;
+}
+.bar-logged-out {
+	font-weight: bold;
+	font-size: 10px;
+	text-align: center;
+}
+.bar-login {
+	font-weight: bold;
+	text-align: left;
+}
+.bar-ssm {
+	font-size: 10px;
+	text-align:  right;
+}
+
+button {
+	padding: 2px 5px 2px 5px;
+}
+button:hover {
+	background-color: #eee;
+}
+button:active {
+	padding: 3px 6px 1px 4px;
+}
+a.help-title { 
+  vertical-align: top;
+}
+
+a.help-title img {
+  border: 0;
+  padding: 0;
+  margin: 0;
+  vertical-align: top;
+
+  /* Mozilla and IE extensions */
+  opacity: 0.75;
+}
+a.help-title:hover img {
+  /* Mozilla and IE extensions */
+  opacity: 1.0;
+}
+
+a[name]:hover {
+	color: inherit;
+}
+
+h1, div.toolbar-h1 {
+  margin-top: 0;
+  margin-bottom: 0.5em;
+  font-size: 20px;
+}
+
+h1 img, div.toolbar-h1 img { 
+  vertical-align: middle;
+  padding-top: 2px;
+  padding-bottom: 4px;
+}
+
+h1 a.help-title img, div.toolbar-h1 a.help-title img { 
+  margin: 0;
+  padding: 0;
+  vertical-align: top;
+}
+
+div.toolbar-h1, div.toolbar-h2 { 
+  font-weight: bold;
+  padding: 4px 0;
+}
+
+h2, div.toolbar-h2  {
+  font-size: 1.0em;
+  color: #999;
+  border-bottom: 2px solid #ccc;
+}
+h2 img, div.toolbar-h2 img { 
+  vertical-align: middle;
+}
+h2 a { 
+}
+
+
+h3 {
+  font-size: 1.0em;
+}
+
+.form-center {
+	text-align: center;
+}
+select, input, textarea {
+	font-family: sans-serif;
+	font-size: 100%;
+}
+.indent {
+	margin-left: 1em;
+}
+.iso-md5 {
+	font-family: monospace;
+	text-align: right;
+}
+
+.list-iso th {
+	border-width: 0 0 1px 0;
+}
+.list-iso th + th {
+	border-left: 1px solid #ccc;
+}
+.list-iso td.seperated {
+        border-top: 1px solid #ccc;
+        font-weight: bold;
+}
+.list-iso {
+	font-size: 10px;
+	border: 1px solid #999;
+	padding: 1px;
+}
+.list-iso-item {
+	margin-left: 1em;
+}
+.list-iso-item {
+	color: #555;
+}
+.list-iso-item + .list-iso-item {
+	margin-top: 0.05em;
+}
+.list-iso p + p {
+}
+.a-to-z-bar {
+
+}
+.linkchain {
+	text-align: center;
+	font-size: 12px;
+	color: #555;
+        white-space: nowrap;
+}
+.linkchain a {
+	font-weight: bold;
+}
+.preference {
+	margin: 0 30px 0 30px;
+	text-align: left;
+	font-size: 0.9em;
+	font-weight: bold;
+	color: #444;
+}
+
+
+.schedule-action-interface th {
+	background-color: #fff;
+	padding: 2px;
+	border: none;
+	color: black;
+	text-align: left;
+}
+
+div.toolbar {
+	vertical-align: middle;
+	font-weight: normal;
+	font-size: 12px;
+	color: #999;
+        float: right;
+        margin-top: 9px;
+        white-space: nowrap;
+}
+.toolbar img {
+	border: none;
+	padding: 0 2px 1px 2px;
+	vertical-align: middle;
+}
+.toolbar a {
+	padding: 0 2px;
+	text-decoration: none;
+}
+
+div.up-arrow {
+	vertical-align: middle;
+	font-weight: normal;
+	font-size: 12px;
+	color: #999;
+        float: left;
+        margin: 0 2%;
+        white-space: nowrap;
+}
+.up-arrow img {
+	border: none;
+	padding: 0 2px 4px 2px;
+	vertical-align: middle;
+}
+.up-arrow a {
+	padding: 0 2px;
+	text-decoration: none;
+}
+
+
+.ok-explanation img {
+	border: none;
+	vertical-align: middle;
+	padding: 2px 0 4px 0;
+}
+
+
+.resubscribe-warning img {
+	border: none;
+	vertical-align: middle;
+	padding: 2px 0 4px 0;
+}
+
+.resubscribe-warning-big {
+	margin: 0 2%;
+	cursor: text;
+	color:  #c00;
+}
+.resubscribe-warning-big img {
+	border: none;
+	padding: 0 4px 0 0;
+	vertical-align: middle;
+	float: left;
+}
+
+.required-form-field {
+	font-weight: bold;
+	color:  #c00;
+}
+.ssm-overview th {
+	background-color: #fff;
+	border: none;
+	text-align: center;
+	padding: 6px;
+}
+
+
+table.namespace-control {
+  padding:  4px;
+}
+
+.namespace-control tr {
+	vertical-align:  middle;
+}
+
+.namespace-control td {
+	padding: 4px;
+}
+
+.namespace-control-buttons td {
+	padding:  4px;
+	vertical-align:  middle;
+}
+
+table.details-2-columns {
+	padding: 4px;
+	border: none;
+}
+
+table.details { 
+  margin: 0 2%;
+}
+.details th {
+	padding: 8px;
+        padding-left: 16px;
+	border: none;
+	color: #444;
+	text-align: right;
+	vertical-align: top;
+        border: 1px solid #ddd;
+        border:none;
+        background-color: #eee;
+        -moz-border-radius-topleft: 15px;
+        -moz-border-radius-bottomleft: 15px;
+}
+
+.details th.required-form-field { 
+  border-right: 4px solid #c77;
+}
+
+.details td {
+	vertical-align: top;
+	padding: 4px;
+        padding-left: 2px;
+        padding: 8px;
+        border-bottom: 0;
+}
+
+.details th + td {
+	border-bottom: 1px solid #ddd;
+}
+
+.details td div {
+	text-align: left;
+        margin-bottom: 10px;
+        white-space: nowrap;
+}
+
+.details td table td {
+        margin: 0;
+        padding: 0;
+	border: 0;
+}
+
+.details td table {
+}
+
+table.details td.small-form textarea {
+        font-size: 10px;
+        font-family: monospace;
+}
+
+.details-header {
+	font-weight: bold;
+	color: #444;
+	font-family: helvetica;
+}
+
+.system-status {
+	text-align: center;
+}
+.system-status img {
+	vertical-align: middle;
+	padding-top: 0px;
+	padding-bottom: 2px;
+}
+.system-update-critical {
+	font-weight: bold;
+	color: #900;
+}
+
+.system-status-critical-updates {
+	font-weight: bold;
+	color: #c00;
+}
+.system-status-updates {
+	font-weight: bold;
+	color: #d80;
+}
+.system-status-bugfixes {
+	font-weight: bold;
+	color: #337;
+}
+.system-status-enhancements {
+	font-weight: bold;
+	color: #595;
+}
+.system-status-updates-scheduled {
+	font-weight: bold;
+}
+.system-status-up-to-date {
+	font-weight: bold;
+	color: #68d;
+}
+.system-status-unentitled {
+	font-weight: bold;
+	color: #333;
+}
+.system-status-awol {
+	font-weight: bold;
+	color: #f63;
+}
+
+.system-status-locked {
+	font-weight: bold;
+	color: #f63;
+}
+
+.system-status-kickstart {
+	font-weight: bold;
+	color: #f90;
+}
+
+osa-offline {
+    font-weight: bold;
+     color: #900;
+}
+
+.osa-online {
+    font-weight: bold;
+    color: #68d;
+}
+
+.probe-status-critical {
+        font-weight: bold;
+        color: #c00;
+}
+
+.probe-status-unknown {
+        font-weight: bold;
+        color: #f63;
+}
+
+.work-with-group-header {
+	text-align:  right;
+}
+.work-with-group-header img {
+	border: none;
+}
+
+td.comparison {
+	padding: 10px;
+}
+
+.summary-row {
+	background-color: #f5f5f5;
+}
+
+.feedback-email { 
+  font-weight: bold;
+  color: #900;
+}
+
+.schedule-action-interface { 
+  color: black;
+}
+
+#navlogo { 
+  border: 0;
+  margin: 4px 13px;
+  position: absolute;
+  top: 5px;
+}
+#navtabs {
+  position: absolute;
+  left: 166px;  
+  top: 35px;
+  display: block;
+}
+#navhelp { 
+  position: absolute;
+  right: 10px;
+  top: 15px;
+  border: 0;
+  padding: 15px;
+  padding-top: 0px;
+}
+
+
+.action-summary-errata, .action-summary-package, .action-summary-config { 
+  padding-top: 10px;
+}
+
+.action-summary-errata ul, .action-summary-package ul, .action-summary-config ul { 
+  margin: 0;
+  list-style: none;
+}
+
+div.page-summary {
+  margin: 0 2%;
+  cursor: text;
+}
+
+div.page-summary a { 
+  text-decoration: underline;
+  cursor: pointer
+}
+
+div.marketing-summary {
+  margin: 0 2%;
+  cursor: text;
+}
+
+div.marketing-summary a { 
+  text-decoration: underline;
+  font-weight: bold;
+  cursor: pointer
+}
+
+.search-choices form { 
+  margin: 0;
+  padding: 0;
+}
+.search-choices { 
+  margin-top: 20px;
+}
+
+.search-choices-group { 
+  margin-left: 40px;
+}
+
+.debug-profile { 
+  background-color: #eee;
+  border: 1px solid #ccc;
+  margin: 20px 40px;
+  padding: 8px;
+}
+
+div.buy-now { 
+  text-align: left;	
+  padding-top: 16px;
+}
+
+div.buy-now img { 
+  border: 0;
+}
+
+span.no-details {
+  font-style: italic;
+  color: #777;
+}  
+
+.page-content {
+	padding: 6px 10px 6px 16px;
+        vertical-align: top;
+		width: 100%;
+}
+
+div.pki-embedded-help { 
+  padding: 6px 20px 6px 20px;
+}
+
+.pki-embedded-help-NAVHEADER th { 
+  margin-top: 0;
+  padding-bottom: 1em;
+  font-size: 20px;
+  border: 0;
+  background-color: #fff;
+  color: black;
+  text-align: left;
+}
+
+.pki-embedded-help-NAVHEADER td { 
+  padding: 0 2em;
+}
+
+.pki-embedded-help-TOC { 
+  padding: 0 4em;
+}
+
+code.line-of-code {
+  white-space: nowrap
+}
diff --git a/dogtag/common-ui/shared/img/favicon.ico b/dogtag/common-ui/shared/img/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/common-ui/shared/img/favicon.ico
diff --git a/dogtag/common-ui/shared/img/logo_header.gif b/dogtag/common-ui/shared/img/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/common-ui/shared/img/logo_header.gif
diff --git a/dogtag/console-ui/CMakeLists.txt b/dogtag/console-ui/CMakeLists.txt
new file mode 100644
index 000000000..fcb7bf40e
--- /dev/null
+++ b/dogtag/console-ui/CMakeLists.txt
@@ -0,0 +1,3 @@
+project(console-ui Java)
+
+add_subdirectory(src)
diff --git a/dogtag/console-ui/LICENSE b/dogtag/console-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/console-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/console-ui/build.xml b/dogtag/console-ui/build.xml
new file mode 100644
index 000000000..a472d1782
--- /dev/null
+++ b/dogtag/console-ui/build.xml
@@ -0,0 +1,292 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="console-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <mkdir dir="${build.classes}"/>
+        <javac debug="on"
+               srcdir="${src.dir}/com/netscape"
+               destdir="${build.classes}">
+            <classpath refid="classpath"/>
+        </javac>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <mkdir dir="${build.jars}"/>
+        <jar jarfile="${build.jars}/pki-console-theme-${version}.jar">
+            <fileset dir="${src.dir}">
+                <include name="CMSAdminRS.properties"/>
+            </fileset>
+            <fileset dir="${build.classes}">
+                <include name="com/netscape/**"/>
+            </fileset>
+            <fileset dir="${src.dir}">
+                <include name="com/netscape/**/*.gif"/>
+                <include name="com/netscape/**/*.properties"/>
+            </fileset>
+        </jar>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./build/jars"
+                        filemode="755"
+                        prefix="usr/share/java/${product.prefix}">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${product.name}-${version}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./build/jars"
+                        mode="755"
+                        prefix="${dist.name}/usr/share/java/${product.prefix}">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${product.name}-${version}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${product.name}.spec"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="src/CMSAdminRS.properties"/>
+                <include name="src/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${product.name}.spec"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="src/CMSAdminRS.properties"/>
+                <include name="src/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/console-ui/build_dogtag b/dogtag/console-ui/build_dogtag
new file mode 100755
index 000000000..5cfa1424c
--- /dev/null
+++ b/dogtag/console-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-console-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="console-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/console-ui/dogtag-pki-console-ui.spec b/dogtag/console-ui/dogtag-pki-console-ui.spec
new file mode 100644
index 000000000..d33ea016c
--- /dev/null
+++ b/dogtag/console-ui/dogtag-pki-console-ui.spec
@@ -0,0 +1,71 @@
+Name:           dogtag-pki-console-ui
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - PKI Console User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+BuildRequires:  java-devel >= 1:1.6.0
+BuildRequires:  jpackage-utils
+BuildRequires:  jss >= 4.2.6
+BuildRequires:  ldapjdk
+
+Requires:       java >= 1:1.6.0
+Requires:       jss >= 4.2.6
+Requires:       ldapjdk
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-console-ui = %{version}-%{release}
+
+Obsoletes:      pki-console-ui < %{version}-%{release}
+
+Conflicts:      redhat-pki-console-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag PKI Console User Interface contains the graphical
+user interface for the Dogtag PKI Console.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="console-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+cd %{buildroot}%{_javadir}/pki
+ln -s pki-console-theme-%{version}.jar pki-console-theme.jar
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_javadir}/pki/
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
diff --git a/dogtag/console-ui/src/CMSAdminRS.properties b/dogtag/console-ui/src/CMSAdminRS.properties
new file mode 100644
index 000000000..e42104937
--- /dev/null
+++ b/dogtag/console-ui/src/CMSAdminRS.properties
@@ -0,0 +1,4415 @@
+CERTTYPEWIZARD_LABEL_XCERT_LABEL=CrossCert
+INSTALLOPWIZARD_LABEL_CROSSCERT_LABEL=Cross-signed Certificate(s)
+SSLCLIENT_TRUST_DIALOG_TITLE=Security Warning
+SSLCLIENT_TRUST_DIALOG_HELP=manual/en/console/help/security_warning.htm
+SSLCLIENT_TRUST_DIALOG_ACCEPT=Accept
+SSLCLIENT_TRUST_DIALOG_REJECT=Reject
+SSLCLIENT_TRUST_DIALOG_VIEWCERT=View Certificate
+SSLCLIENT_TRUST_DIALOG_WARNMSG=The certificate this server presented is either untrusted or unknown. \n\nDo you wish to accept this certificate?
+SSLCLIENT_TRUST_DIALOG_ACCEPTONESESSION=Accept this certificate for this session only.
+SSLCLIENT_INITPASSWORD_DIALOG_TITLE=Initialize Internal Token
+SSLCLIENT_INITPASSWORD_PWD_LABEL=Password:
+SSLCLIENT_INITPASSWORD_PWDAGAIN_LABEL=Password (again):
+SSLCLIENT_PASSWORD_DIALOG_TITLE=Password Entry Dialog
+SSLCLIENT_PASSWORD_DIALOG_LABEL=Enter the password for the
+SSLCLIENT_PASSWORDAGAIN_DIALOG_LABEL=Password is invalid. Enter the password again for the
+SSLCLIENT_CERTSELECT_DIALOG_TITLE=Select a certificate
+SSLCLIENT_CERTSELECT_DIALOG_LABEL=Select a certificate:
+INSTALLKRASTORAGEKEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) for the key pair. 'Internal' refers to the software implementation in CS. If you have installed and configured the PKCS #11 module for a hardware device, you can select it from this list (Note that a DRM requires a separate device if a hardware device has been selected):
+INSTALLKRASTORAGEKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+INSTALLKRASTORAGEKEYWIZARD_LABEL_PASSWD_LABEL=Password:
+INSTALLKRASTORAGEKEYWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+INSTALLKRASTORAGEKEYWIZARD_LABEL_SOP_LABEL=Security officer password:
+INSTALLKRASTORAGEKEYWIZARD_CHECKBOX_HARDWARE_SPLIT_LABEL=Use Hardware Splitting
+INSTALLKRASTORAGEKEYWIZARD_CHECKBOX_HARDWARE_SPLIT_TTIP=Specify if Hardware Splitting should be used
+INTERNALDBWIZARD_CHECKBOX_SCHEMA_LABEL=Add CS-Specific Schema and Indices to the Database?
+INTERNALDBWIZARD_LABEL_REMOTEHOST_LABEL=Host name:
+INTERNALDBWIZARD_LABEL_REMOTEPORT_LABEL=Port number:
+INTERNALDBWIZARD_LABEL_REMOTEDN_LABEL=Base DN for this instance:
+INTERNALDBWIZARD_LABEL_DATABASE_LABEL=Database Name (for DS 5.x or later):
+INTERNALDBWIZARD_LABEL_REMOTEADMIN_LABEL=Directory manager DN:
+INTERNALDBWIZARD_LABEL_REMOTEPWD_LABEL=Password:
+INTERNALDBWIZARD_RADIOBUTTON_LOCALDB_LABEL=Create a new Internal Database (recommended)
+INTERNALDBWIZARD_RADIOBUTTON_REMOTEDB_LABEL=Use an existing remote LDAP server
+CAGENERAL_CHECKBOX_OCSP_LABEL=OCSP Service
+CAOCSPSERVICEWIZARD_TEXT_HEADING_LABEL=Enabling Certificate Manager's internal OCSP service. The OCSP service runs on the Non-SSL end-entity port (i. e. - http://<host>:<ee-port>/ocsp). The port must be enabled for the service to run. Enabling the internal OCSP service is an alternative to installing an Online Certificate Status Manager.
+CAOCSPSERVICEWIZARD_BORDER_CAOCSPSERVICEWIZARD_LABEL=Internal OCSP Service
+CAOCSPSERVICEWIZARD_LABEL_OCSPSERVICE_LABEL=Enable OCSP service.
+CAOCSPSERVICEWIZARD_CHECKBOX_OCSPSERVICE_LABEL=
+CAOCSPSERVICEWIZARD_TITLE=OCSP Service
+OCSPSTORESRULE_BUTTON_DEFAULT_LABEL=Set Default
+INSTALLOCSPINTROWIZARD_TITLE=Installation Wizard
+INSTALLOCSPINTROWIZARD_BORDER_INSTALLOCSPINTROWIZARD_LABEL=Online Certificate Status Manager Signing Certificate Installation
+INSTALLOCSPINTROWIZARD_TEXT_HEADING_LABEL=Do you want to install the certificate now?
+INSTALLOCSPINTROWIZARD_RADIOBUTTON_YES_LABEL=Yes.
+INSTALLOCSPINTROWIZARD_RADIOBUTTON_NO_LABEL=No.
+INSTALLGENOCSPWIZARD_TITLE=Installation Wizard
+INSTALLGENOCSPWIZARD_BORDER_INSTALLGENOCSPWIZARD_LABEL=Online Certificate Status Manager Signing Certificate Creation
+INSTALLGENOCSPWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate. Click Next to generate and install the certificate.
+INSTALLGENOCSPWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENOCSPCERTREQWIZARD_TITLE=Installation Wizard
+INSTALLGENOCSPCERTREQWIZARD_BORDER_INSTALLGENOCSPCERTREQWIZARD_LABEL=Online Certificate Status Manager Signing Certificate Request Creation
+INSTALLGENOCSPCERTREQWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate request. Click Next to generate them.
+INSTALLGENOCSPCERTREQWIZARD_RADIOBUTTON_PKCS10_LABEL=Generate a PKCS #10 request.
+INSTALLGENOCSPCERTREQWIZARD_RADIOBUTTON_CMC_LABEL=Generate a full CMC enrollment request.
+INSTALLGENOCSPCERTREQWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLDISPLAYOCSPCERTWIZARD_TITLE=Installation Wizard
+INSTALLDISPLAYOCSPCERTWIZARD_BORDER_INSTALLDISPLAYRACERTWIZARD_LABEL=Certificate Details
+INSTALLDISPLAYOCSPCERTWIZARD_LABEL_NAME_LABEL=Certificate name:
+INSTALLDISPLAYOCSPCERTWIZARD_LABEL_CONTENT_LABEL=This is the certificate you have chosen to install:
+INSTALLDISPLAYOCSPCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTEOCSPCERTWIZARD_TITLE=Installation Wizard
+INSTALLPASTEOCSPCERTWIZARD_BORDER_INSTALLPASTERACERTWIZARD_LABEL=Location of Certificate
+INSTALLPASTEOCSPCERTWIZARD_LABEL_INTRO_LABEL=Indicate the location of the certificate:
+INSTALLPASTEOCSPCERTWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLPASTEOCSPCERTWIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in this file:
+INSTALLPASTEOCSPCERTWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the text area below:
+INSTALLPASTEOCSPCERTWIZARD_TEXT_DESC_LABEL=Paste a base-64 encoded certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area.
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_EMPTYFILE_MESSAGE=The file field should not be empty
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_B64EEMPTY_MESSAGE=The base-64 encoded text field should not be empty
+INSTALLPASTEOCSPCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTEOCSPCERTWIZARD_RADIOBUTTON_QUERY_LABEL=The certificate is at the CS where your request was sent.
+INSTALLPASTEOCSPCERTWIZARD_TEXT_QUERY_LABEL=Specify the CS's host name, the EE port number, and the request ID:
+INSTALLPASTEOCSPCERTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLPASTEOCSPCERTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_BLANKRID_MESSAGE=Request ID cannot be blank.
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_INVALIDRID_MESSAGE=Request ID is not an integer.
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLPASTEOCSPCERTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLPASTEOCSPCERTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLPASTEOCSPCERTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLPASTEOCSPCERTWIZARD_LABEL_RID_LABEL=Request ID:
+INSTALLOCSPCERTSTATUSWIZARD_TITLE=Installation Wizard
+INSTALLOCSPCERTSTATUSWIZARD_BORDER_INSTALLOCSPCERTSTATUSWIZARD_LABEL=Import Certificate Chain
+INSTALLOCSPCERTSTATUSWIZARD_TEXT_DESC_LABEL=The OCSP Signing Certificate has been successfully installed. Now either specify the location of the base-64 encoded certificate chain (PKCS #7) of the CA which signed the OCSP Signing Certificate or paste the base-64 encoded certificate chain into the text area.
+INSTALLOCSPCERTSTATUSWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLOCSPCERTSTATUSWIZARD_RADIOBUTTON_FILE_LABEL=The certificate chain is located in this file:
+INSTALLOCSPCERTSTATUSWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate chain is located in the text area below:
+INSTALLOCSPCERTSTATUSWIZARD_TEXT_DESC1_LABEL=Paste the certificate chain (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area:
+INSTALLOCSPCERTSTATUSWIZARD_DIALOG_B64EEMPTY_TITLE=Error
+INSTALLOCSPCERTSTATUSWIZARD_DIALOG_B64EEMPTY_MESSAGE=Paste the certificate chain into the text area
+INSTALLOCSPCERTSTATUSWIZARD_DIALOG_FILENOTFOUND_TITLE=Error
+INSTALLOCSPCERTSTATUSWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLOCSPCERTSTATUSWIZARD_DIALOG_EMTPYFILEFIELD_TITLE=Error
+INSTALLOCSPCERTSTATUSWIZARD_DIALOG_EMPTYFILEFIELD_MESSAGE=The file field is blank
+INSTALLOCSPCERTSTATUSWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLOCSPCERTSTATUSWIZARD_INCOMPLETECERTCHAIN=The installed Certificate chain not complete - it does\nnot include a path to a trusted root. Partially\ncomplete chains may result in unexpected client\nand server behavior.
+INSTALLOCSPCERTSTATUSWIZARD_ERROR1=Fix the certificate chain before proceeding to the next panel
+INSTALLMANUALOCSPCERTREQUESTWIZARD_TITLE=Installation Wizard
+INSTALLMANUALOCSPCERTREQUESTWIZARD_BORDER_INSTALLMANUALOCSPCERTREQUESTWIZARD_LABEL=Submission of Request
+INSTALLMANUALOCSPCERTREQUESTWIZARD_TEXT_IGNOR_LABEL=Skip to the next panel if you've already submitted the request.
+INSTALLMANUALOCSPCERTREQUESTWIZARD_TEXT_DESC_LABEL=Copy the base-64 encoded certificate request (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the OCSP Responder enrollment form.
+INSTALLMANUALOCSPCERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+INSTALLMANUALOCSPCERTREQUESTWIZARD_TEXT_FILELOC_LABEL=This certificate request has been saved to a text file called ocspcsr.txt which is located in the
+INSTALLMANUALOCSPCERTREQUESTWIZARD_CHECKBOX_SENDNOW_LABEL=Send the request to a remote CS now
+INSTALLMANUALOCSPCERTREQUESTWIZARD_TEXT_SENDNOW_LABEL=Specify the remote CA's host name and EE port number:
+INSTALLMANUALOCSPCERTREQUESTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLMANUALOCSPCERTREQUESTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLMANUALOCSPCERTREQUESTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLMANUALOCSPCERTREQUESTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLMANUALOCSPCERTREQUESTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLMANUALOCSPCERTREQUESTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLMANUALOCSPCERTREQUESTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLMANUALOCSPCERTREQUESTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLOCSPKEYWIZARD_TITLE=Installation Wizard
+INSTALLOCSPKEYWIZARD_BORDER_INSTALLOCSPKEYWIZARD_LABEL=Key-Pair Information for the Online Certificate Status Manager Signing Certificate
+INSTALLOCSPKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+INSTALLOCSPKEYWIZARD_LABEL_PWD_LABEL=Password:
+INSTALLOCSPKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+INSTALLOCSPKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+INSTALLOCSPKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+INSTALLOCSPKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+INSTALLOCSPKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+INSTALLOCSPKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+INSTALLOCSPKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_2=Custom
+INSTALLOCSPKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_0=1024
+INSTALLOCSPKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_1=Custom
+INSTALLOCSPKEYWIZARD_LABEL_UNITS_LABEL=bits
+INSTALLOCSPKEYWIZARD_LABEL_KEY_LABEL=Specify the key type and key length:
+INSTALLOCSPKEYWIZARD_LABEL_CUSTOMKEY_LABEL=Enter a value for the customized key length:
+INSTALLOCSPKEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) for the key pair. 'Internal' refers to the software implementation in CS. If you have installed and configured the PKCS #11 module for a hardware device, you can select it from this list:
+INSTALLOCSPKEYWIZARD_DIALOG_OCSPSIGNINGCERTNOTFOUND_MESSAGE=RA signing certificate was not found
+INSTALLOCSPKEYWIZARD_LABEL_INITTOKEN_LABEL=Initialize the selected token:
+INSTALLOCSPKEYWIZARD_LABEL_LOGONTOKEN_LABEL=Logon to the selected token:
+INSTALLOCSPKEYWIZARD_LABEL_PASSWD_LABEL=Password:
+INSTALLOCSPKEYWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+INSTALLOCSPKEYWIZARD_LABEL_SOP_LABEL=Security officer password:
+INSTALLOCSPKEYWIZARD_LABEL_LOGIN_LABEL=Logon to the selected token:
+INSTALLOCSPKEYWIZARD_LABEL_INITIALIZE_LABEL=Initialize the selected token:
+INSTALLOCSPKEYWIZARD_DIALOG_BLANKLEN_MESSAGE=Key length cannot be blank
+INSTALLOCSPKEYWIZARD_DIALOG_NONINTEGER_MESSAGE=Key length is not an integer
+INSTALLOCSPKEYWIZARD_DIALOG_INVALIDKEYLEN_MESSAGE=Invalid key length
+INSTALLOCSPKEYWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INSTALLOCSPKEYWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INSTALLOCSPKEYWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INSTALLOCSPKEYWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+INSTALLOCSPKEYWIZARD_DIALOG_RSAINVALID_MESSAGE=The RSA key length must be divisible by 8.
+INSTALLOCSPKEYWIZARD_DIALOG_DSAINVALID_MESSAGE=The DSA key length must be divisible by 64, and within the range of 512 to 1024.
+INSTALLOCSPKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLOCSPCERTDNWIZARD_TITLE=Installation Wizard
+INSTALLOCSPCERTDNWIZARD_LABEL_SUBJECTNAME_LABEL=The current subject name in distinguished name (DN) format is:
+INSTALLOCSPCERTDNWIZARD_BORDER_INSTALLOCSPCERTDNWIZARD_LABEL=Subject Name for Online Certificate Status Manager Signing Certificate
+INSTALLOCSPCERTDNWIZARD_LABEL_DN_LABEL=To modify the subject DN for the certificate:
+INSTALLOCSPCERTDNWIZARD_RADIOBUTTON_DNCOMP_LABEL=Enter the values for the subject DN components:
+INSTALLOCSPCERTDNWIZARD_RADIOBUTTON_DNSTRING_LABEL=Enter the values for the subject DN string:
+INSTALLOCSPCERTDNWIZARD_LABEL_CN_LABEL=Common name (CN=):
+INSTALLOCSPCERTDNWIZARD_LABEL_OU_LABEL=Organizational unit (OU=):
+INSTALLOCSPCERTDNWIZARD_LABEL_O_LABEL=Organization (O=):
+INSTALLOCSPCERTDNWIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+INSTALLOCSPCERTDNWIZARD_LABEL_STATE_LABEL=State (ST=):
+INSTALLOCSPCERTDNWIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+INSTALLOCSPCERTDNWIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+INSTALLOCSPCERTDNWIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+INSTALLOCSPCERTDNWIZARD_LABEL_NEWDN_LABEL=New DN:
+INSTALLOCSPCERTDNWIZARD_DIALOG_BLANKFIELD_MESSAGE=Subject DN cannot be blank
+INSTALLOCSPCERTDNWIZARD_DIALOG_MISSINGO_MESSAGE=Leaving out O= will cause Communicator 4.X\nto crash during SSL client authentication. If you do not provide\nan O= attribute, you will not be able to access\nthe issuing agent pages.
+INSTALLOCSPCERTDNWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work,\nthen restart the\nwizard.
+OCSPTOKENLOGONWIZARD_TITLE=Installation Wizard
+OCSPTOKENLOGONWIZARD_BORDER_OCSPTOKENLOGONWIZARD_LABEL=Logon Token
+OCSPTOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the token where the Online Certificate Status Manager Signing Certificate will reside:
+OCSPTOKENLOGONWIZARD_TEXT_INIT_LABEL=Initialize the token where the Online Certificate Status Manager Signing Certificate will reside:
+OCSPTOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+OCSPTOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+OCSPTOKENLOGONWIZARD_LABEL_PWDAGAIN_LABEL=Password Again:
+OCSPTOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+OCSPTOKENLOGONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+GENERAL_OK=OK
+GENERAL_CANCEL=Cancel
+GENERAL_HELP=Help
+GENERAL_NEXT=Next>
+GENERAL_DONE=Done
+GENERAL_BACK=<Back
+GENERAL_ERROR=Error
+GENERAL_QUESTION=Question
+GENERAL_MENU_KEYCERT_LABEL=Certificate Setup Wizard
+GENERAL_MENU_KEYCERT_DESC=Certificate Setup Wizard
+GENERAL_MENU_CERTMANAGEMENT_LABEL=Manage Certificate
+GENERAL_MENU_CERTMANAGEMENT_DESC=Certificate Management
+GENERAL_MENU_PKCS11MANAGEMENT_LABEL=Manage PKCS #11
+GENERAL_MENU_PKCS11MANAGEMENT_DESC=PKCS #11 Management
+GENERAL_MENU_REFRESH_LABEL=Refresh
+GENERAL_MENU_REFRESH_DESC=Refresh
+CMSADMIN_ADMINPORT_LABEL=Administration Port
+CMSADMIN_DIALOG_SERVEROFF_TITLE=Error
+CMSADMIN_DIALOG_SERVEROFF_MESSAGE=Server is off
+CMSADMIN_DIALOG_NOTCONFIG_TITLE=Error
+CMSADMIN_DIALOG_NOTCONFIG_MESSAGE=Server is not configured. Please go to {0} and run config-cert locally.
+CMSADMIN_DIALOG_SERVERERROR_TITLE=Error
+CMSADMIN_DIALOG_SERVERERROR_MESSAGE=Cannot contact the daemon. Please try again later
+CMSADMIN_DIALOG_NOTIMPLEMENTED_TITLE=Error
+CMSADMIN_DIALOG_NOTIMPLEMENTED_MESSAGE=Functionality not implemented for Beta 1
+CMSINFOPANEL_LABEL_SERVERNAME_LABEL=Dogtag Certificate System
+CMSTABPANEL_BUTTON_APPLY_LABEL=Save
+CMSTABPANEL_BUTTON_APPLY_TTIP=Store the changes to the certificate server
+CMSTABPANEL_BUTTON_RESET_LABEL=Reset
+CMSTABPANEL_BUTTON_RESET_TTIP=Revert the values to the previous configuration
+CMSTABPANEL_BUTTON_HELP_LABEL=Help
+CMSTABPANEL_BUTTON_HELP_TTIP=Online help
+CMSTABPANEL_DIALOG_NOTSAVED_MESSAGE=Configuration not saved. Do you want to save the changes?
+CMSTABPANEL_DIALOG_NOTSAVED_TITLE=Configuration Not Saved
+CMSRESOURCEOBJECT_CONNECTOR_TITLE=Connector
+CMSRESOURCEOBJECT_ACL_TITLE=Access Control
+CMSRESOURCEOBJECT_LOG_TITLE=Logs
+CMSRESOURCEOBJECT_ACCESSLOG_TITLE=System
+CMSRESOURCEOBJECT_ERRORLOG_TITLE=Error
+CMSRESOURCEOBJECT_AUDITLOG_TITLE=Transactions
+CMSRESOURCEOBJECT_LOCAL_TITLE=Authentications
+CMSRESOURCEOBJECT_JOBSCHED_TITLE=Job Scheduler
+CMSRESOURCEOBJECT_JOBS_TITLE=Jobs
+CMSRESOURCEOBJECT_NOTIFICATION_TITLE=Notification
+CMSRESOURCEOBJECT_LDAPSETTING_TITLE=LDAP Setting
+CMSRESOURCEOBJECT_SMTPSETTING_TITLE=SMTP
+CMSRESOURCEOBJECT_SELFTESTS_TITLE=Self Tests
+CMSRESOURCEOBJECT_SCOPE_TITLE=Scopes
+CMSRESOURCEOBJECT_LDAPUG_TITLE=LDAP Scope
+CMSRESOURCEOBJECT_ROLE_TITLE=Role Management
+CMSRESOURCEOBJECT_ACL_TITLE=Access Control List
+CMSRESOURCEOBJECT_ENCRYPTION_TITLE=System Keys and Certificates
+CMSRESOURCEOBJECT_CACONFIG_TITLE=Certificate Manager
+CMSRESOURCEOBJECT_OCSPCONFIG_TITLE=Online Certificate Status Manager
+CMSRESOURCEOBJECT_RACONFIG_TITLE=Registration Manager
+CMSRESOURCEOBJECT_EACONFIG_TITLE=Data Recovery Manager
+CMSRESOURCEOBJECT_CCMCONFIG_TITLE=Centralized Management
+CMSRESOURCEOBJECT_POLICIES_TITLE=Policies
+CMSRESOURCEOBJECT_PROFILES_TITLE=Certificate Profiles
+CMSRESOURCEOBJECT_SERVLET_TITLE=Servlets
+CMSRESOURCEOBJECT_AUTH_TITLE=Authentication
+CMSRESOURCEOBJECT_USERGROUPS_TITLE=Users and Groups
+CMSRESOURCEOBJECT_ISSUANCEPOLICIES_TITLE=Issuance Policies
+CMSRESOURCEOBJECT_REVOCATIONPOLICIES_TITLE=Revocation Policies
+CMSRESOURCEOBJECT_ESCROWPOLICIES_TITLE=Key Policies
+CMSRESOURCEOBJECT_RECOVERYPOLICIES_TITLE=Recovery Policies
+CMSRESOURCEOBJECT_EXTENSIONS_TITLE=Extensions
+CMSRESOURCEOBJECT_CRLEXTENSIONS_TITLE=CRL Extensions
+CMSRESOURCEOBJECT_CRLIPS_TITLE=CRL Issuing Points
+CMSRESOURCEOBJECT_OCSPSTORES_TITLE=Revocation Info Stores
+CMSRESOURCEOBJECT_BACKUP_TITLE=Backup and Restore
+CMSRESOURCEOBJECT_PUBLISHING_TITLE=Publishing
+CMSRESOURCEOBJECT_PUBLISHERS_TITLE=Publishers
+CMSRESOURCEOBJECT_MAPPERS_TITLE=Mappers
+CMSRESOURCEOBJECT_RULES_TITLE=Rules
+CMSRESOURCEOBJECT_GATEWAY_TITLE=Gateway
+CMSRESOURCEOBJECT_CAREPOSITORIES_TITLE=Certificate Service
+CMSRESOURCEOBJECT_CAREQUESTS_TITLE=Certificate Requests
+CMSRESOURCEOBJECT_CACERTIFICATE_TITLE=Certificates
+CMSRESOURCEOBJECT_CAACL_TITLE=Certificate Authority
+CMSRESOURCEOBJECT_RAREPOSITORIES_TITLE=Registration Service
+CMSRESOURCEOBJECT_RAREQUESTS_TITLE=Certificate Requests
+CMSRESOURCEOBJECT_RACERTIFICATE_TITLE=Certificates
+CMSRESOURCEOBJECT_RAACL_TITLE=Registration Service
+CMSRESOURCEOBJECT_EAREPOSITORIES_TITLE=Key Service
+CMSRESOURCEOBJECT_EAREQUESTS_TITLE=Key Requests
+CMSRESOURCEOBJECT_EAKEY_TITLE=Keys
+CMSRESOURCEOBJECT_EAACL_TITLE=Key Service
+CMSRESOURCEOBJECT_CCMACL_TITLE=Centralized Management
+UILOADERREGISTRY_NOMATCHINGUILOADER=No UI loader registered with this sub-system type
+CMSPAGEFEEDER_CONFIGURATION=Configuration
+CMSPAGEFEEDER_SERVERNAME=Dogtag Certificate System
+CMSPAGEFEEDER_CONTENT=Repositories
+CMSPAGEFEEDER_STATUS=Status
+CMSPAGEFEEDER_IDENTITYANDROLES=Authentication
+CMSPAGEFEEDER_PERMISSION=Permission
+CMSPAGEFEEDER_ACCESSCONTROLLIST=Access Control
+CMSPAGEFEEDER_RESOURCE_TAB_NOT_FOUND=Resource tab type specified not found
+CGITASK_DIALOG_SERVERDOWN_MESSAGE=Failed to contact the administration server
+CGITASK_DIALOG_SERVERDOWN_TITLE=Error
+CGITASK_DIALOG_CMSDOWN_MESSAGE=Failed to contact the Certificate System. The server may be down or the information you've specified is incorrect. Please check the host name, port number, and SSL selection, and make sure the server is started and is accessible from this machine.
+CGITASK_DIALOG_CMSDOWN_TITLE=Error
+CGITASK_DIALOG_WRONGSERVER_MESSAGE=You are trying to contact a CS agent port or a server that's not CS. We only support automatic submission requests to a Dogtag Certificate System EE port. Please check the host name, port number, and SSL selection, and make sure the server is started and is accessible from this machine.
+CGITASK_DIALOG_WRONGSERVER_TITLE=Error
+CGITASK_DIALOG_UNKNOWNALG_MESSAGE=The 'SSL server certificate' of the CS to which you attempted to submit the request corresponds to a DSA key or has been signed by a CA with DSA key.  Because this version of Console does not support DSA, you cannot use the auto-submit feature of the wizard to automatically submit the request to the CA's HTTPS port for end-entity enrollments. Instead, you should use the manual method of request submission -- that is, copy the base-64 encoded certificate request, go to the CS's end-entity enrollment page (HTTPS), open the appropriate form, paste the certificate request, and submit the completed request to the CS. \n\n Alternatively, if you must use the auto-submit feature, you can change the CS's configuration to accept certificate-enrollment requests on the end-entity HTTP (non-secure) port and then auto-submit the request. If you have already done so, simply specify the end-entity HTTP port and uncheck the secure server selection.
+CGITASK_DIALOG_UNKNOWNALG_TITLE=Error
+CGITASK_DIALOG_REJECTCERT_MESSAGE=You rejected the Certificate System's server certificate. You can not send the certificate request via the SSL secure EE port.
+CGITASK_DIALOG_PROGRESS_CREATESUB=Creating Subsystem ...
+CGITASK_DIALOG_PROGRESS_CREATEREPLICATIONAGREEMENT=Setting up a replication agreement ...
+CGITASK_DIALOG_PROGRESS_CREATEDB=Creating internal database ...
+CGITASK_DIALOG_PROGRESS_CONFIGDB=Configuring internal database ...
+CGITASK_DIALOG_PROGRESS_CONNECTDB=Connecting to the master database ...
+CGITASK_DIALOG_PROGRESS_INITTOKEN=Initializing Token ...
+CGITASK_DIALOG_PROGRESS_CREATECERT=Creating Certificate ...
+CGITASK_DIALOG_PROGRESS_CREATESSON=Creating Single Sign-On Password Database...
+CGITASK_DIALOG_PROGRESS_CREATEREQ=Creating Certificate Request ...
+TASKSTATUS_STATUS_LABEL=Get Status of the Server
+TASKSTATUS_STATUS_DESC=Get Status of the Certificate Server
+TASKRESTART_RESTART_LABEL=Restart the Server
+TASKRESTART_RESTART_DESC=Restart the Certificate Server
+TASKRESTART_DIALOG_RESTARTED_MESSAGE=Server Restarted
+TASKRESTART_DIALOG_RESTARTED_TITLE=Restart Server
+TASKSTART_START_LABEL=Start the Server
+TASKSTART_START_DESC=Start the Certificate Server
+TASKSTART_DIALOG_STARTED_MESSAGE=Server Started
+TASKSTART_DIALOG_STARTED_TITLE=Start Server
+TASKREMOVE_REMOVE_LABEL=Remove the Server
+TASKREMOVE_REMOVE_DESC=Remove the Certificate Server
+TASKREMOVE_DIALOG_REMOVED_MESSAGE=Server Removed
+TASKREMOVE_DIALOG_REMOVED_TITLE=Remove Server
+TASKSTOP_STOP_LABEL=Stop the Server
+TASKSTOP_STOP_DESC=Stop the Certificate Server.
+TASKSTOP_DIALOG_STOPPED_MESSAGE=Server Stopped
+TASKSTOP_DIALOG_STOPPED_TITLE=Stop Server
+TASKKEYCERT_KEYCERT_LABEL=Certificate Setup Wizard
+TASKKEYCERT_KEYCERT_DESC=Set up keys and certificates
+TASKKEYCERT_KEYCERT_TITLE=Certificate Setup Wizard
+SERVER_DIALOG_RESTART_TITLE=Server Message
+SERVER_DIALOG_RESTART_MESSAGE=Configuration changes are now committed. Please restart the server for the changes to take effect.
+SERVICE_TITLE=Service Ports
+SERVICE_LABEL_PORT_LABEL=Port:
+SERVICE_LABEL_SSLPORT_LABEL=SSL port:
+SERVICE_BORDER_CONNECTIVITY_LABEL=Connectivity
+NETWORK_TITLE=Network
+NETWORK_BORDER_ADMIN_LABEL=Administration
+NETWORK_BORDER_AGENT_LABEL=Agent
+NETWORK_BORDER_EE_LABEL=End-Entity
+NETWORK_LABEL_ADMINSSLPORT_LABEL=SSL port:
+NETWORK_DIALOG_BLANKFIELD_MESSAGE=No fields can be blank!
+NETWORK_DIALOG_BLANKFIELD_TITLE=Error
+NETWORK_DIALOG_NEGATIVE_TITLE=Error
+NETWORK_DIALOG_NEGATIVE_MESSAGE=Backlog number must be greater than zero
+NETWORK_DIALOG_NUMBERFORMAT_MESSAGE=Port numbers must be integers!
+NETWORK_DIALOG_NUMBERFORMAT_TITLE=Number Format Error
+NETWORK_DIALOG_PORTRANGE_MESSAGE=Valid port numbers are between 1 and 65535 inclusive!
+NETWORK_DIALOG_PORTRANGE_TITLE=Port Number Out Of Range
+NETWORK_DIALOG_RESTART_TITLE=Restart Server
+NETWORK_DIALOG_RESTART_MESSAGE=To activate new port settings, please restart the server!
+NETWORK_LABEL_GATEWAYSSLPORT_LABEL=SSL port:
+NETWORK_LABEL_AGENTSSLPORT_LABEL=SSL Port:
+NETWORK_LABEL_GATEWAYPORT_LABEL=Port:
+NETWORK_LABEL_ADMINBACKLOG_LABEL=Backlog:
+NETWORK_LABEL_EEBACKLOG_LABEL=Backlog:
+NETWORK_LABEL_SECUREEEBACKLOG_LABEL=Backlog:
+NETWORK_LABEL_SECUREAGENTBACKLOG_LABEL=Backlog:
+NETWORK_LABEL_ENABLED_LABEL=Enable:
+PASSWORDDIST_TITLE=Password Distribution
+PASSWORDDIST_BORDER_DISTRIBUTION_LABEL=Distribution Setting
+PASSWORDDIST_CHECKBOX_MAIL_LABEL=Send password to user via email
+PASSWORDDIST_CHECKBOX_MAIL_TTIP=E-mail notification with password automatically delivered to user
+PASSWORDDIST_CHECKBOX_LOCAL_LABEL=Store a copy of password locally
+PASSWORDDIST_CHECKBOX_LOCAL_TTIP=Save password locally for later retrieval
+PASSWORDDIST_DIALOG_SELECTONE_MESSAGE=You must select at least one distribution method!
+PASSWORDDIST_DIALOG_SELECTONE_TITLE=Error
+EAGENERAL_TITLE=General Settings
+EAGENERAL_BORDER_AGENTS_LABEL=Recovery Agents
+EAGENERAL_LABEL_NUMBER_LABEL=Required Number of Agents:
+EAGENERAL_DIALOG_NUMBERRANGE_MESSAGE=Number of required agents must be greater than 0!
+EAGENERAL_DIALOG_NUMBERRANGE_TITLE=Error
+EAGENERAL_DIALOG_NUMBERFORMAT_TITLE=Error
+EAGENERAL_DIALOG_NUMBERFORMAT_MESSAGE=Number of required agents must be an integer!
+EAGENERAL_DIALOG_BLANKFIELD_MESSAGE=Number of required agents must be specified!
+EAGENERAL_DIALOG_BLANKFIELD_TITLE=Error
+RAGENERAL_TITLE=General Settings
+RAGENERAL_BORDER_PARAMETERS_LABEL=Web Access
+RAGENERAL_CHECKBOX_EE_LABEL=Enable end-entity interaction
+RAGENERAL_CHECKBOX_EE_TTIP=Enable end-entity interaction
+RAGENERAL_CHECKBOX_RA_LABEL=Enable registration authority interaction
+RAGENERAL_CHECKBOX_RA_TTIP=Enable registration authority interaction
+OCSPGENERAL_TITLE=General Settings
+OCSPGENERAL_BORDER_SIGNING_LABEL=Default Signing Algorithm
+OCSPGENERAL_LABEL_ALGORITHM_LABEL=Algorithm:
+OCSPGENERAL_COMBOBOX_ALGORITHM_VALUE_0=MD2 with RSA
+OCSPGENERAL_COMBOBOX_ALGORITHM_VALUE_1=MD5 with RSA
+OCSPGENERAL_COMBOBOX_ALGORITHM_VALUE_2=SHA1 with RSA
+OCSPGENERAL_COMBOBOX_ALGORITHM_VALUE_3=SHA256 with RSA
+OCSPGENERAL_COMBOBOX_ALGORITHM_VALUE_4=SHA512 with RSA
+OCSPGENERAL_COMBOBOX_ALGORITHM_VALUE_5=SHA1 with DSA
+CAGENERAL_TITLE=General Settings
+CAGENERAL_BORDER_INTERACTION_LABEL=Web Access
+CAGENERAL_CHECKBOX_EE_LABEL=Enable end-entity interaction
+CAGENERAL_CHECKBOX_EE_TTIP=Enable end-entity interaction
+CAGENERAL_BORDER_SIGNING_LABEL=Default Signing Algorithm
+CAGENERAL_LABEL_ALGORITHM_LABEL=Algorithm:
+CAGENERAL_LABEL_ALGORITHM_TTIP=Specify the default signing algorithm for CA signing certificate
+CAGENERAL_COMBOBOX_ALGORITHM_VALUE_0=MD2 with RSA
+CAGENERAL_COMBOBOX_ALGORITHM_VALUE_1=MD5 with RSA
+CAGENERAL_COMBOBOX_ALGORITHM_VALUE_2=SHA1 with RSA
+CAGENERAL_COMBOBOX_ALGORITHM_VALUE_3=SHA256 with RSA
+CAGENERAL_COMBOBOX_ALGORITHM_VALUE_4=SHA512 with RSA
+CAGENERAL_COMBOBOX_ALGORITHM_VALUE_5=SHA1 with DSA
+CAGENERAL_BORDER_SERIAL_LABEL=Certificate Serial Number
+CAGENERAL_LABEL_SERIAL_LABEL=Next Serial Number: (0x)
+CAGENERAL_LABEL_SERIAL_TTIP=Specify the next serial number of the certificate that the CA issues
+CAGENERAL_BORDER_MAXSERIAL_LABEL=Ending Serial Number
+CAGENERAL_LABEL_MAXSERIAL_LABEL=Ending Serial Number: (0x)
+CAGENERAL_LABEL_MAXSERIAL_TTIP=Specify the ending serial number of the certificate that the CA can issue
+CAGENERAL_BORDER_VALIDITY_LABEL=Certificate Validity
+CAGENERAL_CHECKBOX_VALIDITY_LABEL=Override validity nesting requirement
+CAGENERAL_CHECKBOXL_VALIDITY_TTIP=Allow CA to issue certificates with validity beyond that of the CA's signing certificate
+CAGENERAL_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+CAGENERAL_DIALOG_NUMBERFORMAT_TITLE=Error
+CAGENERAL_CHECKBOX_RA_LABEL=Enable registration authority interaction
+CAGENERAL_CHECKBOX_RA_TTIP=Enable registration authority interaction
+CAGENERAL_LABEL_RA_LABEL=Group:
+CAGENERAL_LABEL_RA_TTIP=Select a group containing the remote registration authorities to be connected to the current Certificate Authority
+RACLM_TITLE=Certificate Life Cycle Management
+RACLM_BORDER_CLMRENEWAL_LABEL=Renewal
+RACLM_BORDER_CLMRENEWALNOTIFY_LABEL=Renewal Notification
+RACLM_CHECKBOX_RENEWENABLED_LABEL=Enable CLM renewal
+RACLM_CHECKBOX_RENEWENABLED_TTIP=Enable/Disable CLM renewal
+RACLM_CHECKBOX_NOTIFIED_LABEL=Enable CLM renewal notification
+RACLM_CHECKBOX_NOTIFIED_TTIP=Enable/Disable CLM renewal notification
+RACLM_LABEL_VALID_LABEL=Renewal Validity:
+RACLM_LABEL_VALID_TTIP=Specify how long the renewal is valid for
+RACLM_LABEL_EMAIL_LABEL=Email:
+RACLM_LABEL_EMAIL_TTIP=Specify email address to which the notification is sent
+RACLM_LABEL_NUMNOTIFIED_LABEL=Number of notifications:
+RACLM_LABEL_NUMNOTIFIED_TTIP=Specify number of notifications being sent before expiration
+RACLM_LABEL_INTERVAL_LABEL=Notification Interval:
+RACLM_LABEL_INTERVAL_TTIP=Specify how often the notification gets sent before expiration
+RACLM_LABEL_DAYS_LABEL=days
+RACLM_DIALOG_NUMBERFORMAT_TITLE=Error
+RACLM_DIALOG_NUMBERFORMAT_MESSAGE=Fields must be in integer!
+RANOTIFICATION_TITLE=Warning Notification
+RANOTIFICATION_BORDER_NOTIFICATION_LABEL=Email Notification
+RANOTIFICATION_CHECKBOX_ENABLE_LABEL=Enable email notification
+RANOTIFICATION_CHECKBOX_ENABLE_TTIP=Enable the auto administrator notification
+RANOTIFICATIN_LABEL_EMAIL_LABEL=Email:
+RANOTIFICATION_LABEL_EMAIL_TTIP=Administrator email address
+RANOTIFICATION_CHECKBOX_EXPIRATION_LABEL=Certificate Expiration Notification
+RANOTIFICATION_CHECKBOX_EXPIRATION_TTIP=Send advance notification to administrator before a user certificate expires
+RANOTIFICATION_CHECKBOX_RENEWAL_LABEL=Certificate Renewal Notification
+RANOTIFICATION_CHECKBOX_RENEWAL_TTIP=Send advance notification to administrator for user certificate renewal
+RANOTIFICATION_DIALOG_BLANKFIELD_MESSAGE=Email address must be specified!
+RANOTIFICATION_DIALOG_BLANKFIELD_TITLE=Error
+RANOTIFICATION_DIALOG_NOSELECTION_MESSAGE=You must select at least one kind of notification!
+RANOTIFICATION_DIALOG_NOSELECTION_TITLE=Selection Required
+NOTIFICATION_TITLE=Warning Notification
+NOTIFICATION_BORDER_NOTIFICATION_LABEL=Email Notification
+NOTIFICATION_CHECKBOX_ENABLE_LABEL=Enable email notification
+NOTIFICATION_CHECKBOX_ENABLE_TTIP=Enable the auto administrator notification
+NOTIFICATION_LABEL_EMAIL_LABEL=Email:
+NOTIFICATION_LABEL_EMAIL_TTIP=Administrator email address
+NOTIFICATION_CHECKBOX_EXPIRATION_LABEL=Certificate Expiration Notification
+NOTIFICATION_CHECKBOX_EXPIRATION_TTIP=Send advance notification to administrator before a user certificate expires
+NOTIFICATION_CHECKBOX_RENEWAL_LABEL=Certificate Renewal Notification
+NOTIFICATION_CHECKBOX_RENEWAL_TTIP=Send advance notification to administrator for user certificate renewal
+NOTIFICATION_DIALOG_BLANKFIELD_MESSAGE=Email address must be specified!
+NOTIFICATION_DIALOG_BLANKFIELD_TITLE=Error
+NOTIFICATION_DIALOG_NOSELECTION_MESSAGE=You must select at least one kind of notification!
+NOTIFICATION_DIALOG_NOSELECTION_TITLE=Selection Required
+CONNECTOR_TITLE=Connectors
+CONNECTOR_LABEL_CONNLIST_LABEL=List of connectors:
+CONNECTOR_LABEL_CONNLIST_TTIP=List all of the existing connectors
+CONNECTOR_BUTTON_REFRESH_LABEL=Refresh
+CONNECTOR_BUTTON_REFRESH_TTIP=Refresh the panel
+CONNECTOR_BUTTON_HELP_LABEL=Help
+CONNECTOR_BUTTON_HELP_TTIP=Online help
+CONNECTOR_BUTTON_EDIT_LABEL=Edit
+CONNECTOR_BUTTON_EDIT_TTIP=Edit the selected connector
+CACONNECTOR_TITLE=Connectors
+CACONNECTOR_LABEL_CONNLIST_LABEL=List of connectors:
+CACONNECTOR_LABEL_CONNLIST_TTIP=List all of the existing connectors
+CACONNECTOR_BUTTON_REFRESH_LABEL=Refresh
+CACONNECTOR_BUTTON_REFRESH_TTIP=Refresh the panel
+CACONNECTOR_BUTTON_HELP_LABEL=Help
+CACONNECTOR_BUTTON_HELP_TTIP=Online help
+CACONNECTOR_BUTTON_EDIT_LABEL=Edit
+CACONNECTOR_BUTTON_EDIT_TTIP=Edit the selected connector
+CONNECTOREDITOR_TITLE=Edit Connector
+CONNECTOREDITOR_LABEL_CONNECTORNAME_LABEL=Connector name:
+CONNECTOREDITOR_LABEL_CONNECTORNAME_TTIP=The name of the connector
+CONNECTOREDITOR_CHECKBOX_ENABLE_LABEL=Enable
+CONNECTOREDITOR_RADIOBUTTON_LOCAL_LABEL=Colocated
+CONNECTOREDITOR_RADIOBUTTON_REMOTE_LABEL=Remote
+CONNECTOREDITOR_LABEL_NICKNAME_LABEL=Nickname:
+CONNECTOREDITOR_TEXT_CERTHEADING_LABEL=Please select a certificate from the following table for SSL client authentication:
+CONNECTOREDITOR_LABEL_LOCALID_LABEL=Server ID:
+CONNECTOREDITOR_LABEL_URI_LABEL=URI:
+CONNECTOREDITOR_LABEL_HOST_LABEL=Host:
+CONNECTOREDITOR_LABEL_PORT_LABEL=Port:
+CONNECTOREDITOR_LABEL_TIMEOUT_LABEL=Timeout (Sec.):
+CONNECTOREDITOR_LABEL_TIMEUNIT_LABEL=(Seconds)
+CONNECTOREDITOR_BUTTON_OK_LABEL=OK
+CONNECTOREDITOR_BUTTON_CANCEL_LABEL=Cancel
+CONNECTOREDITOR_BUTTON_HELP_LABEL=Help
+CONNECTOREDITOR_DIALOG_NONINTEGER_TITLE=Error
+CONNECTOREDITOR_DIALOG_NONINTEGER_MESSAGE=Port number must be an integer
+CONNECTOREDITOR_DIALOG_TIMEOUTNONINTEGER_TITLE=Error
+CONNECTOREDITOR_DIALOG_TIMEOUTNONINTEGER_MESSAGE=Timeout must be an integer
+CONNECTOREDITOR_DIALOG_TIMEOUTOUTOFRANGE_TITLE=Error
+CONNECTOREDITOR_DIALOG_TIMEOUTOUTOFRANGE_MESSAGE=Timeout must be greater than or equal to zero
+CONNECTOREDITOR_DIALOG_OUTOFRANGE_TITLE=Error
+CONNECTOREDITOR_DIALOG_OUTOFRANGE_MESSAGE=Port number must be greater than zero
+CACONNECTORSETTING_TITLE=CA
+CACONNECTORSETTING_RADIOBUTTON_LOCAL_LABEL=Local host
+CACONNECTORSETTING_RADIOBUTTON_LOCAL_TTIP=Specify if the CA is on the local host
+CACONNECTORSETTING_LABEL_LOCALID_LABEL=ID:
+CACONNECTORSETTING_LABEL_LOCALID_TTIP=Specify the ID of the CA to which the RA wants to connect
+CACONNECTORSETTING_RADIOBUTTON_REMOTE_LABEL=Remote host
+CACONNECTORSETTING_RADIOBUTTON_REMOTE_TTIP=Specify if the CA is on a remote host
+CACONNECTORSETTING_LABEL_HOST_LABEL=Host name:
+CACONNECTORSETTING_LABEL_HOST_TTIP=Specify the host name where the CA resides
+CACONNECTORSETTING_LABEL_PORT_LABEL=Port number:
+CACONNECTORSETTING_LABEL_PORT_TTIP=Specify the CA port
+CACONNECTORSETTING_LABEL_TIMEOUT_LABEL=Timeout:
+CACONNECTORSETTING_LABEL_TIMEOUT_TTIP=Specify timeout value
+RALDAPSETTING_TITLE=General
+RALDAPSETTING_BORDER_DESTINATION_LABEL=Destination
+RALDAPSETTING_CHECKBOX_ENABLE_LABEL=Enable Default LDAP Connection
+RALDAPSETTING_CHECKBOX_ENABLE_TTIP=Enable/Disable LDAP Publishing
+RALDAPSETTING_CHECKBOX_ENABLEPUBLISHING_LABEL=Enable Publishing
+RALDAPSETTING_CHECKBOX_ENABLEPUBLISHING_TTIP=Enable/Disable Publishing
+RALDAPSETTING_LABEL_HOST_LABEL=Host name:
+RALDAPSETTING_LABEL_HOST_TTIP=Specify LDAP host name
+RALDAPSETTING_LABEL_PORT_LABEL=Port number:
+RALDAPSETTING_LABEL_PORT_TTIP=Specify LDAP port number
+RALDAPSETTING_CHECKBOX_SECUREPORT_LABEL=Use SSL communication
+RALDAPSETTING_CHECKBOX_SECUREPORT_TTIP=Specify if LDAP port is secure
+RALDAPSETTING_LABEL_BASEDN_LABEL=Base DN:
+RALDAPSETTING_LABEL_BASEDN_TTIP=Specify the LDAP base DN
+RALDAPSETTING_LABEL_BINDAS_LABEL=Directory manager DN:
+RALDAPSETTING_LABEL_BINDAS_TTIP=Specify the LDAP bind DN
+RALDAPSETTING_LABEL_VERSION_LABEL=LDAP version:
+RALDAPSETTING_LABEL_VERSION_TTIP=Specify the LDAP version
+RALDAPSETTING_COMBOBOX_VERSION_VALUE_0=2
+RALDAPSETTING_COMBOBOX_VERSION_VALUE_1=3
+RALDAPSETTING_LABEL_AUTHTYPE_LABEL=Authentication:
+RALDAPSETTING_LABEL_AUTHTYPE_TTIP=Specify the authentication type used to authenticate to the directory server for LDAP publishing
+RALDAPSETTING_COMBOBOX_AUTHTYPE_VALUE_0=Basic authentication
+RALDAPSETTING_COMBOBOX_AUTHTYPE_VALUE_1=SSL client authentication
+RALDAPSETTING_LABEL_PWD_LABEL=Password:
+RALDAPSETTING_LABEL_PWD_TTIP=Specify the LDAP bind password
+RALDAPSETTING_LABEL_PWDAGAIN_TTIP=Specify the LDAP bind password again
+RALDAPSETTING_LABEL_CERTLIST_LABEL=Client Certificate:
+RALDAPSETTING_LABEL_CERTLIST_TTIP=Specify a client certificate for SSL client authentication
+RALDAPSETTING_DIALOG_NUMBERFORMAT_TITLE=Error
+RALDAPSETTING_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+RALDAPSETTING_DIALOG_PASSWD_TITLE=Error
+RALDAPSETTING_DIALOG_PASSWD_MESSAGE=Failed to verify the password!
+RALDAPSETTING_DIALOG_BLANKFIELD_TITLE=Error
+RALDAPSETTING_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+RALDAPSETTING_DIALOG_UNMATCHEDPASSWD_TITLE=Error
+RALDAPSETTING_DIALOG_EMPTYPASSWD_TITLE=Error
+RALDAPSETTING_DIALOG_EMPTYPASSWD_MESSAGE=Blank password is not allowed
+RALDAPSETTING_DIALOG_SSLERROR_TITLE=Error
+RALDAPSETTING_DIALOG_SSLERROR_MESSAGE=Need to enable SSL if SSL client authentication is selected
+CALDAPSETTING_TITLE=General
+CALDAPSETTING_BORDER_DESTINATION_LABEL=Destination
+CALDAPSETTING_CHECKBOX_ENABLEPUBLISHING_LABEL=Enable Publishing
+CALDAPSETTING_CHECKBOX_ENABLEPUBLISHING_TTIP=Enable/Disable Publishing
+CALDAPSETTING_CHECKBOX_ENABLEQUEUE_LABEL=Enable Publishing Queue
+CALDAPSETTING_CHECKBOX_ENABLEQUEUE_TTIP=Enable/Disable Publishing Queue
+CALDAPSETTING_CHECKBOX_ENABLE_LABEL=Enable Default LDAP Connection
+CALDAPSETTING_CHECKBOX_ENABLE_TTIP=Enable/Disable LDAP Publishing
+CALDAPSETTING_LABEL_HOST_LABEL=Host name:
+CALDAPSETTING_LABEL_HOST_TTIP=Specify LDAP host name
+CALDAPSETTING_LABEL_PORT_LABEL=Port number:
+CALDAPSETTING_LABEL_PORT_TTIP=Specify LDAP port number
+CALDAPSETTING_CHECKBOX_SECUREPORT_LABEL=Use SSL communication
+CALDAPSETTING_CHECKBOX_SECUREPORT_TTIP=Specify if LDAP port is secure
+CALDAPSETTING_LABEL_BASEDN_LABEL=Base DN:
+CALDAPSETTING_LABEL_BASEDN_TTIP=Specify the LDAP base DN
+CALDAPSETTING_LABEL_BINDAS_LABEL=Directory manager DN:
+CALDAPSETTING_LABEL_BINDAS_TTIP=Specify the LDAP bind DN
+CALDAPSETTING_LABEL_VERSION_LABEL=LDAP version:
+CALDAPSETTING_LABEL_VERSION_TTIP=Specify the LDAP version
+CALDAPSETTING_COMBOBOX_VERSION_VALUE_0=2
+CALDAPSETTING_COMBOBOX_VERSION_VALUE_1=3
+CALDAPSETTING_LABEL_AUTHTYPE_LABEL=Authentication:
+CALDAPSETTING_LABEL_AUTHTYPE_TTIP=Specify the authentication type used to authenticate to the directory server for LDAP publishing
+CALDAPSETTING_COMBOBOX_AUTHTYPE_VALUE_0=Basic authentication
+CALDAPSETTING_COMBOBOX_AUTHTYPE_VALUE_1=SSL client authentication
+CALDAPSETTING_LABEL_PWD_LABEL=Password:
+CALDAPSETTING_LABEL_PWD_TTIP=Specify the LDAP bind password
+CALDAPSETTING_LABEL_PWDAGAIN_TTIP=Specify the LDAP bind password again
+CALDAPSETTING_LABEL_CERTLIST_LABEL=Client Certificate:
+CALDAPSETTING_LABEL_CERTLIST_TTIP=Specify a client certificate for SSL client authentication
+CALDAPSETTING_DIALOG_NUMBERFORMAT_TITLE=Error
+CALDAPSETTING_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+CALDAPSETTING_DIALOG_PASSWD_TITLE=Error
+CALDAPSETTING_DIALOG_PASSWD_MESSAGE=Failed to verify the password!
+CALDAPSETTING_DIALOG_BLANKFIELD_TITLE=Error
+CALDAPSETTING_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+CALDAPSETTING_DIALOG_UNMATCHEDPASSWD_TITLE=Error
+CALDAPSETTING_DIALOG_EMPTYPASSWD_TITLE=Error
+CALDAPSETTING_DIALOG_EMPTYPASSWD_MESSAGE=Blank password is not allowed
+CALDAPSETTING_DIALOG_SSLERROR_TITLE=Error
+CALDAPSETTING_DIALOG_SSLERROR_MESSAGE=Need to enable SSL if SSL client authentication is selected
+CRLSETTING_TITLE=Updates
+CRLSETTING_BORDER_FREQ_LABEL=Update Frequency
+CRLSETTING_BORDER_SCHEMA_LABEL=Update Schema
+CRLSETTING_CHECKBOX_ALWAYS_LABEL=Every time a certificate is revoked or released from hold
+CRLSETTING_CHECKBOX_FREQ_LABEL=Update CRL every
+CRLSETTING_CHECKBOX_DAILY_LABEL=Update CRL at
+CRLSETTING_LABEL_CRL_LABEL=Enable CRL generation:
+CRLSETTING_LABEL_GENERATION_LABEL=Generate full CRL every
+CRLSETTING_LABEL_DELTAS_LABEL=delta(s).
+CRLSETTING_LABEL_NEXTTIME_LABEL=Extend next update time in full CRLs
+CRLSETTING_LABEL_MINUTES_LABEL=minutes
+CRLSETTING_LABEL_GRACEPERIOD_LABEL=Next update grace period
+CRLSETTING_DIALOG_UPDATES_TITLE=Error
+CRLSETTING_DIALOG_UPDATES_MESSAGE=You are required to select at least one form of CRL updates.
+CRLSETTING_DIALOG_BLANKSCHEMA_TITLE=Error
+CRLSETTING_DIALOG_BLANKSCHEMA_MESSAGE=Update schema must be specified!
+CRLSETTING_DIALOG_SCHEMANUMBER_TITLE=Number Format Error
+CRLSETTING_DIALOG_SCHEMANUMBER_MESSAGE=Update schema must be a positive integer!
+CRLSETTING_DIALOG_BLANKDAILY_TITLE=Error
+CRLSETTING_DIALOG_BLANKDAILY_MESSAGE=Time list for CRL updates must be specified!
+CRLSETTING_DIALOG_DAILYFORMAT_TITLE=Error
+CRLSETTING_DIALOG_DAILYFORMAT_MESSAGE=Time list has invalid format!
+CRLSETTING_DIALOG_BLANKFREQ_TITLE=Error
+CRLSETTING_DIALOG_BLANKFREQ_MESSAGE=Update frequency must be specified!
+CRLSETTING_DIALOG_FREQNUMBER_TITLE=Number Format Error
+CRLSETTING_DIALOG_FREQNUMBER_MESSAGE=Update frequency must be a positive integer!
+CRLSETTING_DIALOG_INTERVALTOBIG_TITLE=Interval Size Error
+CRLSETTING_DIALOG_INTERVALTOBIG_MESSAGE=Update interval doesn't fit in a single day!
+CRLSETTING_DIALOG_BLANKGRACE_TITLE=Error
+CRLSETTING_DIALOG_BLANKGRACE_MESSAGE=Grace period must be specified!
+CRLSETTING_DIALOG_GRACENUMBER_TITLE=Number Format Error
+CRLSETTING_DIALOG_GRACENUMBER_MESSAGE=Grace period must be a positive integer!
+CRLCACHE_TITLE=Cache
+CRLCACHE_BORDER_CACHE_LABEL=CRL Cache
+CRLCACHE_LABEL_CACHE_LABEL=Enable CRL cache:
+CRLCACHE_LABEL_INTERVAL_LABEL=Save cache every
+CRLCACHE_LABEL_MINUTES_LABEL=minutes
+CRLCACHE_LABEL_RECOVERY_LABEL=Enable cache recovery:
+CRLCACHE_LABEL_TEST_LABEL=Enable CRL cache testing:
+CRLCACHE_DIALOG_BLANKFIELD_TITLE=Error
+CRLCACHE_DIALOG_BLANKFIELD_MESSAGE=Cache update frequency must be specified!
+CRLCACHE_DIALOG_NUMBERFORMAT_TITLE=Number Format Error
+CRLCACHE_DIALOG_NUMBERFORMAT_MESSAGE=Cache update frequency must be a positive integer!
+CRLFORMAT_TITLE=Format
+CRLFORMAT_BORDER_FORMAT_LABEL=CRL Format
+CRLFORMAT_BORDER_CONTENTS_LABEL=CRL Contents
+CRLFORMAT_LABEL_EXT_LABEL=Allow extensions for CRLs v2:
+CRLFORMAT_CHECKBOX_EXPIRED_LABEL=Include expired certificates
+CRLFORMAT_CHECKBOX_ONEEXTRATIME_LABEL=Include certificates one extra time after their expiration
+CRLFORMAT_CHECKBOX_CACERTSONLY_LABEL=CA certificates only
+CRLFORMAT_CHECKBOX_PROFILECERTSONLY_LABEL=Certificates issued according to profiles:
+CRLFORMAT_LABEL_MESSAGEDIGEST_LABEL=Revocation list signing algorithm:
+CRLFORMAT_COMBOBOX_MESSAGEDIGEST_VALUE_0=MD2 with RSA
+CRLFORMAT_COMBOBOX_MESSAGEDIGEST_VALUE_1=MD5 with RSA
+CRLFORMAT_COMBOBOX_MESSAGEDIGEST_VALUE_2=SHA1 with RSA
+CRLFORMAT_COMBOBOX_MESSAGEDIGEST_VALUE_3=SHA256 with RSA
+CRLFORMAT_COMBOBOX_MESSAGEDIGEST_VALUE_4=SHA512 with RSA
+CRLFORMAT_COMBOBOX_MESSAGEDIGEST_VALUE_5=SHA1 with DSA
+CRLFORMAT_DIALOG_BLANKPROFILELIST_TITLE=Error
+CRLFORMAT_DIALOG_BLANKPROFILELIST_MESSAGE=Profile list is empty!
+CRLFORMAT_DIALOG_PROFILELISTFORMAT_TITLE=Error
+CRLFORMAT_DIALOG_PROFILELISTFORMAT_MESSAGE=Profile list has invalid format!
+CRLIPS_TITLE=CRL Issuing Points
+CRLIPS_LABEL_CRLIPLIST_LABEL=List of CRL issuing points:
+CRLIPS_LABEL_CRLIPLIST_TTIP=List all of the existing CRL issuing points
+CRLIPS_BUTTON_REFRESH_LABEL=Refresh
+CRLIPS_BUTTON_REFRESH_TTIP=Refresh the panel
+CRLIPS_BUTTON_HELP_LABEL=Help
+CRLIPS_BUTTON_HELP_TTIP=Online help
+CRLIPS_BUTTON_ADD_LABEL=Add
+CRLIPS_BUTTON_ADD_TTIP=Add new CRL issuing point
+CRLIPS_BUTTON_EDIT_LABEL=Edit
+CRLIPS_BUTTON_EDIT_TTIP=Edit the selected CRL issuing point
+CRLIPS_BUTTON_DELETE_LABEL=Delete
+CRLIPS_BUTTON_DELETE_TTIP=Delete selected CRL issuing point
+CRLIPS_DIALOG_DELETE_MESSAGE=Do you want to delete this CRL issuing point?
+CRLIPS_DIALOG_DELETE_TITLE=Warning
+CRLIPEDITOR_TITLE=CRL Issuing Point Editor
+CRLIPEDITOR_LABEL_CRLIPNAME_LABEL=CRL issuing point name:
+CRLIPEDITOR_LABEL_CRLIPNAME_TTIP=The name of the CRL issuing point
+CRLIPEDITOR_CHECKBOX_ENABLE_LABEL=Enable
+CRLIPEDITOR_LABEL_DESCRIPTION_LABEL=Description:
+CRLIPEDITOR_BUTTON_OK_LABEL=OK
+CRLIPEDITOR_BUTTON_CANCEL_LABEL=Cancel
+CRLIPEDITOR_BUTTON_HELP_LABEL=Help
+CACERTSETTING_TITLE=CA Certificate
+CACERTSETTING_LABEL_MAPPER_LABEL=Mapper:
+CACERTSETTING_LABEL_MAPPER_TTIP=Specify mapping rules for publishing CA certificates
+CACERTSETTING_COMBOBOX_MAPPER_VALUE_0=Map by DN compositions
+CACERTSETTING_COMBOBOX_MAPPER_VALUE_1=Map by known subject name
+CACERTSETTING_LABEL_PUBLISHER_LABEL=Publisher:
+CACERTSETTING_LABEL_PUBLISHER_TTIP=Specify a publishing rule to publish CA certificates to the directory
+CACERTSETTING_COMBOBOX_PUBLISHER_VALUE_0=CA certificate
+CACERTSETTING_BORDER_MAPPER_LABEL=Mapping Rule
+CACERTSETTING_BORDER_PUBLISHER_LABEL=Publishing Rule
+CACERTSETTING_BUTTON_MAPPER_LABEL=Configuration
+CACERTSETTING_BUTTON_MAPPER_TTIP=Change mapper configuration parameters
+CACERTSETTING_BUTTON_PUBLISHER_LABEL=Configuration
+CACERTSETTING_BUTTON_PUBLISHER_TTIP=Change publisher configuration parameters
+MAPPERCONFIGDIALOG_TITLE=Configure Mapper Parameters
+MAPPERCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+MAPPERCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+MAPPERCONFIGDIALOG_BUTTON_OK_LABEL=OK
+MAPPERCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+MAPPERCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+MAPPERCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+MAPPERCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Mapper:
+MAPPERCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Mapper Class Name
+CAUSERCERTSETTING_TITLE=User Certificate
+CAUSERCERTSETTING_LABEL_MAPPER_LABEL=Mapper:
+CAUSERCERTSETTING_LABEL_MAPPER_TTIP=Specify mapping rules for publishing user certificates
+CAUSERCERTSETTING_COMBOBOX_MAPPER_VALUE_0=Map by DN Compositions
+CAUSERCERTSETTING_COMBOBOX_MAPPER_VALUE_1=Map by known subject name
+CAUSERCERTSETTING_LABEL_PUBLISHER_LABEL=Publisher:
+CaUSERCERTSETTING_LABEL_PUBLISHER_TTIP=Specify a publishing rule to publish user certificates to the directory
+CAUSERCERTSETTING_COMBOBOX_PUBLISHER_VALUE_0=User certificate
+CAUSERCERTSETTING_COMBOBOX_PUBLISHER_VALUE_1=Certificate and subject name
+CAUSERCERTSETTING_BORDER_MAPPER_LABEL=Mapping Rule
+CAUSERCERTSETTING_BORDER_PUBLISHER_LABEL=Publishing Rule
+CAUSERCERTSETTING_BUTTON_MAPPER_LABEL=Configuration
+CAUSERCERTSETTING_BUTTON_MAPPER_TTIP=Change mapper configuration parameters
+CAUSERCERTSETTING_BUTTON_PUBLISHER_LABEL=Configuration
+CAUSERCERTSETTING_BUTTON_PUBLISHER_TTIP=Change publisher configuration parameters
+RAUSERCERTSETTING_TITLE=User Certificate
+RAUSERCERTSETTING_LABEL_MAPPER_LABEL=Mapper:
+RAUSERCERTSETTING_LABEL_MAPPER_TTIP=Specify mapping rules for publishing user certificates
+RAUSERCERTSETTING_COMBOBOX_MAPPER_VALUE_0=Map by DN compositions
+RAUSERCERTSETTING_COMBOBOX_MAPPER_VALUE_1=Map by known subject name
+RAUSERCERTSETTING_LABEL_PUBLISHER_LABEL=Publisher:
+RAUSERCERTSETTING_LABEL_PUBLISHER_TTIP=Specify a publishing rule to publish user certificates to the directory
+RAUSERCERTSETTING_COMBOBOX_PUBLISHER_VALUE_0=User certificate
+RAUSERCERTSETTING_COMBOBOX_PUBLISHER_VALUE_1=Certificate and subject name
+RAUSERCERTSETTING_BORDER_MAPPER_LABEL=Mapping Rule
+RAUSERCERTSETTING_BORDER_PUBLISHER_LABEL=Publishing Rule
+RAUSERCERTSETTING_BUTTON_MAPPER_LABEL=Configuration
+RAUSERCERTSETTING_BUTTON_MAPPER_TTIP=Change mapper configuration parameters
+RAUSERCERTSETTING_BUTTON_PUBLISHER_LABEL=Configuration
+RAUSERCERTSETTING_BUTTON_PUBLISHER_TTIP=Change publisher configuration parameters
+ACLMGMT_TITLE=Access Control List
+ACLMGMT_BUTTON_REFRESH_LABEL=Refresh
+ACLMGMT_BUTTON_HELP_LABEL=Help
+ACLMGMT_BUTTON_ADD_LABEL=Add
+ACLMGMT_BUTTON_EDIT_LABEL=Edit
+ACLIMPL_TITLE=Evaluator Plugin Registration
+ACLIMPL_BUTTON_REFRESH_LABEL=Refresh
+ACLIMPL_BUTTON_HELP_LABEL=Help
+ACLIMPL_BUTTON_ADD_LABEL=Register
+ACLIMPL_BUTTON_DELETE_LABEL=Delete
+ACLIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this evaluator plugin?
+ACLIMPL_DIALOG_DELETE_TITLE=Warning
+AUTORECOVERYMGMT_TITLE=Auto Recovery
+AUTORECOVERYMGMT_BORDER_AUTO_LABEL=Auto recovery management
+AUTORECOVERYMGMT_LABEL_ENABLEAUTO_LABEL=Auto recovery status:
+AUTORECOVERYMGMT_LABEL_ENABLEAUTO_TTIP=The current auto recovery status
+AUTORECOVERYMGMT_LABEL_ENABLESTATUS_LABEL=Enabled
+AUTORECOVERYMGMT_LABEL_ENABLESTATUS_TTIP=The current auto recovery status is in enabled mode
+AUTORECOVERYMGMT_LABEL_DISABLESTATUS_LABEL=Disabled
+AUTORECOVERYMGMT_LABEL_DISABLESTATUS_TTIP=The current auto recovery status is in disabled mode
+AUTORECOVERYMGMT_BUTTON_ENABLEAUTO_LABEL=Enable
+AUTORECOVERYMGMT_BUTTON_DISABLEAUTO_LABEL=Disable
+AUTORECOVERYMGMT_BUTTON_ENABLEAUTO_TTIP=Enable auto recovery management
+AUTORECOVERYMGMT_BUTTON_DISABLEAUTO_TTIP=Disable auto recovery management
+AUTORECOVERYMGMT_LABEL_RECOVERYLIST_LABEL=Available key recovery agents
+AUTORECOVERYMGMT_BUTTON_REFRESH_LABEL=Refresh
+AUTORECOVERYMGMT_BUTTON_HELP_LABEL=Help
+KRAPASSWD_TITLE=Recovery Agent Password
+KRAPASSWD_BORDER_RECOVERYLIST_LABEL=Key Recovery Agents
+KRAPASSWD_LABEL_RECOVERYLIST_LABEL=Available Agents
+KRAPASSWD_LABEL_RECOVERYLIST_TTIP=A list containing all the available key recovery agents
+KRAPASSWD_BUTTON_CHANGEPWD_LABEL=Change password
+KRAPASSWD_BUTTON_CHANGEPWD_TTIP=Modify password for the selected key recovery agent in the list
+KRAPASSWD_DIALOG_NOSELECTION_MESSAGE=No selection in the recovery agents list box
+KRAPASSWD_DIALOG_MULTISELECTIONS_MESSAGE=Please select only one agent from the list box
+KRAPASSWD_BUTTON_REFRESH_LABEL=Refresh
+KRAPASSWD_BUTTON_HELP_LABEL=Help
+KRAPASSWD_BORDER_RECOVERYLIST_LABEL=Key Recovery Agents
+SCHEMEMGMT_TITLE=Scheme Management
+SCHEMEMGMT_LABEL_AVAILAGENT_LABEL=Total number of available recovery agents:
+SCHEMEMGMT_LABEL_AVAILAGENT_TTIP=Total number of recovery agents authorized to perform the key recovery operation
+SCHEMEMGMT_LABEL_REQAGENT_LABEL=Number of recovery agents required:
+SCHEMEMGMT_LABEL_REQAGENT_TTIP=Minimum number of recovery agents required to perform the key recovery operation
+SCHEMEMGMT_BUTTON_CHANGESCHEME_LABEL=Change scheme
+SCHEMEMGMT_BUTTON_CHANGESCHEME_TTIP=Change the scheme for key recovery agents management
+SCHEMEMGMT_BUTTON_REFRESH_LABEL=Refresh
+SCHEMEMGMT_BUTTON_HELP_LABEL=Help
+SCHEMEMGMT_DIALOG_MNFORMAT_TITLE=Error
+SCHEMEMGMT_DIALOG_MNFORMAT_MESSAGE=Invalid number format in required agent and total number of agent fields
+SCHEMEMGMT_BORDER_CURRENT_LABEL=Current Scheme
+CMSPASSWORD_TITLE=Authenticate User
+CMSPASSWORD_LABEL_UID_LABEL=User ID
+CMSPASSWORD_LABEL_UID_TTIP=System Administrator User ID
+CMSPASSWORD_LABEL_PWD_LABEL=Password
+CMSPASSWORD_LABEL_PWD_TTIP=Authentication Credential
+CMSPASSWORD_BUTTON_HELP_LABEL=Help
+CMSPASSWORD_BUTTON_HELP_TTIP=Online Help
+CMSPASSWORD_BUTTON_OK_LABEL=OK
+CMSPASSWORD_BUTTON_OK_TTIP=Authenticate to server
+CMSPASSWORD_BUTTON_CANCEL_LABEL=Cancel
+CMSPASSWORD_BUTTON_CANCEL_TTIP=Cancel operation
+CMSPASSWORD_DIALOG_EMPTYFIELD_MESSAGE=Blank Fields are not allowed
+CMSPASSWORD_DIALOG_EMPTYFIELD_TITLE=Error
+CREATEINSTANCE_TITLE=Create Server Instance
+CREATEINSTANCE_LABEL_INSTANCE_LABEL=Server Instance Name:
+CREATEINSTANCE_LABEL_INSTANCE_TTIP=Unique server instance nickname
+CREATEINSTANCE_BUTTON_OK_LABEL=OK
+CREATEINSTANCE_BUTTON_OK_TTIP=Start instance creation
+CREATEINSTANCE_BUTTON_CANCEL_LABEL=Cancel
+CREATEINSTANCE_BUTTON_CANCEL_TTIP=Cancel operation
+STARTRESULTDIALOG_TITLE=Status
+STARTRESULTDIALOG_BUTTON_OK_LABEL=OK
+STARTRESULTDIALOG_SUCCESS_TEXT=The server has been started
+STARTRESULTDIALOG_FAILED_TEXT=Error:
+RESTARTRESULTDIALOG_TITLE=Status
+RESTARTRESULTDIALOG_BUTTON_OK_LABEL=OK
+RESTARTRESULTDIALOG_SUCCESS_TEXT=The server has been restarted
+RESTARTRESULTDIALOG_FAILED_TEXT=Error:
+STOPRESULTDIALOG_TITLE=Status
+STOPRESULTDIALOG_BUTTON_OK_LABEL=OK
+STOPRESULTDIALOG_SUCCESS_TEXT=The server has been stopped
+STOPRESULTDIALOG_FAILED_TEXT=Error:
+REMOVERESULTDIALOG_TITLE=Status
+REMOVERESULTDIALOG_BUTTON_OK_LABEL=OK
+REMOVERESULTDIALOG_SUCCESS_TEXT=The server has been removed
+REMOVERESULTDIALOG_FAILED_TEXT=Error:
+AUTHDIALOG_TITLE=Enter Single Signon Password
+AUTHDIALOG_LABEL_INSTANCE_LABEL=Server Instance Name:
+AUTHDIALOG_LABEL_PASSWORD_LABEL=Single Signon Password:
+AUTHDIALOG_BUTTON_OK_LABEL=OK
+AUTHDIALOG_BUTTON_CANCEL_LABEL=Cancel
+CMSMIGRATECREATE_DIALOG_RESTARTADMINERROR_MESSAGE=Failed to create new instance. Please restart the Administration Server and Dogtag Console before trying again.
+CMSMIGRATECREATE_DIALOG_RESTARTADMINERROR_TITLE=Error
+CMSMIGRATECREATE_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to create the instance. Check log files under cert-xxx/logs directory
+CMSMIGRATECREATE_DIALOG_SYSTEMERROR_TITLE=Error
+TASKSTATUS_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to get server status.
+TASKSTATUS_DIALOG_SYSTEMERROR_TITLE=Error
+TASKSTART_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to start the server.
+TASKSTART_DIALOG_SYSTEMERROR_TITLE=Error
+TASKSTOP_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to stop the server.
+TASKSTOP_DIALOG_SYSTEMERROR_TITLE=Error
+TASKREMOVE_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to remove the server.
+TASKREMOVE_DIALOG_SYSTEMERROR_TITLE=Error
+TASKRESTART_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to restart the server.
+TASKRESTART_DIALOG_SYSTEMERROR_TITLE=Error
+CMSSTARTDAEMON_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to start the daemon.
+CMSSTARTDAEMON_DIALOG_SYSTEMERROR_TITLE=Error
+CMSSTARTDAEMON_DIALOG_LOCKDELETECONFIRM_MESSAGE=The installation daemon can't start while the file daemon.lck exists. This probably indicates that a 'cms_daemon' process is already running. Please check and kill it if it is present\nDo you want to delete it ?
+CMSSTARTDAEMON_DIALOG_LOCKDELETECONFIRM_TITLE=Error
+CMSCONFIGCERT_DIALOG_SYSTEMERROR_MESSAGE=Operation Error: Unable to configure the CS instance.
+CMSCONFIGCERT_DIALOG_SYSTEMERROR_TITLE=Error
+SERVER_TITLE=Server
+SERVER_BORDER_PANEL_LABEL=Server
+SERVER_BUTTON_STOP_LABEL=Stop Server
+ACCESSLOG_TITLE=Access
+AUDITLOG_TITLE=Transactions
+CASERIALNUMBERWIZARD_TITLE=Installation Wizard
+CASERIALNUMBERWIZARD_TEXT_HEADING_LABEL=Specify the number range of the certificates that this CA issues, and the number range of the requests made to this CA. Leaving the ending certificate and request number fields blank means unlimited.
+CASERIALNUMBERWIZARD_TEXT_MORE_LABEL=\nMany applications identify a certificate by the combination of the serial number and the issuer name. To ensure that this combination is unique for each certificate, make sure the serial number range does not overlap among cloned CAs.
+CASERIALNUMBERWIZARD_BORDER_CASERIALNUMBERWIZARD_LABEL=CA's certificate and request number range
+CASERIALNUMBERWIZARD_LABEL_SERIALNUMBER_LABEL=Starting certificate number:
+CASERIALNUMBERWIZARD_LABEL_ENDSERIALNUMBER_LABEL=Ending certificate number:
+CASERIALNUMBERWIZARD_LABEL_REQUESTNUMBER_LABEL=Starting request number:
+CASERIALNUMBERWIZARD_LABEL_ENDREQUESTNUMBER_LABEL=Ending request number:
+CASERIALNUMBERWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+CASERIALNUMBERWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error
+KRAREQUESTNUMBERWIZARD_TITLE=Installation Wizard
+KRAREQUESTNUMBERWIZARD_TEXT_HEADING_LABEL=Specify the number range of the keys that this DRM archives,  and the number range of the requests made to this DRM. Leaving the ending key and request number fields blank means unlimited.
+KRAREQUESTNUMBERWIZARD_TEXT_MORE_LABEL=\nMake sure the key and request number range does not overlap among cloned DRMs.
+KRAREQUESTNUMBERWIZARD_BORDER_KRAREQUESTNUMBERWIZARD_LABEL=DRM's key and request number range
+KRAREQUESTNUMBERWIZARD_LABEL_SERIALNUMBER_LABEL=Starting key number:
+KRAREQUESTNUMBERWIZARD_LABEL_ENDSERIALNUMBER_LABEL=Ending key number:
+KRAREQUESTNUMBERWIZARD_LABEL_REQUESTNUMBER_LABEL=Starting request number:
+KRAREQUESTNUMBERWIZARD_LABEL_ENDREQUESTNUMBER_LABEL=Ending request number:
+KRAREQUESTNUMBERWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+KRAREQUESTNUMBERWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error
+LDAPSETTING_TITLE=Internal Database
+LDAPSETTING_BORDER_SETTING_LABEL=Database Settings
+LDAPSETTING_LABEL_HOST_LABEL=Host name:
+LDAPSETTING_LABEL_HOST_TTIP=Specify LDAP host name
+LDAPSETTING_LABEL_PORT_LABEL=Port number:
+LDAPSETTING_LABEL_PORT_TTIP=Specify LDAP port number
+LDAPSETTING_CHECKBOX_SECUREPORT_LABEL=Secure port
+LDAPSETTING_CHECKBOX_SECUREPORT_TTIP=Specify if LDAP port is secure
+LDAPSETTING_LABEL_BASEDN_LABEL=Base DN:
+LDAPSETTING_LABEL_BASEDN_TTIP=Specify the LDAP base DN
+LDAPSETTING_LABEL_MAXCONNS_LABEL=Maximum # of connections
+LDAPSETTING_LABEL_MAXCONNS_TTIP=Specify the maximum number of connections to this database
+LDAPSETTING_LABEL_MINCONNS_LABEL=Minimum # of connections
+LDAPSETTING_LABEL_MINCONNS_TTIP=Specify the minimum number of connections to this database
+LDAPSETTING_LABEL_BINDAS_LABEL=Directory manager DN:
+LDAPSETTING_LABEL_BINDAS_TTIP=Specify the LDAP bind DN
+LDAPSETTING_LABEL_PWD_LABEL=Password:
+LDAPSETTING_LABEL_PWD_TTIP=Specify the LDAP bind password
+LDAPSETTING_LABEL_PWDAGAIN_LABEL=Confirm password:
+LDAPSETTING_LABEL_PWDAGAIN_TTIP=Specify the LDAP bind password again
+LDAPSETTING_LABEL_VERSION_LABEL=LDAP version:
+LDAPSETTING_LABEL_VERSION_TTIP=Specify the LDAP version
+LDAPSETTING_COMBOBOX_VERSION_VALUE_0=2
+LDAPSETTING_COMBOBOX_VERSION_VALUE_1=3
+LDAPSETTING_DIALOG_NUMBERFORMAT_TITLE=Error
+LDAPSETTING_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+LDAPSETTING_DIALOG_BLANKFIELD_TITLE=Error
+LDAPSETTING_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+LDAPSETTING_DIALOG_UNMATCHEDPASSWD_TITLE=Error
+LDAPSETTING_DIALOG_UNMATCHEDPASSWD_MESSAGE=The password does not match the confirmed password
+LDAPSETTING_DIALOG_PORTRANGE_MESSAGE=Valid port numbers are between 1 and 65535 inclusive!
+LDAPSETTING_DIALOG_PORTRANGE_TITLE=Error
+LDAPSETTING_DIALOG_MAXMINNUMBERFORMAT_TITLE=Error
+LDAPSETTING_DIALOG_MAXMINNUMBERFORMAT_MESSAGE=Maximum and minimum connections must be an integer!
+LDAPSETTING_DIALOG_MAXMINRANGE_MESSAGE=Maximum and minimum connections must be greater than zero, and max must be greater than min!
+LDAPSETTING_DIALOG_MAXMINRANGE_TITLE=Error
+SMTPSETTING_TITLE=SMTP
+SMTPSETTING_LABEL_SERVER_LABEL=Server name:
+SMTPSETTING_LABEL_SERVER_TTIP=Specify SMTP server name
+SMTPSETTING_LABEL_PORT_LABEL=Port number:
+SMTPSETTING_LABEL_PORT_TTIP=Specify SMTP server port number
+SMTPSETTING_DIALOG_NUMBERFORMAT_TITLE=Error
+SMTPSETTING_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+SMTPSETTING_DIALOG_BLANKFIELD_TITLE=Error
+SMTPSETTING_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+SMTPSETTING_DIALOG_OUTOFRANGE_TITLE=Error
+SMTPSETTING_DIALOG_OUTOFRANGE_MESSAGE=Port number must be greater than zero
+SNMPSETTING_TITLE=SNMP
+SNMPSETTING_LABEL_HOST_LABEL=Master host:
+SNMPSETTING_LABEL_HOST_TTIP=Host name of machine running the SNMP master agent
+SNMPSETTING_LABEL_PORT_LABEL=Master port:
+SNMPSETTING_LABEL_PORT_TTIP=Port the SNMP master agent is running on
+SNMPSETTING_LABEL_DESC_LABEL=Description:
+SNMPSETTING_LABEL_DESC_TTIP=A description to be presented to clients viewing SNMP statistics
+SNMPSETTING_LABEL_ORGN_LABEL=Organization:
+SNMPSETTING_LABEL_ORGN_TTIP=An organization name to be presented to clients viewing SNMP statistics
+SNMPSETTING_LABEL_LOC_LABEL=Location:
+SNMPSETTING_LABEL_LOC_TTIP=A location name to be presented to clients viewing SNMP statistics
+SNMPSETTING_LABEL_CONTACT_LABEL=Contact:
+SNMPSETTING_LABEL_CONTACT_TTIP=A contact name to be presented to clients viewing SNMP statistics
+SNMPSETTING_CHECKBOX_ENABLE_LABEL=Enable collection of SNMP statistics
+SNMPSETTING_BUTTON_ON_LABEL=On
+SNMPSETTING_BUTTON_ON_TTIP=Turn on the SNMP subagent
+SNMPSETTING_BUTTON_OFF_LABEL=OFF
+SNMPSETTING_BUTTON_OFF_TTIP=Turn off the SNMP subagent
+SNMPSETTING_DIALOG_NUMBERFORMAT_TITLE=Error
+SNMPSETTING_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+SELFTESTS_TITLE=Self Tests
+SELFTESTS_BORDER_LABEL=Self Tests
+SELFTESTS_LABEL_ONDEMAND_LABEL=Run self tests specified on-demand:
+SELFTESTS_BUTTON_RUN_LABEL=Run
+SELFTESTS_BUTTON_RUN_TTIP=Run self tests specified on-demand
+ERRORLOG_TITLE=Error
+ERRORLOG_BORDER_LOGATTRIBUTE_LABEL=Log options
+ERRORLOG_CHECKBOX_ACTIVATE_LABEL=Enable logging
+ERRORLOG_CHECKBOX_ACTIVATE_TTIP=Click to enable/disable logging
+ERRORLOG_LABEL_LOGMAXSIZ_LABEL=Maximum size:
+ERRORLOG_LABEL_LOGMAXSIZ_TTIP=Specify maximum size of log file in kbytes
+ERRORLOG_LABEL_LOGBUFSIZ_LABEL=Buffer size:
+ERRORLOG_LABEL_LOGBUFSIZ_TTIP=Specify buffer size of log file in kbytes
+ERRORLOG_LABEL_LOGFQC_LABEL=Rotation frequency:
+ERRORLOG_LABEL_LOGFQC_TTIP=Frequency to rotate a log file
+ERRORLOG_LABEL_SIZEUNIT_LABEL=KB
+ERRORLOG_COMBOBOX_LOGFQC_VALUE_0=Hourly
+ERRORLOG_COMBOBOX_LOGFQC_VALUE_1=Daily
+ERRORLOG_COMBOBOX_LOGFQC_VALUE_2=Weekly
+ERRORLOG_COMBOBOX_LOGFQC_VALUE_3=Monthly
+ERRORLOG_COMBOBOX_LOGFQC_VALUE_4=Yearly
+ERRORLOG_LABEL_LOGLEVEL_LABEL=Log level:
+ERRORLOG_LABEL_LOGLEVEL_TTIP=Specify log level
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_0=Debug
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_1=Info
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_2=Warning
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_3=Failure
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_4=Misconfiguration
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_5=Catastrophe
+ERRORLOG_COMBOBOX_LOGLEVEL_VALUE_6=Security
+ERRORLOG_DIALOG_BLANKFIELD_MESSAGE=All fields must be filled
+ERRORLOG_DIALOG_BLANKFIELD_TITLE=Error Log Error
+ERRORLOG_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+ERRORLOG_DIALOG_NUMBERFORMAT_TITLE=Error Log error
+ERRORLOG_DIALOG_OUTOFRANGE_MESSAGE=Size must be greater than zero
+ERRORLOG_DIALOG_OUTOFRANGE_TITLE=Error Log error
+ERRORLOG_BUTTON_REFRESH_LABEL=Refresh
+ERRORLOG_BUTTON_REFRESH_TTIP=Refresh error log content
+ERRORLOG_BUTTON_HELP_LABEL=Help
+ERRORLOG_BUTTON_HELP_TTIP=Online Help
+ERRORLOG_LABEL_NUMBERREC_LABEL=Number of entries
+ERRORLOG_LABEL_NUMBERREC_LTTIP=Specify mumber of entries to be returned
+ACCESSLOG_TITLE=System
+ACCESSLOG_BORDER_LOGATTRIBUTE_LABEL=Log options
+ACCESSLOG_BORDER_NTLOGATTRIBUTE_LABEL=NT Log options
+ACCESSLOG_CHECKBOX_ACTIVATE_LABEL=Enable logging
+ACCESSLOG_CHECKBOX_ACTIVATE_TTIP=Click to enable/disable logging
+ACCESSLOG_CHECKBOX_ACTIVATENTLOG_LABEL=Enable NT logging
+ACCESSLOG_LABEL_LOGMAXSIZ_LABEL=Maximum size:
+ACCESSLOG_LABEL_LOGMAXSIZ_TTIP=Specify maximum size of log file in kbytes
+ACCESSLOG_LABEL_LOGBUFSIZ_LABEL=Buffer size:
+ACCESSLOG_LABEL_LOGBUFSIZ_TTIP=Specify buffer size of log file in kbytes
+ACCESSLOG_LABEL_LOGFQC_LABEL=Rotation frequency:
+ACCESSLOG_LABEL_LOGFQC_TTIP=Frequency to rotate a log file
+ACCESSLOG_LABEL_SIZEUNIT_LABEL=KB
+ACCESSLOG_COMBOBOX_LOGFQC_VALUE_0=Hourly
+ACCESSLOG_COMBOBOX_LOGFQC_VALUE_1=Daily
+ACCESSLOG_COMBOBOX_LOGFQC_VALUE_2=Weekly
+ACCESSLOG_COMBOBOX_LOGFQC_VALUE_3=Monthly
+ACCESSLOG_COMBOBOX_LOGFQC_VALUE_4=Yearly
+ACCESSLOG_LABEL_LOGLEVEL_LABEL=Log level:
+ACCESSLOG_LABEL_EVENTSOURCE_LABEL=Event Source:
+ACCESSLOG_LABEL_LOGLEVEL_TTIP=Specify log level
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_0=Debug
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_1=Info
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_2=Warning
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_3=Failure
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_4=Misconfiguration
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_5=Catastrophe
+ACCESSLOG_COMBOBOX_LOGLEVEL_VALUE_6=Security
+ACCESSLOG_DIALOG_BLANKFIELD_MESSAGE=All fields must be filled
+ACCESSLOG_DIALOG_BLANKFIELD_TITLE=System Log Error
+ACCESSLOG_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+ACCESSLOG_DIALOG_NUMBERFORMAT_TITLE=System Log Error
+ACCESSLOG_DIALOG_OUTOFRANGE_MESSAGE=Size must be greater than zero
+ACCESSLOG_DIALOG_OUTOFRANGE_TITLE=Error Log error
+LOGCONTENT_BUTTON_REFRESH_LABEL=Refresh
+LOGCONTENT_BUTTON_REFRESH_TTIP=Refresh log content
+LOGCONTENT_BUTTON_HELP_LABEL=Help
+LOGCONTENT_BUTTON_HELP_TTIP=Online Help
+LOGCONTENT_BUTTON_VIEW_LABEL=View
+LOGCONTENT_BUTTON_VIEW_TTIP=View Detail
+LOGCONTENT_LABEL_NUMBERREC_LABEL=Entries:
+LOGCONTENT_LABEL_NUMBERREC_LTTIP=Specify mumber of entries to be returned
+LOGCONTENT_LABEL_SOURCE_LABEL=Source:
+LOGCONTENT_LABEL_SOURCE_TTIP=Select specific log source
+LOGCONTENT_LABEL_LOGLEVEL_LABEL=Level:
+LOGCONTENT_LABEL_LOGLEVEL_TTIP=Select specific log level
+LOGCONTENT_LABEL_FILE_LABEL=File Name:
+LOGCONTENT_LABEL_FILE_TTIP=Select specific log file
+LOGCONTENT_BORDER_OPTIONS_LABEL=Display Options
+LOGCONTENT_COMBOBOX_LOGLEVEL_DEFAULT=Warning
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_0=Debug
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_1=Information
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_2=Warning
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_3=Failure
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_4=Misconfiguration
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_5=Catastrophe
+LOGCONTENT_COMBOBOX_LOGLEVEL_VALUE_6=Security
+LOGCONTENT_COMBOBOX_SOURCE_DEFAULT=All
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_0=All
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_1=Key Recovery Authority
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_2=Registration Authority
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_3=Certificate Authority
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_4=HTTP
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_5=Database
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_6=Authentication
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_7=Administration
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_8=LDAP
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_9=Request Queue
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_10=ACLs
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_11=User and Group
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_12=OCSP
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_13=Authorization
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_14=Signed Audit
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_15=Cross-Certification
+LOGCONTENT_COMBOBOX_SOURCE_VALUE_20=Others
+LOGCONTENT_COMBOBOX_FILE_DEFAULT=Current
+AUDITLOG_TITLE=Transactions
+AUDITLOG_BORDER_LOGATTRIBUTE_LABEL=Log options
+AUDITLOG_BORDER_NTLOGATTRIBUTE_LABEL=NT Log options
+AUDITLOG_CHECKBOX_ACTIVATE_LABEL=Enable logging
+AUDITLOG_CHECKBOX_ACTIVATE_TTIP=Click to enable/disable logging
+AUDITLOG_CHECKBOX_ACTIVATENTLOG_LABEL=Enable NT logging
+AUDITLOG_LABEL_LOGMAXSIZ_LABEL=Maximum size:
+AUDITLOG_LABEL_LOGMAXSIZ_TTIP=Specify maximum size of log file in kbytes
+AUDITLOG_LABEL_LOGBUFSIZ_LABEL=Buffer size:
+AUDITLOG_LABEL_LOGBUFSIZ_TTIP=Specify buffer size of log file in kbytes
+AUDITLOG_LABEL_LOGFQC_LABEL=Rotation frequency:
+AUDITLOG_LABEL_LOGFQC_TTIP=Frequency to rotate a log file
+AUDITLOG_LABEL_SIZEUNIT_LABEL=KB
+AUDITLOG_COMBOBOX_LOGFQC_VALUE_0=Hourly
+AUDITLOG_COMBOBOX_LOGFQC_VALUE_1=Daily
+AUDITLOG_COMBOBOX_LOGFQC_VALUE_2=Weekly
+AUDITLOG_COMBOBOX_LOGFQC_VALUE_3=Monthly
+AUDITLOG_COMBOBOX_LOGFQC_VALUE_4=Yearly
+AUDITLOG_LABEL_LOGLEVEL_LABEL=Log level:
+AUDITLOG_LABEL_EVENTSOURCE_LABEL=Event Source:
+AUDITLOG_LABEL_LOGLEVEL_TTIP=Specify log level
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_0=Debug
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_1=Info
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_2=Warning
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_3=Failure
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_4=Misconfiguration
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_5=Catastrophe
+AUDITLOG_COMBOBOX_LOGLEVEL_VALUE_6=Security
+AUDITLOG_DIALOG_BLANKFIELD_MESSAGE=All fields must be filled
+AUDITLOG_DIALOG_BLANKFIELD_TITLE=Transactions Log Error
+AUDITLOG_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+AUDITLOG_DIALOG_NUMBERFORMAT_TITLE=Transactions Log Error
+AUDITLOG_DIALOG_OUTOFRANGE_MESSAGE=Size must be greater than zero
+AUDITLOG_DIALOG_OUTOFRANGE_TITLE=Error Log error
+LOG_COLUMN_OCSPSTORES_RULE_LABEL=Store Name
+LOG_COLUMN_NUMBER_LABEL=Number
+LOG_COLUMN_UID_LABEL=UID
+LOG_COLUMN_SERVLETNAME_LABEL=Servlet name
+LOG_COLUMN_EVALNAME_LABEL=Evaluator Name
+LOG_COLUMN_ACLNAME_LABEL=Resource Name
+LOG_COLUMN_ACLDESC_LABEL=Description
+LOG_COLUMN_PASSWORD_LABEL=Password
+LOG_COLUMN_TOKENNAME_LABEL=Token Name
+LOG_COLUMN_CONFIRM_LABEL=Confirm Password
+LOG_COLUMN_REQUESTNO_LABEL=Request Number
+LOG_COLUMN_REQUESTTYPE_LABEL=Type
+LOG_COLUMN_REQUESTSTATUS_LABEL=Status
+LOG_COLUMN_RECORDNUMBER_LABEL=No.
+LOG_COLUMN_STATUS_LABEL=Status
+LOG_COLUMN_DATE_LABEL=Date
+LOG_COLUMN_TIME_LABEL=Time
+LOG_COLUMN_DETAILS_LABEL=Details
+LOG_COLUMN_SEVERITY_LABEL=Level
+LOG_COLUMN_SERIALNO_LABEL=Serial No.
+LOG_COLUMN_VERSION_LABEL=Version
+LOG_COLUMN_SUBJECT_LABEL=Subject Name
+LOG_COLUMN_SIGNALG_LABEL=Signature Algorithm
+LOG_COLUMN_NOTBEFORE_LABEL=Not Before
+LOG_COLUMN_NOTAFTER_LABEL=Not After
+LOG_COLUMN_NAME_LABEL=Name
+LOG_COLUMN_DEPARTMENT_LABEL=Department
+LOG_COLUMN_EMAIL_LABEL=E-Mail
+LOG_COLUMN_PHONE_LABEL=Telephone
+LOG_COLUMN_OID_LABEL=OID
+LOG_COLUMN_CLASSNAME_LABEL=Class Name
+LOG_COLUMN_DESC_LABEL=Description
+LOG_COLUMN_UIMAPPER_LABEL=UI Class
+LOG_COLUMN_USERID_LABEL=User ID
+LOG_COLUMN_FULLNAME_LABEL=Full Name
+LOG_COLUMN_ATTRIBUTE_LABEL=Attribute
+LOG_COLUMN_VALUE_LABEL=Value
+LOG_COLUMN_CONFIG_LABEL=Config Parameter
+LOG_COLUMN_DEFAULTGROUP_LABEL=*
+LOG_COLUMN_GROUPNAME_LABEL=Group Name
+LOG_COLUMN_GROUPDESC_LABEL=Group Description
+LOG_COLUMN_CERTIFICATE_LABEL=Certificate
+LOG_COLUMN_MEMBER_LABEL=Member
+LOG_COLUMN_SOURCE_LABEL=Source
+LOG_COLUMN_PROFILE_IMPL_LABEL=Plugin Name
+LOG_COLUMN_TYPE_LABEL=Plugin Type
+LOG_COLUMN_PROFILE_RULE_LABEL=Certificate Profile Instance
+LOG_COLUMN_POLICY_IMPL_LABEL=Plugin Name
+LOG_COLUMN_POLICY_RULE_LABEL=Policy Rule
+LOG_COLUMN_MAPPER_IMPL_LABEL=Plugin Name
+LOG_COLUMN_MAPPER_RULE_LABEL=Mapper
+LOG_COLUMN_PLUGIN_LABEL=Plugin Name
+LOG_COLUMN_IMPL_LABEL=Plugin Name
+LOG_COLUMN_PUBLISHER_IMPL_LABEL=Plugin Name
+LOG_COLUMN_PUBLISHER_RULE_LABEL=Publisher
+LOG_COLUMN_RULE_IMPL_LABEL=Plugin Name
+LOG_COLUMN_RULE_RULE_LABEL=Rule
+LOG_COLUMN_CRLEXTS_RULE_LABEL=CRL Extensions
+LOG_COLUMN_RULE_LABEL=Instance Name
+LOG_COLUMN_JOBS_IMPL_LABEL=Plugin Name
+LOG_COLUMN_JOBS_RULE_LABEL=Instance Name
+LOG_COLUMN_CERTNAME_LABEL=Certificate Name
+LOG_COLUMN_EXPIRED_LABEL=Expiry Date
+LOG_COLUMN_TRUST_LABEL=Trust Status
+LOG_COLUMN_KEYNAME_LABEL=Key Name
+LOG_COLUMN_CERTNICKNAMENAME_LABEL=Certificate Name
+LOG_COLUMN_SERIALNUMBER_LABEL=Serial Number
+LOG_COLUMN_ISSUERNAME_LABEL=Issuer Name
+LOG_COLUMN_TOKENNAME_LABEL=Token Name
+LOG_COLUMN_LOG_IMPL_LABEL=Plugin Name
+LOG_COLUMN_LOG_RULE_LABEL=Log Event Listener
+LOGENTRYVIEWDIALOG_TITLE=View Log Entry
+LOGENTRYVIEWDIALOG_BUTTON_OK_LABEL=OK
+LOGENTRYVIEWDIALOG_BUTTON_OK_TTIP=Close this dialog
+LOGENTRYVIEWDIALOG_LABEL_SOURCE_LABEL=Source:
+LOGENTRYVIEWDIALOG_LABEL_SOURCE_TTIP=Specific log source
+LOGENTRYVIEWDIALOG_LABEL_LEVEL_LABEL=Level:
+LOGENTRYVIEWDIALOG_LABEL_LEVEL_TTIP=Log entry level
+LOGENTRYVIEWDIALOG_LABEL_DATE_LABEL=Date:
+LOGENTRYVIEWDIALOG_LABEL_DATE_TTIP=Log entry date
+LOGENTRYVIEWDIALOG_LABEL_TIME_LABEL=Time:
+LOGENTRYVIEWDIALOG_LABEL_TIME_TTIP=Log entry time
+LOGENTRYVIEWDIALOG_LABEL_DESC_LABEL=Detail:
+LOGENTRYVIEWDIALOG_LABEL_DESC_TTIP=Log entry detail description
+STATUSPANEL_TITLE=General Status
+STATUSPANEL_BUTTON_REFRESH_LABEL=Refresh
+STATUSPANEL_BUTTON_REFRESH_TTIP=Refresh status information
+STATUSPANEL_BUTTON_HELP_LABEL=Help
+STATUSPANEL_BUTTON_HELP_TTIP=Online Help
+STATUSPANEL_LABEL_SERVERNAME_LABEL=Server name:
+STATUSPANEL_LABEL_SERVERNAME_TTIP=Server instance name
+STATUSPANEL_LABEL_INSTALLDATE_LABEL=Server installation date:
+STATUSPANEL_LABEL_INSTALLDATE_TTIP=Creation date of this server instance
+STATUSPANEL_LABEL_SERVERVERSION_LABEL=Server version:
+STATUSPANEL_LABEL_SERVERVERSION_TTIP=Certificate Server version
+STATUSPANEL_LABEL_SERVERSTARTUP_LABEL=Startup time on server:
+STATUSPANEL_LABEL_SERVERSTARTUP_TTIP=Server startup time
+STATUSPANEL_LABEL_SERVERTIME_LABEL=Current time on server:
+STATUSPANEL_LABEL_SERVERTIME_TTIP=Current time on the server
+STATUSPANEL_BORDER_GENERALINFO_LABEL=General Information
+CERTIFICATEWIZARD_TITLE=Certificate Request Wizard
+WIZARD_DIALOG_EXIT_MESSAGE=Are you sure you want to exit the wizard?
+WIZARD_DIALOG_EXIT_TITLE=Confirm
+USERTAB_TITLE=Users
+USERTAB_BUTTON_REFRESH_LABEL=Refresh
+USERTAB_BUTTON_REFRESH_TTIP=Refresh user information
+USERTAB_BUTTON_EDIT_LABEL=Edit
+USERTAB_BUTTON_EDIT_TTIP=Modify user information
+USERTAB_BUTTON_ADD_LABEL=Add
+USERTAB_BUTTON_ADD_TTIP=Add new user
+USERTAB_BUTTON_DELETE_LABEL=Delete
+USERTAB_BUTTON_DELETE_TTIP=Delete selected user
+USERTAB_BUTTON_HELP_LABEL=Help
+USERTAB_BUTTON_HELP_TTIP=Online Help
+USERTAB_BUTTON_CERT_LABEL=Certificates
+USERTAB_BUTTON_HELP_TTIP=Manage user certificates
+USERTAB_DIALOG_SERVERERROR_MESSAGE=Server Error
+USERTAB_DIALOG_SERVERERROR_TITLE=Error
+USERTAB_DIALOG_DELETE_MESSAGE=Do you want to delete this user?
+USERTAB_DIALOG_DELETE_TITLE=Warning
+USERTAB_BORDER_USERS_LABEL=Users
+GROUPTAB_TITLE=Groups
+GROUPTAB_BUTTON_REFRESH_LABEL=Refresh
+GROUPTAB_BUTTON_REFRESH_TTIP=Refresh group information
+GROUPTAB_BUTTON_EDIT_LABEL=Edit
+GROUPTAB_BUTTON_EDIT_TTIP=Modify group membership
+GROUPTAB_BUTTON_ADD_LABEL=Add
+GROUPTAB_BUTTON_ADD_TTIP=Add new group
+GROUPTAB_BUTTON_DELETE_LABEL=Delete
+GROUPTAB_BUTTON_DELETE_TTIP=Delete selected group
+GROUPTAB_BUTTON_HELP_LABEL=Help
+GROUPTAB_BUTTON_HELP_TTIP=Online Help
+GROUPTAB_DIALOG_SERVERERROR_MESSAGE=Server Error
+GROUPTAB_DIALOG_SERVERERROR_TITLE=Error
+GROUPTAB_DIALOG_DELETE_MESSAGE=Do you want to delete this group?
+GROUPTAB_DIALOG_DELETE_TITLE=Warning
+GROUPTAB_BORDER_STANDARD_LABEL=System Groups
+GROUPTAB_BORDER_USERDEFINE_LABEL=Admin Defined Groups
+GROUPEDITOR_TITLE=Edit Group Information
+GROUPEDITOR_LABEL_GROUPNAME_LABEL=Group name:
+GROUPEDITOR_LABEL_GROUPNAME_TTIP=Unique identifier for this group
+GROUPEDITOR_LABEL_GROUPDESC_LABEL=Group description:
+GROUPEDITOR_LABEL_GROUPDESC_TTIP=Short Description for this group
+GROUPEDITOR_LABEL_MEMBER_LABEL=Group Members:
+GROUPEDITOR_LABEL_MEMBER_TTIP=List of current group members
+GROUPEDITOR_DIALOG_SERVERERROR_MESSAGE=Server Error
+GROUPEDITOR_DIALOG_SERVERERROR_TITLE=Error
+GROUPEDITOR_DIALOG_DELETE_MESSAGE=Delete this member?
+GROUPEDITOR_DIALOG_DELETE_TITLE=Warning
+GROUPEDITOR_DIALOG_NOGROUPNAME_MESSAGE=Group name can't be blank
+GROUPEDITOR_DIALOG_NOGROUPNAME_TITLE=Error
+GROUPEDITOR_BUTTON_OK_LABEL=OK
+GROUPEDITOR_BUTTON_OK_TTIP=Save changes and close this window
+GROUPEDITOR_BUTTON_ADDGROUP_LABEL=Add Group
+GROUPEDITOR_BUTTON_ADDGROUP_TTIP=Add additional group to this group
+GROUPEDITOR_BUTTON_ADDUSER_LABEL=Add User
+GROUPEDITOR_BUTTON_ADDUSER_TTIP=Add additional user to this group
+GROUPEDITOR_BUTTON_DELETE_LABEL=Delete
+GROUPEDITOR_BUTTON_DELETE_TTIP=Delete selected user or group
+GROUPEDITOR_BUTTON_CANCEL_LABEL=Cancel
+GROUPEDITOR_BUTTON_CANCEL_TTIP=Cancel changes and close this window
+GROUPEDITOR_BUTTON_HELP_LABEL=Help
+GROUPEDITOR_BUTTON_HELP_TTIP=Online Help
+GROUPEDITOR_DIALOG_ALLUSERS_MESSAGE=All users are already in the group
+GROUPEDITOR_DIALOG_ALLUSERS_TITLE=Information
+USEREDITOR_TITLE=Edit User Information
+USEREDITOR_LABEL_STATE_LABEL=User State:
+USEREDITOR_LABEL_STATE_TTIP=State for this user
+USEREDITOR_LABEL_USERNAME_LABEL=User ID:
+USEREDITOR_LABEL_USERNAME_TTIP=Unique identifier for this user
+USEREDITOR_LABEL_FULLNAME_LABEL=Full name:
+USEREDITOR_LABEL_FULLNAME_TTIP=Full name for this user
+USEREDITOR_LABEL_PASSWORD_LABEL=Password:
+USEREDITOR_LABEL_PASSWORD_TTIP=Password for this user
+USEREDITOR_LABEL_PASSWORDCONFIRM_LABEL=Confirm Password:
+USEREDITOR_LABEL_PASSWORDCONFIRM_TTIP=Retype password for this user
+USEREDITOR_LABEL_EMAIL_LABEL=E-Mail:
+USEREDITOR_LABEL_EMAIL_TTIP=E-Mail address
+USEREDITOR_LABEL_PHONE_LABEL=Phone:
+USEREDITOR_LABEL_PHONE_TTIP=Phone number
+USEREDITOR_LABEL_GROUP_LABEL=Group:
+USEREDITOR_LABEL_MEMBER_LABEL=Membership:
+USEREDITOR_LABEL_MEMBER_TTIP=This user belongs to the groups listed
+USEREDITOR_DIALOG_SERVERERROR_MESSAGE=Server Error
+USEREDITOR_DIALOG_SERVERERROR_TITLE=Error
+USEREDITOR_DIALOG_DELETE_MESSAGE=Delete this certificate?
+USEREDITOR_DIALOG_DELETE_TITLE=Warning
+USEREDITOR_DIALOG_NOUSERNAME_MESSAGE=User ID can't be blank
+USEREDITOR_DIALOG_NOUSERNAME_TITLE=Error
+USEREDITOR_DIALOG_PWDNOTMATCH_MESSAGE=The two passwords you entered do not match
+USEREDITOR_DIALOG_PWDNOTMATCH_TITLE=Error
+USEREDITOR_BUTTON_OK_LABEL=OK
+USEREDITOR_BUTTON_OK_TTIP=Save changes and close this window
+USEREDITOR_BUTTON_ADDCERT_LABEL=Add
+USEREDITOR_BUTTON_ADDCERT_TTIP=Add additional certificate for this user
+USEREDITOR_BUTTON_VIEWCERT_LABEL=View
+USEREDITOR_BUTTON_VIEWCERT_TTIP=View certificate
+USEREDITOR_BUTTON_DELETECERT_LABEL=Delete
+USEREDITOR_BUTTON_DELETECERT_TTIP=Delete selected certificate
+USEREDITOR_BUTTON_CANCEL_LABEL=Cancel
+USEREDITOR_BUTTON_CANCEL_TTIP=Cancel changes and close this window
+USEREDITOR_BUTTON_HELP_LABEL=Help
+USEREDITOR_BUTTON_HELP_TTIP=Online Help
+USERLISTDIALOG_TITLE=Select User
+USERLISTDIALOG_DIALOG_SERVERERROR_MESSAGE=Server Error
+USERLISTDIALOG_DIALOG_SERVERERROR_TITLE=Error
+USERLISTDIALOG_DIALOG_NOSELECTION_MESSAGE=Please select a user first!
+USERLISTDIALOG_DIALOG_NOSELECTION_TITLE=Error
+USERLISTDIALOG_BUTTON_OK_LABEL=OK
+USERLISTDIALOG_BUTTON_OK_TTIP=Select users
+USERLISTDIALOG_BUTTON_CANCEL_LABEL=Cancel
+USERLISTDIALOG_BUTTON_CANCEL_TTIP=close this window
+GROUPLISTDIALOG_TITLE=Select Group
+GROUPLISTDIALOG_DIALOG_SERVERERROR_MESSAGE=Server Error
+GROUPLISTDIALOG_DIALOG_SERVERERROR_TITLE=Error
+GROUPLISTDIALOG_DIALOG_NOSELECTION_MESSAGE=Please select a group first!
+GROUPLISTDIALOG_DIALOG_NOSELECTION_TITLE=Error
+GROUPLISTDIALOG_BUTTON_OK_LABEL=OK
+GROUPLISTDIALOG_BUTTON_OK_TTIP=Select groups
+GROUPLISTDIALOG_BUTTON_CANCEL_LABEL=Cancel
+GROUPLISTDIALOG_BUTTON_CANCEL_TTIP=close this window
+PASSWDDIALOG_TITLE=Change Password
+PASSWDDIALOG_LABEL_USERID_LABEL=User ID:
+PASSWDDIALOG_LABEL_USERID_TTIP=The user ID of the recovery agent
+PASSWDDIALOG_LABEL_OLDPASSWORD_LABEL=Old Password:
+PASSWDDIALOG_LABEL_OLDPASSWORD_TTIP=Enter the old password for the given user
+PASSWDDIALOG_LABEL_PASSWORD_LABEL=New Password:
+PASSWDDIALOG_LABEL_PASSWORD_TTIP=Enter the new password for the given user
+PASSWDDIALOG_LABEL_PASSWORD_AGAIN_LABEL=Confirm Password:
+PASSWDDIALOG_LABEL_PASSWORD_AGAIN_TTIP=Re-enter the new password again
+PASSWDDIALOG_BUTTON_OK_LABEL=OK
+PASSWDDIALOG_BUTTON_OK_TTIP=Please press OK to save the changes
+PASSWDDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PASSWDDIALOG_BUTTON_CANCEL_TTIP=Please press cancel to disregard the changes
+PASSWDDIALOG_DIALOG_EMPTYFIELD_MESSAGE=Blank Fields are not allowed
+PASSWDDIALOG_DIALOG_EMPTYFIELD_TITLE=Error
+PASSWDDIALOG_DIALOG_CONFIRMED_MESSAGE=The new password and confirmed password are not matched
+PASSWDDIALOG_DIALOG_CONFIRMED_TITLE=Error
+AUTORECOVERYDIALOG_TITLE=Enable Auto Recovery
+AUTORECOVERYDIALOG_BUTTON_DISABLEAUTO_LABEL=Disable
+AUTORECOVERYDIALOG_BUTTON_DISABLEAUTO_TTIP=Disable auto recovery
+AUTORECOVERYDIALOG_BUTTON_OK_LABEL=OK
+AUTORECOVERYDIALOG_BUTTON_OK_TTIP=enable auto recovery
+AUTORECOVERYDIALOG_BUTTON_CANCEL_LABEL=Cancel
+AUTORECOVERYDIALOG_BUTTON_CANCEL_TTIP=close this window
+AUTORECOVERYDIALOG_LABEL_USERID_LABEL=User ID
+AUTORECOVERYDIALOG_LABEL_USERID_TTIP=Enter user ID for auto recovery
+AUTORECOVERYDIALOG_LABEL_USERPWD_LABEL=User password
+AUTORECOVERYDIALOG_LABEL_USERPWD_TTIP=Enter user password for the corresponding user ID
+AUTORECOVERYDIALOG_LABEL_HEADING_LABEL=Please enter the user ids and the corresponding passwords
+AUTORECOVERYDIALOG_DIALOG_EMPTYFIELD_MESSAGE=Blank Fields are not allowed
+AUTORECOVERYDIALOG_DIALOG_EMPTYFIELD_TITLE=Error
+CERTMANAGEMENTDIALOG_TITLE=Manage User Certificates
+CERTMANAGEMENTDIALOG_BUTTON_HELP_LABEL=Help
+CERTMANAGEMENTDIALOG_BUTTON_HELP_TTIP=Online Help
+CERTMANAGEMENTDIALOG_BUTTON_OK_LABEL=Done
+CERTMANAGEMENTDIALOG_BUTTON_OK_TTIP=close this window
+CERTMANAGEMENTDIALOG_BUTTON_CANCEL_LABEL=Cancel
+CERTMANAGEMENTDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+CERTMANAGEMENTDIALOG_BUTTON_IMPORT_LABEL=Import
+CERTMANAGEMENTDIALOG_BUTTON_IMPORT_TTIP=Import a new certificate for this user
+CERTMANAGEMENTDIALOG_BUTTON_DELETE_LABEL=Delete
+CERTMANAGEMENTDIALOG_BUTTON_DELETE_TTIP=Delete this certificate
+CERTMANAGEMENTDIALOG_BUTTON_VIEW_LABEL=View
+CERTMANAGEMENTDIALOG_BUTTON_VIEW_TTIP=View certificate content
+CERTIMPORTDIALOG_TITLE=Import Certificate
+CERTIMPORTDIALOG_DIALOG_NOCERTNAME_MESSAGE=Please enter certificate nickname!
+CERTIMPORTDIALOG_DIALOG_NOCERTNAME_TITLE=Error
+CERTIMPORTDIALOG_DIALOG_NOB64E_MESSAGE=Please enter base-64 encoded certificate!
+CERTIMPORTDIALOG_DIALOG_NOB64E_TITLE=Error
+CERTIMPORTDIALOG_DIALOG_CANTDELETE_MESSAGE=Can't delete user cert.  Use Certificate Setup Wizard for renewal or replacement of the CA and OCSP Signing Certificates or the SSL Server certificate
+CERTIMPORTDIALOG_BUTTON_OK_LABEL=OK
+CERTIMPORTDIALOG_BUTTON_OK_TTIP=Add certificate
+CERTIMPORTDIALOG_BUTTON_CANCEL_LABEL=Cancel
+CERTIMPORTDIALOG_BUTTON_CANCEL_TTIP=close this window
+CERTIMPORTDIALOG_BUTTON_PASTE_LABEL=Paste from the Clipboard
+CERTIMPORTDIALOG_BUTTON_PASTE_TTIP=Paste from the Clipboard
+CERTIMPORTDIALOG_LABEL_CERTNAME_LABEL=Nickname:
+CERTIMPORTDIALOG_LABEL_CERTNAME_TTIP=Unique certificate nickname
+CERTIMPORTDIALOG_LABEL_B64E_LABEL=base-64 Encoded Certificate:
+CERTIMPORTDIALOG_LABEL_B64E_TTIP=Paste base-64 Encoded certificate with BEGIN and END headers.
+CERTVIEWDIALOG_TITLE=View Certificate
+CERTVIEWDIALOG_BUTTON_OK_LABEL=OK
+CERTVIEWDIALOG_BUTTON_OK_TTIP=close this window
+CERTVIEWDIALOG_LABEL_CERTNAME_LABEL=Subject:
+CERTVIEWDIALOG_LABEL_CERTNAME_TTIP=Certificate subject name
+CERTVIEWDIALOG_LABEL_PP_LABEL=Certificate Content:
+CERTVIEWDIALOG_LABEL_PP_TTIP=Certificate Content
+RULEIMPL_TITLE=Rule Plugin Registration
+RULEIMPL_BUTTON_REFRESH_LABEL=Refresh
+RULEIMPL_BUTTON_REFRESH_TTIP=Refresh rule plugin information
+RULEIMPL_BUTTON_ADD_LABEL=Register
+RULEIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+RULEIMPL_BUTTON_DELETE_LABEL=Delete
+RULEIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+RULEIMPL_BUTTON_VIEW_LABEL=View
+RULEIMPL_BUTTON_VIEW_TTIP=View rule plugin details
+RULEIMPL_BUTTON_HELP_LABEL=Help
+RULEIMPL_BUTTON_HELP_TTIP=Online Help
+RULEIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+RULEIMPL_DIALOG_SERVERERROR_TITLE=Error
+RULEIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this rule plugin?
+RULEIMPL_DIALOG_DELETE_TITLE=Warning
+MAPPERIMPL_TITLE=Mapper Plugin Registration
+MAPPERIMPL_BUTTON_REFRESH_LABEL=Refresh
+MAPPERIMPL_BUTTON_REFRESH_TTIP=Refresh mapper plugin information
+MAPPERIMPL_BUTTON_ADD_LABEL=Register
+MAPPERIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+MAPPERIMPL_BUTTON_DELETE_LABEL=Delete
+MAPPERIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+MAPPERIMPL_BUTTON_VIEW_LABEL=View
+MAPPERIMPL_BUTTON_VIEW_TTIP=View mapper plugin details
+MAPPERIMPL_BUTTON_HELP_LABEL=Help
+MAPPERIMPL_BUTTON_HELP_TTIP=Online Help
+MAPPERIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+MAPPERIMPL_DIALOG_SERVERERROR_TITLE=Error
+MAPPERIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this mapper plugin?
+MAPPERIMPL_DIALOG_DELETE_TITLE=Warning
+PUBLISHERIMPL_TITLE=Publisher Plugin Registration
+PUBLISHERIMPL_BUTTON_REFRESH_LABEL=Refresh
+PUBLISHERIMPL_BUTTON_REFRESH_TTIP=Refresh publisher plugin information
+PUBLISHERIMPL_BUTTON_ADD_LABEL=Register
+PUBLISHERIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+PUBLISHERIMPL_BUTTON_DELETE_LABEL=Delete
+PUBLISHERIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+PUBLISHERIMPL_BUTTON_VIEW_LABEL=View
+PUBLISHERIMPL_BUTTON_VIEW_TTIP=View publisher plugin details
+PUBLISHERIMPL_BUTTON_HELP_LABEL=Help
+PUBLISHERIMPL_BUTTON_HELP_TTIP=Online Help
+PUBLISHERIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+PUBLISHERIMPL_DIALOG_SERVERERROR_TITLE=Error
+PUBLISHERIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this publisher plugin?
+PUBLISHERIMPL_DIALOG_DELETE_TITLE=Warning
+POLICYIMPL_TITLE=Policy Plugin Registration
+POLICYIMPL_BUTTON_REFRESH_LABEL=Refresh
+POLICYIMPL_BUTTON_REFRESH_TTIP=Refresh policy plugin information
+POLICYIMPL_BUTTON_ADD_LABEL=Register
+POLICYIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+POLICYIMPL_BUTTON_DELETE_LABEL=Delete
+POLICYIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+POLICYIMPL_BUTTON_VIEW_LABEL=View
+POLICYIMPL_BUTTON_VIEW_TTIP=View policy plugin details
+POLICYIMPL_BUTTON_HELP_LABEL=Help
+POLICYIMPL_BUTTON_HELP_TTIP=Online Help
+POLICYIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+POLICYIMPL_DIALOG_SERVERERROR_TITLE=Error
+POLICYIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this policy plugin?
+POLICYIMPL_DIALOG_DELETE_TITLE=Warning
+POLICYIMPL_BORDER_USERS_LABEL=Policy Implementations
+PROFILEIMPL_TITLE=Certificate Profile Plugin Registration
+PROFILEIMPL_BUTTON_REFRESH_LABEL=Refresh
+PROFILEIMPL_BUTTON_REFRESH_TTIP=Refresh certificate profile plugin information
+PROFILEIMPL_BUTTON_ADD_LABEL=Register
+PROFILEIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+PROFILEIMPL_BUTTON_DELETE_LABEL=Delete
+PROFILEIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+PROFILEIMPL_BUTTON_VIEW_LABEL=View
+PROFILEIMPL_BUTTON_VIEW_TTIP=View certificate profile plugin details
+PROFILEIMPL_BUTTON_HELP_LABEL=Help
+PROFILEIMPL_BUTTON_HELP_TTIP=Online Help
+PROFILEIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+PROFILEIMPL_DIALOG_SERVERERROR_TITLE=Error
+PROFILEIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this certificate profile plugin?
+PROFILEIMPL_DIALOG_DELETE_TITLE=Warning
+PROFILEIMPL_BORDER_USERS_LABEL=Certificate Profile Implementations
+SERVLETIMPL_TITLE=Servlet Plugin Registration
+SERVLETIMPL_BUTTON_REFRESH_LABEL=Refresh
+SERVLETIMPL_BUTTON_REFRESH_TTIP=Refresh servlet plugin information
+SERVLETIMPL_BUTTON_ADD_LABEL=Register
+SERVLETIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+SERVLETIMPL_BUTTON_DELETE_LABEL=Delete
+SERVLETIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+SERVLETIMPL_BUTTON_HELP_LABEL=Help
+SERVLETIMPL_BUTTON_HELP_TTIP=Online Help
+SERVLETIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+SERVLETIMPL_DIALOG_SERVERERROR_TITLE=Error
+SERVLETIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this servlet plugin?
+SERVLETIMPL_DIALOG_DELETE_TITLE=Warning
+SERVLET_TITLE=Servlet Management
+SERVLET_BUTTON_REFRESH_LABEL=Refresh
+SERVLET_BUTTON_REFRESH_TTIP=Refresh servlet information
+SERVLET_BUTTON_EDIT_LABEL=Edit
+SERVLET_BUTTON_EDIT_TTIP=Modify servlet configuration
+SERVLET_BUTTON_ADD_LABEL=Add
+SERVLET_BUTTON_ADD_TTIP=Add new servlet instance
+SERVLET_BUTTON_DELETE_LABEL=Delete
+SERVLET_BUTTON_DELETE_TTIP=Delete selected servlet instance
+SERVLET_BUTTON_HELP_LABEL=Help
+SERVLET_BUTTON_HELP_TTIP=Online Help
+SERVLET_DIALOG_SERVERERROR_MESSAGE=Server Error
+SERVLET_DIALOG_SERVERERROR_TITLE=Error
+SERVLET_DIALOG_DELETE_MESSAGE=Do you want to delete this servlet instance?
+SERVLET_DIALOG_DELETE_TITLE=Warning
+SERVLET_LABEL_ENABLED_LABEL=Enabled
+SERVLET_LABEL_DISABLED_LABEL=Disabled
+OCSPSTORESRULE_TITLE=Revocation Info Store Management
+OCSPSTORESRULE_BUTTON_ORDER_LABEL=Reorder
+OCSPSTORESRULE_BUTTON_ORDER_TTIP=Change Revocation Info Store ordering
+OCSPSTORESRULE_BUTTON_REFRESH_LABEL=Refresh
+OCSPSTORESRULE_BUTTON_REFRESH_TTIP=Refresh Revocation Info Store information
+OCSPSTORESRULE_BUTTON_EDIT_LABEL=Edit/View
+OCSPSTORESRULE_BUTTON_EDIT_TTIP=Modify Revocation Info Store configuration
+OCSPSTORESRULE_BUTTON_ADD_LABEL=Add
+OCSPSTORESRULE_BUTTON_ADD_TTIP=Add new Revocation Info Store
+OCSPSTORESRULE_BUTTON_DELETE_LABEL=Delete
+OCSPSTORESRULE_BUTTON_DELETE_TTIP=Delete selected Revocation Info Store
+OCSPSTORESRULE_BUTTON_HELP_LABEL=Help
+OCSPSTORESRULE_BUTTON_HELP_TTIP=Online Help
+OCSPSTORESRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+OCSPSTORESRULE_DIALOG_SERVERERROR_TITLE=Error
+OCSPSTORESRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this Store?
+OCSPSTORESRULE_DIALOG_DELETE_TITLE=Warning
+OCSPSTORESRULE_LABEL_ENABLED_LABEL=Enabled
+OCSPSTORESRULE_LABEL_DISABLED_LABEL=Disabled
+CRLEXTSRULE_TITLE=CRL Extensions Management
+CRLEXTSRULE_BUTTON_ORDER_LABEL=Reorder
+CRLEXTSRULE_BUTTON_ORDER_TTIP=Change CRL extension ordering
+CRLEXTSRULE_BUTTON_REFRESH_LABEL=Refresh
+CRLEXTSRULE_BUTTON_REFRESH_TTIP=Refresh CRL extension information
+CRLEXTSRULE_BUTTON_EDIT_LABEL=Edit/View
+CRLEXTSRULE_BUTTON_EDIT_TTIP=Modify CRL extension configuration
+CRLEXTSRULE_BUTTON_ADD_LABEL=Add
+CRLEXTSRULE_BUTTON_ADD_TTIP=Add new CRL extension
+CRLEXTSRULE_BUTTON_DELETE_LABEL=Delete
+CRLEXTSRULE_BUTTON_DELETE_TTIP=Delete selected CRL extension
+CRLEXTSRULE_BUTTON_HELP_LABEL=Help
+CRLEXTSRULE_BUTTON_HELP_TTIP=Online Help
+CRLEXTSRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+CRLEXTSRULE_DIALOG_SERVERERROR_TITLE=Error
+CRLEXTSRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this CRL extension?
+CRLEXTSRULE_DIALOG_DELETE_TITLE=Warning
+CRLEXTSRULE_LABEL_ENABLED_LABEL=Enabled
+CRLEXTSRULE_LABEL_DISABLED_LABEL=Disabled
+RULERULE_TITLE=Rules Management
+RULERULE_BUTTON_ORDER_LABEL=Reorder
+RULERULE_BUTTON_ORDER_TTIP=Change rule ordering
+RULERULE_BUTTON_REFRESH_LABEL=Refresh
+RULERULE_BUTTON_REFRESH_TTIP=Refresh rule information
+RULERULE_BUTTON_EDIT_LABEL=Edit/View
+RULERULE_BUTTON_EDIT_TTIP=Modify rule configuration
+RULERULE_BUTTON_ADD_LABEL=Add
+RULERULE_BUTTON_ADD_TTIP=Add new rule
+RULERULE_BUTTON_DELETE_LABEL=Delete
+RULERULE_BUTTON_DELETE_TTIP=Delete selected rule
+RULERULE_BUTTON_HELP_LABEL=Help
+RULERULE_BUTTON_HELP_TTIP=Online Help
+RULERULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+RULERULE_DIALOG_SERVERERROR_TITLE=Error
+RULERULE_DIALOG_DELETE_MESSAGE=Do you want to delete this rule?
+RULERULE_DIALOG_DELETE_TITLE=Warning
+RULERULE_LABEL_ENABLED_LABEL=Enabled
+RULERULE_LABEL_DISABLED_LABEL=Disabled
+MAPPERRULE_TITLE=Mappers Management
+MAPPERRULE_BUTTON_ORDER_LABEL=Reorder
+MAPPERRULE_BUTTON_ORDER_TTIP=Change mapper ordering
+MAPPERRULE_BUTTON_REFRESH_LABEL=Refresh
+MAPPERRULE_BUTTON_REFRESH_TTIP=Refresh mapper information
+MAPPERRULE_BUTTON_EDIT_LABEL=Edit/View
+MAPPERRULE_BUTTON_EDIT_TTIP=Modify mapper configuration
+MAPPERRULE_BUTTON_ADD_LABEL=Add
+MAPPERRULE_BUTTON_ADD_TTIP=Add new mapper
+MAPPERRULE_BUTTON_DELETE_LABEL=Delete
+MAPPERRULE_BUTTON_DELETE_TTIP=Delete selected mapper
+MAPPERRULE_BUTTON_HELP_LABEL=Help
+MAPPERRULE_BUTTON_HELP_TTIP=Online Help
+MAPPERRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+MAPPERRULE_DIALOG_SERVERERROR_TITLE=Error
+MAPPERRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this mapper?
+MAPPERRULE_DIALOG_DELETE_TITLE=Warning
+MAPPERRULE_LABEL_ENABLED_LABEL=Enabled
+MAPPERRULE_LABEL_DISABLED_LABEL=Disabled
+PUBLISHERRULE_TITLE=Publishers Management
+PUBLISHERRULE_BUTTON_ORDER_LABEL=Reorder
+PUBLISHERRULE_BUTTON_ORDER_TTIP=Change publisher ordering
+PUBLISHERRULE_BUTTON_REFRESH_LABEL=Refresh
+PUBLISHERRULE_BUTTON_REFRESH_TTIP=Refresh publisher information
+PUBLISHERRULE_BUTTON_EDIT_LABEL=Edit/View
+PUBLISHERRULE_BUTTON_EDIT_TTIP=Modify publisher configuration
+PUBLISHERRULE_BUTTON_ADD_LABEL=Add
+PUBLISHERRULE_BUTTON_ADD_TTIP=Add new publisher
+PUBLISHERRULE_BUTTON_DELETE_LABEL=Delete
+PUBLISHERRULE_BUTTON_DELETE_TTIP=Delete selected publisher
+PUBLISHERRULE_BUTTON_HELP_LABEL=Help
+PUBLISHERRULE_BUTTON_HELP_TTIP=Online Help
+PUBLISHERRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+PUBLISHERRULE_DIALOG_SERVERERROR_TITLE=Error
+PUBLISHERRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this publisher?
+PUBLISHERRULE_DIALOG_DELETE_TITLE=Warning
+PUBLISHERRULE_LABEL_ENABLED_LABEL=Enabled
+PUBLISHERRULE_LABEL_DISABLED_LABEL=Disabled
+POLICYRULE_TITLE=Policy Rules Management
+POLICYRULE_BUTTON_ORDER_LABEL=Reorder
+POLICYRULE_BUTTON_ORDER_TTIP=Change policy rule ordering
+POLICYRULE_BUTTON_REFRESH_LABEL=Refresh
+POLICYRULE_BUTTON_REFRESH_TTIP=Refresh policy rule information
+POLICYRULE_BUTTON_EDIT_LABEL=Edit/View
+POLICYRULE_BUTTON_EDIT_TTIP=Modify policy rule configuration
+POLICYRULE_BUTTON_ADD_LABEL=Add
+POLICYRULE_BUTTON_ADD_TTIP=Add new rule
+POLICYRULE_BUTTON_DELETE_LABEL=Delete
+POLICYRULE_BUTTON_DELETE_TTIP=Delete selected rule
+POLICYRULE_BUTTON_HELP_LABEL=Help
+POLICYRULE_BUTTON_HELP_TTIP=Online Help
+POLICYRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+POLICYRULE_DIALOG_SERVERERROR_TITLE=Error
+POLICYRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this rule?
+POLICYRULE_DIALOG_DELETE_TITLE=Warning
+POLICYRULE_LABEL_ENABLED_LABEL=Enabled
+POLICYRULE_LABEL_DISABLED_LABEL=Disabled
+PROFILERULE_TITLE=Certificate Profile Instances Management
+PROFILERULE_BUTTON_ORDER_LABEL=Reorder
+PROFILERULE_BUTTON_ORDER_TTIP=Change certificate profile instance ordering
+PROFILERULE_BUTTON_REFRESH_LABEL=Refresh
+PROFILERULE_BUTTON_REFRESH_TTIP=Refresh certificate profile instance information
+PROFILERULE_BUTTON_EDIT_LABEL=Edit/View
+PROFILERULE_BUTTON_EDIT_TTIP=Modify certificate profile instance configuration
+PROFILERULE_BUTTON_ADD_LABEL=Add
+PROFILERULE_BUTTON_ADD_TTIP=Add new instance
+PROFILERULE_BUTTON_DELETE_LABEL=Delete
+PROFILERULE_BUTTON_DELETE_TTIP=Delete selected instance
+PROFILERULE_BUTTON_HELP_LABEL=Help
+PROFILERULE_BUTTON_HELP_TTIP=Online Help
+PROFILERULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+PROFILERULE_DIALOG_SERVERERROR_TITLE=Error
+PROFILERULE_DIALOG_DELETE_MESSAGE=Do you want to delete this instance?
+PROFILERULE_DIALOG_ENABLEPROFILE_MESSAGE=The current certificate profile is in an enabled state.
+PROFILERULE_DIALOG_DELETE_TITLE=Warning
+PROFILERULE_LABEL_ENABLED_LABEL=Enabled
+PROFILERULE_LABEL_DISABLED_LABEL=Disabled
+RULEREGISTERDIALOG_TITLE=Register Mapper Plugin Implementation
+RULEREGISTERDIALOG_TITLE=Register Mapper Plugin Implementation
+RULEREGISTERDIALOG_BUTTON_OK_LABEL=OK
+RULEREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+RULEREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+RULEREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+RULEREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+RULEREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+RULEREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+RULEREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+MAPPERREGISTERDIALOG_TITLE=Register Mapper Plugin Implementation
+MAPPERREGISTERDIALOG_BUTTON_OK_LABEL=OK
+MAPPERREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+MAPPERREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+MAPPERREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+MAPPERREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+MAPPERREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+MAPPERREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+MAPPERREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+PUBLISHERREGISTERDIALOG_TITLE=Register Publisher Plugin Implementation
+PUBLISHERREGISTERDIALOG_BUTTON_OK_LABEL=OK
+PUBLISHERREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+PUBLISHERREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PUBLISHERREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+PUBLISHERREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+PUBLISHERREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+PUBLISHERREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+PUBLISHERREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+POLICYREGISTERDIALOG_TITLE=Register Policy Plugin Implementation
+POLICYREGISTERDIALOG_BUTTON_OK_LABEL=OK
+POLICYREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+POLICYREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+POLICYREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+POLICYREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+POLICYREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+POLICYREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+POLICYREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+PROFILEREGISTERDIALOG_TITLE=Register Profile Plugin Implementation
+PROFILEREGISTERDIALOG_BUTTON_OK_LABEL=OK
+PROFILEREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+PROFILEREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+PROFILEREGISTERDIALOG_LABEL_TYPE_LABEL=Plugin type:
+PROFILEREGISTERDIALOG_LABEL_TYPE_TTIP=Implementation type
+PROFILEREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+PROFILEREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+PROFILEREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+PROFILEREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+PROFILEREGISTERDIALOG_LABEL_DESC_LABEL=Description:
+PROFILEREGISTERDIALOG_LABEL_DESC_TTIP=Description
+EVALUATORREGISTERDIALOG_TITLE=Register Evaluator Plugin Implementation
+EVALUATORREGISTERDIALOG_BUTTON_OK_LABEL=OK
+EVALUATORREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+EVALUATORREGISTERDIALOG_LABEL_NAME_LABEL=Evaluator name:
+EVALUATORREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+ACLEDITDIALOG_TITLE=Access Control Editor
+ACLEDITDIALOG_BUTTON_OK_LABEL=OK
+ACLEDITDIALOG_BUTTON_CANCEL_LABEL=Cancel
+ACLEDITDIALOG_BUTTON_HELP_LABEL=Help
+ACLEDITDIALOG_BUTTON_ADD_LABEL=Add
+ACLEDITDIALOG_BUTTON_DELETE_LABEL=Delete
+ACLEDITDIALOG_BUTTON_EDIT_LABEL=Edit
+ACLEDITDIALOG_LABEL_RESOURCEOBJECT_LABEL=Resource name:
+ACLEDITDIALOG_LABEL_DESC_LABEL=Description:
+ACLEDITDIALOG_LABEL_ACI_LABEL=ACI entries:
+ACLEDITDIALOG_LABEL_RIGHTS_LABEL=Allowable rights:
+ACLEDITDIALOG_INTRO_HELP=Click a labeled component for a help description
+ACLEDITDIALOG_RESOURCEID_HELP=resource ID: Name of the resource, e. g., certServer.ca.certificates
+ACLEDITDIALOG_RIGHTS_HELP=rights: Allowable rights performed on the resource, e. g., read, modify
+ACLEDITDIALOG_ACI_HELP=aci: Access control index. The user may press the add button to add a new aci, press edit to modify an existing aci, or press delete to remove an existing aci
+ACLEDITDIALOG_DESC_HELP=description: Description for the whole access control
+ACLEDITDIALOG_DIALOG_DELETE_MESSAGE=Do you want to delete this access control information?
+ACLEDITDIALOG_DIALOG_DELETE_TITLE=Warning
+ACLEDITDIALOG_DIALOG_EMPTYRIGHTS_MESSAGE=The field for allowable rights must not be empty
+ACLEDITDIALOG_DIALOG_EMPTYRIGHTS_TITLE=Error
+ACLEDITDIALOG_DIALOG_EMPTYACIS_MESSAGE=The field for ACI entries must not be empty
+ACLEDITDIALOG_DIALOG_EMPTYACIS_TITLE=Error
+ACLEDITDIALOG_DIALOG_EMPTYRESOURCEID_MESSAGE=The field for a resource name must not be empty
+ACLEDITDIALOG_DIALOG_EMPTYRESOURCEID_TITLE=Error
+ACLEDITDIALOG_DIALOG_EMPTYDESC_MESSAGE=The field for description must not be empty
+ACLEDITDIALOG_DIALOG_EMPTYDESC_TITLE=Error
+ACIDIALOG_TITLE=ACI Editor
+ACIDIALOG_BUTTON_OK_LABEL=OK
+ACIDIALOG_BUTTON_CANCEL_LABEL=Cancel
+ACIDIALOG_BUTTON_HELP_LABEL=Help
+ACIDIALOG_RADIOBUTTON_ALLOW_LABEL=Allow
+ACIDIALOG_RADIOBUTTON_DENY_LABEL=Deny
+ACIDIALOG_LABEL_SYNTAX_LABEL=Syntax:
+ACIDIALOG_BUTTON_ALLOW_LABEL=Allow
+ACIDIALOG_BUTTON_DENY_LABEL=Deny
+ACIDIALOG_LABEL_ACCESS_LABEL=Access
+ACIDIALOG_LABEL_ATTRIBUTE_LABEL=Attribute Expression:
+ACIDIALOG_LABEL_RIGHTS_LABEL=Rights:
+ACIDIALOG_INTRO_HELP=Click a labeled component for a help description
+ACIDIALOG_ACCESS_HELP=Access: either allow or deny
+ACIDIALOG_RIGHTS_HELP=Rights: Possible action(s) allowed or denied to perform on a resource
+ACIDIALOG_SYNTAX_HELP=Syntax: The syntax expression, e. g., group="Administrators"
+ACIDIALOG_DIALOG_INCORRECTSYNTAX_MESSAGE=Incorrect syntax
+PROFILEREGISTERDIALOG_TITLE=Register Certificate Profile Plugin Implementation
+PROFILEREGISTERDIALOG_BUTTON_OK_LABEL=OK
+PROFILEREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+PROFILEREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+PROFILEREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+PROFILEREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+PROFILEREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+PROFILEREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+STATUSDIALOG_TITLE=Status
+STATUSDIALOG_BUTTON_OK_LABEL=OK
+STATUSDIALOG_BUTTON_OK_TTIP=Close this dialog
+VIEWDIALOG_TITLE=View Plugin Information
+VIEWDIALOG_BUTTON_OK_LABEL=OK
+VIEWDIALOG_BUTTON_OK_TTIP=Close this dialog
+VIEWDIALOG_LABEL_NAME_LABEL=Plugin name:
+VIEWDIALOG_LABEL_NAME_TTIP=Unique implementation name
+VIEWDIALOG_LABEL_CLASS_LABEL=Class name:
+VIEWDIALOG_LABEL_CLASS_TTIP=Full java class name (i. e. - com.netscape.certsrv.policy.SomePolicy)
+VIEWDIALOG_LABEL_DESC_LABEL=Description:
+MANAGECERTDIALOG_TITLE=Certificate Database Management
+MANAGECERTDIALOG_BORDER_CERT_LABEL=Certificates
+MANAGECERTDIALOG_BUTTON_CLOSE_LABEL=Close
+MANAGECERTDIALOG_BUTTON_EDIT_LABEL=Edit
+MANAGECERTDIALOG_BUTTON_EDIT_VIEW_LABEL=Edit/View
+MANAGECERTDIALOG_BUTTON_DELETE_LABEL=Delete
+MANAGECERTDIALOG_BUTTON_HELP_LABEL=Help
+CERTINFODIALOG_TITLE=Certificate Information
+CERTINFODIALOG_BUTTON_CLOSE_LABEL=Close
+CERTINFODIALOG_BUTTON_HELP_LABEL=Help
+CERTINFODIALOG_BUTTON_TRUST_LABEL=Change to Trusted
+CERTINFODIALOG_BUTTON_UNTRUST_LABEL=Change to Untrusted
+CERTINFODIALOG_BUTTON_USER_LABEL=User certificates not applicable
+CERTINFODIALOG_LABEL_MODIFY_LABEL=To change the trust setting, click this button:
+CERTINFODIALOG_LABEL_TRUSTSTATUS_LABEL=Status: The current trust setting for this certificate is TRUSTED.
+CERTINFODIALOG_LABEL_UNTRUSTSTATUS_LABEL=Status: The current trust setting for this certificate is UNTRUSTED.
+CERTINFODIALOG_LABEL_USER_LABEL=Status: The currently-selected certificate is an SSL server certificate, for which the trusted setting is not applicable.
+CERTINFODIALOG_LABEL_CERTNAME_LABEL=Certificate name:
+CERTINFODIALOG_LABEL_CONTENT_LABEL=Certificate content:
+CERTINFODIALOG_BORDER_CERT_LABEL=Certificate
+WARNINGDIALOG_TITLE=Warning
+WARNINGDIALOG_BUTTON_CLOSE_LABEL=Close
+WARNINGDIALOG_TEXT_MISSINGO_LABEL=Leaving out O= will cause Communicator 4.x to crash during SSL\nclient authentication. If you do not provide an O= attribute,\nyou will not be able to access the issuing agent pages.
+WARNINGDIALOG_TEXT_DESC_LABEL=You have chosen to generate a new key pair for your root CA.\nA CA certificate identifies a certificate authority (CA). The subject name in a CA certificate is the CA's issuer name, and the public key in a CA certificate corresponds cryptographically to the private key used by the CA to sign the certificates it issues. The CA certificate is used to validate all of the other certificates signed by the authority. When you change the CA key, all certificates that rely on the CA certificate for validation will no longer be validated.\nBefore getting a new certificate for your root CA, you must consider the possible effects on your PKI setup of changing the key pair of the root CA.\nContinue with the wizard process if you have already planned to address issues involved in deploying the new CA certificate across your PKI. If you haven't, click Cancel to quit the wizard process.
+WARNINGDIALOG_TEXT_INVALIDCACERT_LABEL=Your CA signing certificate is not valid since the begin time is set in the future. You will not be able to sign any certificate at all.
+WARNINGDIALOG_TEXT_INVALIDRACERT_LABEL=Your certificate is not valid since the begin time is set in the future.
+GENERALWIZARD_LABEL_NEXT_LABEL=Click Next to continue.
+INTROKEYCERTWIZARD_TITLE=Certificate Setup Wizard
+INTROKEYCERTWIZARD_BORDER_INTROKEYCERTWIZARD_LABEL=Introduction
+INTROKEYCERTWIZARD_TEXT_DESC_LABEL=This wizard will take you through the process of requesting and installing certificates.
+OPERATIONSELECTIONWIZARD_TITLE=Certificate Setup Wizard
+OPERATIONSELECTIONWIZARD_BORDER_OPERATIONSELECTIONWIZARD_LABEL=Type of Operation
+OPERATIONSELECTIONWIZARD_LABEL_OPERATIONTYPE_LABEL=Select the type of operation you want to perform:
+OPERATIONSELECTIONWIZARD_RADIOBUTTON_INSTALL_LABEL=Install a certificate
+OPERATIONSELECTIONWIZARD_RADIOBUTTON_REQUEST_LABEL=Request a certificate
+TOKENSELECTIONWIZARD_LABEL_TOKENSELECTION_LABEL=Please select the token where the key pair resides:
+TOKENSELECTIONWIZARD_LABEL_TOKEN_LABEL=Token (Cryptographic Device):
+TOKENSELECTIONWIZARD_LABEL_PASSWORD_LABEL=Trust Database Password:
+TOKENSELECTIONWIZARD_DIALOG_EMPTYPASSWD_MESSAGE=No empty password allowed
+KEYWIZARD_BORDER_CASIGNING_LABEL=Key-Pair Information for the Certificate Manager CA Signing Certificate
+KEYWIZARD_BORDER_RASIGNING_LABEL=Key-Pair Information for the Registration Manager Signing Certificate
+KEYWIZARD_BORDER_KRATRANSPORT_LABEL=Key-Pair Information for the Data Recovery Manager Transport Certificate
+KEYWIZARD_BORDER_SERVER_LABEL=Key-Pair Information for the SSL Server Certificate
+KEYWIZARD_BORDER_OCSPSIGNING_LABEL=Key-Pair Information for the OCSP Signing Certificate
+KEYWIZARD_BORDER_OTHER_LABEL=Certificate Request for the log and CRL signing Certificate
+TOKENLOGONWIZARD_TITLE=Certificate Setup Wizard
+TOKENLOGONWIZARD_BORDER_TOKENLOGONWIZARD_LABEL=Logon Token
+TOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the token:
+TOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+TOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+TOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+TOKENLOGONWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+KEYWIZARD_TITLE=Certificate Setup Wizard
+KEYWIZARD_BORDER_KEYWIZARD_LABEL=Key-Pair Information
+KEYWIZARD_LABEL_KEYPAIR_LABEL=Specify which key pair to use for this request:
+KEYWIZARD_RADIOBUTTON_OLDKEY_LABEL=Use existing key pair
+KEYWIZARD_RADIOBUTTON_NEWKEY_LABEL=Create new key pair
+KEYWIZARD_LABEL_TOKEN_LABEL=Token:
+KEYWIZARD_LABEL_PWD_LABEL=Password:
+KEYWIZARD_LABEL_NICKNAME_LABEL=Select a nickname as follows:
+KEYWIZARD_COMBOBOX_DSAKEYTYPE_VALUE_0=RSA
+KEYWIZARD_COMBOBOX_DSAKEYTYPE_VALUE_1=DSA
+KEYWIZARD_COMBOBOX_DSAKEYTYPE_VALUE_2=ECC
+KEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+KEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=ECC
+KEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+KEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+KEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+KEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+KEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_2=Custom
+KEYWIZARD_LABEL_KEYCURVE_LABEL=Curve Name:
+KEYWIZARD_COMBOBOX_KEYCURVE_VALUE_0=nistp521
+KEYWIZARD_COMBOBOX_KEYCURVE_VALUE_1=Custom
+KEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_0=1024
+KEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_1=Custom
+KEYWIZARD_LABEL_UNITS_LABEL=bits
+KEYWIZARD_LABEL_KEY_LABEL=Specify the key type and key length:
+KEYWIZARD_LABEL_CUSTOMKEY_LABEL=Enter a value for the customized key length:
+KEYWIZARD_LABEL_CUSTOMKEYCURVE_LABEL=Enter a value for the customized curve name:
+KEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) on which to generate the key pair:
+KEYWIZARD_DIALOG_CASIGNINGCERTNOTFOUND_MESSAGE=The CA signing certificate cannot be found
+KEYWIZARD_DIALOG_BLANKLEN_MESSAGE=Key length cannot be blank
+KEYWIZARD_DIALOG_NONINTEGER_MESSAGE=Key length is not an integer
+KEYWIZARD_DIALOG_INVALIDKEYLEN_MESSAGE=Invalid key length
+KEYWIZARD_DIALOG_BLANKCURVE_MESSAGE=ECC key curve name cannot be blank
+KEYWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+KEYWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+KEYWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+KEYWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+CAKEYWIZARD_TITLE=Certificate Setup Wizard
+CAKEYWIZARD_BORDER_CAKEYWIZARD_LABEL=Setup the Key Information for a CA Signing Certificate
+CAKEYWIZARD_TEXT_HEADING_LABEL=The Certificate Authority generates a CA signing certificate to sign other certificates.
+CAKEYWIZARD_TEXT_HARDWARE_LABEL=If you select a token other than the internal token, please login first.
+CAKEYWIZARD_TEXT_TOKENHEADING_LABEL=The keypair can reside on the internal token or on an external token.
+CAKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+CAKEYWIZARD_LABEL_PWD_LABEL=Password:
+CAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+CAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+CAKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+CAKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+CAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+CAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+CAKEYWIZARD_LABEL_UNITS_LABEL=bits
+CAKEYWIZARD_TEXT_KEY_LABEL=Please specify the key type and key length as follows:
+CAKEYWIZARD_TEXT_CUSTOMKEY_LABEL=If you want to customize the key length, please enter the value as follows:
+CAKEYWIZARD_DIALOG_CASIGNINGCERTNOTFOUND_MESSAGE=The CA signing certificate cannot be found
+RAKEYWIZARD_TITLE=Certificate Setup Wizard
+RAKEYWIZARD_BORDER_KEYWIZARD_LABEL=Setup the Key Information for an RA Signing Certificate
+RAKEYWIZARD_TEXT_HEADING_LABEL=The RA signing certificate will be signed by the CA signing certificate.
+RAKEYWIZARD_TEXT_HARDWARE_LABEL=If you select a token other than the internal token, please login first.
+RAKEYWIZARD_TEXT_TOKENHEADING_LABEL=The keypair can reside on the internal token or on an external token.
+RAKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+RAKEYWIZARD_LABEL_PWD_LABEL=Password:
+RAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+RAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+RAKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+RAKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+RAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+RAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+RAKEYWIZARD_LABEL_UNITS_LABEL=bits
+RAKEYWIZARD_TEXT_KEY_LABEL=Please specify the key type and key length as follows:
+RAKEYWIZARD_TEXT_CUSTOMKEY_LABEL=If you want to customize the key length, please enter the value as follows:
+SSLKEYWIZARD_TITLE=Certificate Setup Wizard
+SSLKEYWIZARD_BORDER_SSLKEYWIZARD_LABEL=Setup the Key Information for the SSL Server Certificate
+SSLKEYWIZARD_TEXT_HEADING_LABEL=The SSL server certificate will be signed by the CA signing certificate.
+SSLKEYWIZARD_TEXT_HARDWARE_LABEL=If you select a token other than the internal token, please login first.
+SSLKEYWIZARD_TEXT_TOKENHEADING_LABEL=The keypair can reside on the internal token or on an external token.
+SSLKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+SSLKEYWIZARD_LABEL_PWD_LABEL=Password:
+SSLKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+SSLKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+SSLKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+SSLKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+SSLKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+SSLKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+SSLKEYWIZARD_LABEL_UNITS_LABEL=bits
+SSLKEYWIZARD_TEXT_KEY_LABEL=Please specify the key type and key length as follows:
+SSLKEYWIZARD_TEXT_CUSTOMKEY_LABEL=If you want to customize the key length, please enter the value as follows:
+GENERATEREQWIZARD_TITLE=Certificate Setup Wizard
+GENERATEREQWIZARD_BORDER_GENERATEREQWIZARD_LABEL=Generate a Certificate Request
+GENERATEREQWIZARD_TEXT_REQUEST_LABEL=The Wizard will now continue with the certificate request process. Before requesting a certificate, you should click \"Help\" and read through the detailed steps.
+CERTTYPEWIZARD_LABEL_OTHER_LABEL=Other
+CERTTYPEWIZARD_LABEL_CERTTYPE_LABEL=Certificate Type
+CERTTYPEWIZARD_TITLE=Certificate Setup Wizard
+CERTTYPEWIZARD_BORDER_CERTTYPEWIZARD_LABEL=Certificate Selection
+CERTTYPEWIZARD_LABEL_HEADING_LABEL=The wizard will now guide you through the certificate request process.
+CERTTYPEWIZARD_LABEL_HEADING1_LABEL=Select the certificate you want to request:
+CERTTYPEWIZARD_LABEL_SERVERCERT_LABEL=SSL Server Certificate
+CERTTYPEWIZARD_LABEL_SERVERCERTRADM_LABEL=SSL Server Certificate for Remote Admin
+CERTTYPEWIZARD_LABEL_CASIGNINGCERT_LABEL=Certificate Manager CA Signing Certificate
+CERTTYPEWIZARD_LABEL_RASIGNINGCERT_LABEL=Registration Manager Signing Certificate
+CERTTYPEWIZARD_LABEL_OCSPSIGNINGCERT_LABEL=OCSP Signing Certificate
+CERTTYPEWIZARD_LABEL_KRATRANSPORTCERT_LABEL=Data Recovery Manager Transport Certificate
+CERTTYPEWIZARD_LABEL_SUBSYSTEMCERT_LABEL=Subsystem Certificate
+CERTTYPEWIZARD_LABEL_AUDITSIGNINGCERT_LABEL=Audit Signing Certificate
+CERTTYPEWIZARD_TEXT_CATYPE_LABEL=Is this certificate request for a self-signed certificate authority (CA) or a subordinate CA?
+CERTTYPEWIZARD_RADIOBUTTON_SELFSIGN_LABEL=Self-signed CA
+CERTTYPEWIZARD_RADIOBUTTON_SUBORDINATE_LABEL=Subordinate CA
+CERTTYPEWIZARD_TEXT_SERVERTYPE_LABEL=Do you want to sign this SSL server certificate with this CA's Signing Certificate, or do you want to create a certificate signing request to submit to another CA?
+CERTTYPEWIZARD_TEXT_OCSPTYPE_LABEL=Do you want to sign this OCSP certificate with this CA's Signing Certificate, or do you want to create a certificate signing request to submit to another CA?
+CERTTYPEWIZARD_RADIOBUTTON_SERVER_SELFSIGN_LABEL=Sign this SSL Certificate with my CA Signing Certificate
+CERTTYPEWIZARD_RADIOBUTTON_SERVER_SUBORDINATE_LABEL=Create a request for submission to another CA
+CERTTYPEWIZARD_RADIOBUTTON_SELFSIGNOCSP_LABEL=Sign this OCSP Certificate with my CA Signing Certificate
+CERTTYPEWIZARD_RADIOBUTTON_SUBORDINATEOCSP_LABEL=Create a request for submission to another CA
+CERTTYPEWIZARD_DIALOG_BLANKCERTTYPE_MESSAGE=Certificate type cannot be blank
+CACERTREQUESTWIZARD_TITLE=Certificate Setup Wizard
+CACERTREQUESTWIZARD_BORDER_CACERTREQUESTWIZARD_LABEL=Generate a Certificate Request -1
+CACERTREQUESTWIZARD_LABEL_CATYPE_LABEL=1. Is this Certificate Authority a self-signed CA or a subordinate CA?
+CACERTREQUESTWIZARD_LABEL_KEYPAIR_LABEL=2. Create a new key pair?
+CACERTREQUESTWIZARD_TEXT_METHOD_LABEL=3. How do you wish to submit this certificate request to the certificate authority (CA)?
+CACERTREQUESTWIZARD_RADIOBUTTON_SELFSIGN_LABEL=Self-signed Certificate Authority
+CACERTREQUESTWIZARD_RADIOBUTTON_SUBORDINATE_LABEL=Subordinate Certificate Authority
+CACERTREQUESTWIZARD_RADIOBUTTON_NEWKEY_LABEL=No, use existing
+CACERTREQUESTWIZARD_RADIOBUTTON_OLDKEY_LABEL=Yes, new key material
+CACERTREQUESTWIZARD_RADIOBUTTON_EMAIL_LABEL=To CA's email address:
+CACERTREQUESTWIZARD_RADIOBUTTON_URL_LABEL=To CA's URL
+CACERTREQUESTWIZARD_RADIOBUTTON_MANUAL_LABEL=Manually
+OTHERCERTREQUESTWIZARD_TITLE=Certificate Setup Wizard
+OTHERCERTREQUESTWIZARD_BORDER_OTHERCERTREQUESTWIZARD_LABEL=Generate a Certificate Request -1
+OTHERCERTREQUESTWIZARD_LABEL_KEYPAIR_LABEL=2. Create a new key pair?
+OTHERCERTREQUESTWIZARD_TEXT_METHOD_LABEL=1. How do you wish to submit this certificate request to the certificate authority (CA)?
+OTHERCERTREQUESTWIZARD_RADIOBUTTON_OLDKEY_LABEL=No, use existing
+OTHERCERTREQUESTWIZARD_RADIOBUTTON_NEWKEY_LABEL=Yes, new key material
+OTHERCERTREQUESTWIZARD_RADIOBUTTON_EMAIL_LABEL=To CA's email address:
+OTHERCERTREQUESTWIZARD_RADIOBUTTON_URL_LABEL=To CA's URL:
+OTHERCERTREQUESTWIZARD_RADIOBUTTON_MANUAL_LABEL=Manually
+INSTALLOPWIZARD_TITLE=Certificate Setup Wizard
+INSTALLOPWIZARD_BORDER_INSTALLOPWIZARD_LABEL=Certificate Selection
+INSTALLOPWIZARD_LABEL_INSTALLCERT_LABEL=Specify the certificate you want to install:
+INSTALLOPWIZARD_LABEL_OTHERCERT_LABEL=Other Certificate(s)
+INSTALLOPWIZARD_LABEL_SERVERCERT_LABEL=SSL Server Certificate(s)
+INSTALLOPWIZARD_LABEL_SERVERCERTRADM_LABEL=SSL Server Certificate(s) for Remote Admin
+INSTALLOPWIZARD_LABEL_CASIGNINGCERT_LABEL=Certificate Manager CA Signing Certificate(s)
+INSTALLOPWIZARD_LABEL_OCSPSIGNINGCERT_LABEL=OCSP Signing Certificate(s)
+INSTALLOPWIZARD_LABEL_RASIGNINGCERT_LABEL=Registration Manager Signing Certificate(s)
+INSTALLOPWIZARD_LABEL_KRATRANSPORTCERT_LABEL=Data Recovery Manager Transport Certificate(s)
+INSTALLOPWIZARD_LABEL_INTRO_LABEL=The wizard will now guide you through the certificate installation process.
+INSTALLCERTCHAINWIZARD_TITLE=Certificate Setup Wizard
+INSTALLCERTCHAINWIZARD_BORDER_INSTALLCERTCHAINWIZARD_LABEL=Certificate Selection
+INSTALLCERTCHAINWIZARD_LABEL_INSTALLCERT_LABEL=Specify the certificate you want to install:
+INSTALLCERTCHAINWIZARD_LABEL_INTRO_LABEL=The wizard will now guide you through the certificate installation process.
+INSTALLCERTCHAINWIZARD_COMBOBOX_CERTCHAINTYPE_VALUE_0=Untrusted CA Certificate Chain
+INSTALLCERTCHAINWIZARD_COMBOBOX_CERTCHAINTYPE_VALUE_1=Trusted CA Certificate Chain
+INSTALLGENCAWIZARD_TITLE=Installation Wizard
+INSTALLGENCAWIZARD_BORDER_INSTALLGENCAWIZARD_LABEL=Certificate Manager CA Signing Certificate Creation
+INSTALLGENCAWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate. Click Next to generate and install the certificate.
+LOGONALLTOKENSWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENCAWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENRAWIZARD_TITLE=Installation Wizard
+INSTALLGENRAWIZARD_BORDER_INSTALLGENRAWIZARD_LABEL=Registration Manager Signing Certificate Creation
+INSTALLGENRAWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate. Click Next to generate and install the certificate.
+INSTALLGENRAWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENKRAWIZARD_TITLE=Installation Wizard
+INSTALLGENKRAWIZARD_BORDER_INSTALLGENKRAWIZARD_LABEL=Data Recovery Manager Transport Certificate Creation
+INSTALLGENKRAWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate. Click Next to generate and install the certificate.
+INSTALLGENKRAWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENSSLWIZARD_TITLE=Installation Wizard
+INSTALLGENSSLWIZARD_BORDER_INSTALLGENSSLWIZARD_LABEL=SSL Server Certificate Creation
+INSTALLGENSSLWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate. Click Next to generate the certificate.
+INSTALLGENSSLWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENCACERTREQWIZARD_TITLE=Installation Wizard
+INSTALLGENCACERTREQWIZARD_BORDER_INSTALLGENCACERTREQWIZARD_LABEL=CA Signing Certificate Request Creation
+INSTALLGENCACERTREQWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate request. Click Next to generate them.
+INSTALLGENCACERTREQWIZARD_RADIOBUTTON_PKCS10_LABEL=Generate a PKCS #10 request.
+INSTALLGENCACERTREQWIZARD_RADIOBUTTON_CMC_LABEL=Generate a full CMC enrollment request.
+INSTALLGENCACERTREQWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENRACERTREQWIZARD_TITLE=Installation Wizard
+INSTALLGENRACERTREQWIZARD_BORDER_INSTALLGENRACERTREQWIZARD_LABEL=Registration Manager Signing Certificate Request Creation
+INSTALLGENRACERTREQWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate request. Click Next to generate them.
+INSTALLGENRACERTREQWIZARD_RADIOBUTTON_PKCS10_LABEL=Generate a PKCS #10 request.
+INSTALLGENRACERTREQWIZARD_RADIOBUTTON_CMC_LABEL=Generate a full CMC enrollment request.
+INSTALLGENRACERTREQWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENKRACERTREQWIZARD_TITLE=Installation Wizard
+INSTALLGENKRACERTREQWIZARD_BORDER_INSTALLGENKRACERTREQWIZARD_LABEL=Data Recovery Manager Transport Certificate Request Creation
+INSTALLGENKRACERTREQWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate request. Click Next to generate them.
+INSTALLGENKRACERTREQWIZARD_RADIOBUTTON_PKCS10_LABEL=Generate a PKCS #10 request.
+INSTALLGENKRACERTREQWIZARD_RADIOBUTTON_CMC_LABEL=Generate a full CMC enrollment request.
+INSTALLGENKRACERTREQWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLGENSSLCERTREQWIZARD_TITLE=Installation Wizard
+INSTALLGENSSLCERTREQWIZARD_BORDER_INSTALLGENSSLCERTREQWIZARD_LABEL=SSL Server Certificate Request Creation
+INSTALLGENSSLCERTREQWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate request. Click Next to generate them.
+INSTALLGENSSLCERTREQWIZARD_RADIOBUTTON_PKCS10_LABEL=Generate a PKCS #10 request.
+INSTALLGENSSLCERTREQWIZARD_RADIOBUTTON_CMC_LABEL=Generate a full CMC enrollment request.
+INSTALLGENSSLCERTREQWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLINTROSINGLESIGNON_TITLE=Installation Wizard
+INSTALLINTROSINGLESIGNON_BORDER_INSTALLINTROSINGLESIGNON_LABEL=Single Signon - 1
+INSTALLINTROSINGLESIGNON_TEXT_HEADING_LABEL=Do you want to have single signon?
+INSTALLINTROSINGLESIGNON_LABEL_HEADING_LABEL=Do you want to have single signon?
+INSTALLINTROSINGLESIGNON_RADIOBUTTON_YES_LABEL=Yes.
+INSTALLINTROSINGLESIGNON_RADIOBUTTON_NO_LABEL=No.
+INSTALLSINGLESIGNON_TITLE=Installation Wizard
+INSTALLSINGLESIGNON_BORDER_INSTALLSINGLESIGNON_LABEL=Single Sign-on Summary
+INSTALLSINGLESIGNON_TEXT_HEADING_LABEL=A single sign-on password (internal cryptographic token password) will be used to encrypt all the passwords that are required to start CS.
+INSTALLSINGLESIGNON_TEXT_HEADING1_LABEL=Select the token which stores the single signon key:
+INSTALLSINGLESIGNON_TEXT_PASSWDCONF_LABEL=To enable starting and restarting of CS from a remote Dogtag Console, the wizard stores passwords for the cryptographic tokens in the 'password.conf' file, a text file maintained in the <server_root>/cert-<instance_id>/config directory. Removing this file will disable support for starting and restarting of CS remotely.
+INSTALLSINGLESIGNON_CHECKBOX_PASSWDCONF_LABEL=Remove password.conf after configuration
+INSTALLSINGLESIGNON_LABEL_TOKEN_LABEL=Token name:
+INSTALLSINGLESIGNON_LABEL_PASSWD_LABEL=Token password:
+INSTALLSINGLESIGNON_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INSTALLSINGLESIGNON_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INSTALLSINGLESIGNON_DIALOG_BLANKPASSWD_TITLE=Error
+INSTALLSINGLESIGNON_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+INSTALLSINGLESIGNON_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLDISPLAYOCSPCERTWIZARD_BORDER_INSTALLDISPLAYOCSPCERTWIZARD_LABEL=Certificate Details
+INSTALLDISPLAYCACERTWIZARD_TITLE=Installation Wizard
+INSTALLDISPLAYCACERTWIZARD_BORDER_INSTALLDISPLAYCACERTWIZARD_LABEL=Certificate Details
+INSTALLDISPLAYCACERTWIZARD_LABEL_NAME_LABEL=Certificate name:
+INSTALLDISPLAYCACERTWIZARD_LABEL_CONTENT_LABEL=This is the certificate you have chosen to install:
+INSTALLDISPLAYCACERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLDISPLAYRACERTWIZARD_TITLE=Installation Wizard
+INSTALLDISPLAYRACERTWIZARD_BORDER_INSTALLDISPLAYRACERTWIZARD_LABEL=Certificate Details
+INSTALLDISPLAYRACERTWIZARD_LABEL_NAME_LABEL=Certificate name:
+INSTALLDISPLAYRACERTWIZARD_LABEL_CONTENT_LABEL=This is the certificate you have chosen to install:
+INSTALLDISPLAYRACERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLDISPLAYKRACERTWIZARD_TITLE=Installation Wizard
+INSTALLDISPLAYKRACERTWIZARD_BORDER_INSTALLDISPLAYKRACERTWIZARD_LABEL=Certificate Details
+INSTALLDISPLAYKRACERTWIZARD_LABEL_NAME_LABEL=Certificate name:
+INSTALLDISPLAYKRACERTWIZARD_LABEL_CONTENT_LABEL=This is the certificate you have chosen to install:
+INSTALLDISPLAYKRACERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLDISPLAYSSLCERTWIZARD_TITLE=Installation Wizard
+INSTALLDISPLAYSSLCERTWIZARD_BORDER_INSTALLDISPLAYSSLCERTWIZARD_LABEL=Certificate Details
+INSTALLDISPLAYSSLCERTWIZARD_LABEL_NAME_LABEL=Certificate name:
+INSTALLDISPLAYSSLCERTWIZARD_LABEL_CONTENT_LABEL=This is the certificate you have chosen to install:
+INSTALLDISPLAYSSLCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTEOCSPCERTWIZARD_BORDER_INSTALLPASTEOCSPCERTWIZARD_LABEL=Location of the Certificate
+INSTALLPASTECACERTWIZARD_TITLE=Installation Wizard
+INSTALLPASTECACERTWIZARD_BORDER_INSTALLPASTECACERTWIZARD_LABEL=Location of the Certificate
+INSTALLPASTECACERTWIZARD_LABEL_INTRO_LABEL=Indicate the location of the certificate:
+INSTALLPASTECACERTWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLPASTECACERTWIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in this file:
+INSTALLPASTECACERTWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the text area below:
+INSTALLPASTECACERTWIZARD_TEXT_DESC_LABEL=Paste a base-64 encoded certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area.
+INSTALLPASTECACERTWIZARD_DIALOG_EMPTYFILE_MESSAGE=The file field should not be empty
+INSTALLPASTECACERTWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLPASTECACERTWIZARD_DIALOG_B64EEMPTY_MESSAGE=The base-64 encoded text field should not be empty
+INSTALLPASTECACERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTECACERTWIZARD_RADIOBUTTON_QUERY_LABEL=The certificate is at the CS where your request was sent.
+INSTALLPASTECACERTWIZARD_TEXT_QUERY_LABEL=Specify the CS's host name, EE port number, and the request ID:
+INSTALLPASTECACERTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLPASTECACERTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLPASTECACERTWIZARD_DIALOG_BLANKRID_MESSAGE=Request ID cannot be blank.
+INSTALLPASTECACERTWIZARD_DIALOG_INVALIDRID_MESSAGE=Request ID is not an integer.
+INSTALLPASTECACERTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLPASTECACERTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLPASTECACERTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLPASTECACERTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLPASTECACERTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLPASTECACERTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLPASTECACERTWIZARD_LABEL_RID_LABEL=Request ID:
+INSTALLPASTERACERTWIZARD_TITLE=Installation Wizard
+INSTALLPASTERACERTWIZARD_BORDER_INSTALLPASTERACERTWIZARD_LABEL=Location of the Certificate
+INSTALLPASTERACERTWIZARD_LABEL_INTRO_LABEL=Indicate the location of the certificate:
+INSTALLPASTERACERTWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLPASTERACERTWIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in this file:
+INSTALLPASTERACERTWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the text area below:
+INSTALLPASTERACERTWIZARD_TEXT_DESC_LABEL=Paste a base-64 encoded certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area.
+INSTALLPASTERACERTWIZARD_DIALOG_EMPTYFILE_MESSAGE=The file field should not be empty
+INSTALLPASTERACERTWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLPASTERACERTWIZARD_DIALOG_B64EEMPTY_MESSAGE=The base-64 encoded text field should not be empty
+INSTALLPASTERACERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTERACERTWIZARD_RADIOBUTTON_QUERY_LABEL=The certificate is at the CS where your request was sent.
+INSTALLPASTERACERTWIZARD_TEXT_QUERY_LABEL=Specify the CS's host name, EE port number, and the request ID:
+INSTALLPASTERACERTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLPASTERACERTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLPASTERACERTWIZARD_DIALOG_BLANKRID_MESSAGE=Request ID cannot be blank.
+INSTALLPASTERACERTWIZARD_DIALOG_INVALIDRID_MESSAGE=Request ID is not an integer.
+INSTALLPASTERACERTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLPASTERACERTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLPASTERACERTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLPASTERACERTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLPASTERACERTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLPASTERACERTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLPASTERACERTWIZARD_LABEL_RID_LABEL=Request ID:
+INSTALLPASTEKRACERTWIZARD_TITLE=Installation Wizard
+INSTALLPASTEKRACERTWIZARD_BORDER_INSTALLPASTEKRACERTWIZARD_LABEL=Location of the Certificate
+INSTALLPASTEKRACERTWIZARD_LABEL_INTRO_LABEL=Indicate the location of the certificate:
+INSTALLPASTEKRACERTWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLPASTEKRACERTWIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in this file:
+INSTALLPASTEKRACERTWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the text area below:
+INSTALLPASTEKRACERTWIZARD_TEXT_DESC_LABEL=Paste a base-64 encoded certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area.
+INSTALLPASTEKRACERTWIZARD_DIALOG_EMPTYFILE_MESSAGE=The file field should not be empty
+INSTALLPASTEKRACERTWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLPASTEKRACERTWIZARD_DIALOG_B64EEMPTY_MESSAGE=The base-64 encoded text field should not be empty
+INSTALLPASTEKRACERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTEKRACERTWIZARD_RADIOBUTTON_QUERY_LABEL=The certificate is at the CS where your request was sent.
+INSTALLPASTEKRACERTWIZARD_TEXT_QUERY_LABEL=Specify the CS's host name, EE port number, and the request ID:
+INSTALLPASTEKRACERTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLPASTEKRACERTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLPASTEKRACERTWIZARD_DIALOG_BLANKRID_MESSAGE=Request ID cannot be blank.
+INSTALLPASTEKRACERTWIZARD_DIALOG_INVALIDRID_MESSAGE=Request ID is not an integer.
+INSTALLPASTEKRACERTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLPASTEKRACERTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLPASTEKRACERTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLPASTEKRACERTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLPASTEKRACERTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLPASTEKRACERTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLPASTEKRACERTWIZARD_LABEL_RID_LABEL=Request ID:
+INSTALLPASTESSLCERTWIZARD_TITLE=Installation Wizard
+INSTALLPASTESSLCERTWIZARD_BORDER_INSTALLPASTESSLCERTWIZARD_LABEL=Location of the Certificate
+INSTALLPASTESSLCERTWIZARD_LABEL_INTRO_LABEL=Indicate the location of the certificate:
+INSTALLPASTESSLCERTWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLPASTESSLCERTWIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in this file:
+INSTALLPASTESSLCERTWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the text area below:
+INSTALLPASTESSLCERTWIZARD_TEXT_DESC_LABEL=Paste a base-64 encoded certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area.
+INSTALLPASTESSLCERTWIZARD_DIALOG_EMPTYFILE_MESSAGE=The file field should not be empty
+INSTALLPASTESSLCERTWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLPASTESSLCERTWIZARD_DIALOG_B64EEMPTY_MESSAGE=The base-64 encoded text field should not be empty
+INSTALLPASTESSLCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLPASTESSLCERTWIZARD_RADIOBUTTON_QUERY_LABEL=The certificate is at the CS where your request was sent.
+INSTALLPASTESSLCERTWIZARD_TEXT_QUERY_LABEL=Specify the CS's host name, EE port number, and the request ID:
+INSTALLPASTESSLCERTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLPASTESSLCERTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLPASTESSLCERTWIZARD_DIALOG_BLANKRID_MESSAGE=Request ID cannot be blank.
+INSTALLPASTESSLCERTWIZARD_DIALOG_INVALIDRID_MESSAGE=Request ID is not an integer.
+INSTALLPASTESSLCERTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLPASTESSLCERTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLPASTESSLCERTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLPASTESSLCERTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLPASTESSLCERTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLPASTESSLCERTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLPASTESSLCERTWIZARD_LABEL_RID_LABEL=Request ID:
+INSTALLCONFIGSTATUSWIZARD_TITLE=Installation Wizard
+INSTALLCONFIGSTATUSWIZARD_BORDER_INSTALLCONFIGSTATUSWIZARD_LABEL=Configuration Status
+INSTALLCONFIGSTATUSWIZARD_TEXT_DESC_LABEL=You have successfully configured the Certificate System.
+INSTALLCONFIGSTATUSWIZARD_CATEXT_DESC_LABEL=You have successfully configured the Certificate System.\nYou should now use a browser to connect to the administration port to get an agent certificate:
+INSTALLCONFIGSTATUSWIZARD_RATEXT_DESC_LABEL=You have successfully configured the Certificate System. You should login to the CS window within the Dogtag Console, and create an agent user for the Registration Manager if there is none available. For information on creating agents, see \"Chapter 8, Authorization\" in the Administrator's Guide.
+INSTALLCONFIGSTATUSWIZARD_OCSPTEXT_DESC_LABEL=You have successfully configured the Certificate System. You should login to the CS window within the Dogtag Console, and create an agent user for the Online Certificate Status Manager if there is none available. For information on creating agents, see \"Chapter 8, Authorization\" in the Administrator's Guide.
+INSTALLCONFIGSTATUSWIZARD_KRATEXT_DESC_LABEL=You have successfully configured the Certificate System. You should login to the CS window within the Dogtag Console, and create an agent user for the Data Recovery Manager. For information on creating agents, see \"Chapter 8, Authorization\" in the Administrator's Guide.
+INSTALLCONFIGSTATUSWIZARD_CAKRATEXT_DESC_LABEL=You should login to the CS window within the Dogtag Console, and create an agent user for the Data Recovery Manager. For information on creating agents, see \"Chapter 8, Authorization\" in the Administrator's Guide.
+INSTALLCONFIGSTATUSWIZARD_RAKRATEXT_DESC_LABEL=You have successfully configured the Certificate System. You should login to the CS window within the Dogtag Console, and create an agent user for the Registration Manager and the Data Recovery Manager respectively. For information on creating agents, see \"Chapter 8, Authorization\" in the Administrator's Guide.
+INSTALLCONFIGSTATUSWIZARD_TKSTEXT_DESC_LABEL=You have successfully configured the TKS Management System. Please setup your Token Processing System (TPS).
+INSTALLCAINTROWIZARD_TITLE=Installation Wizard
+INSTALLCAINTROWIZARD_BORDER_INSTALLCAINTROWIZARD_LABEL=CA Signing Certificate Installation
+INSTALLCAINTROWIZARD_TEXT_HEADING_LABEL=Do you want to install the certificate now?
+INSTALLCAINTROWIZARD_RADIOBUTTON_YES_LABEL=Yes.
+INSTALLCAINTROWIZARD_RADIOBUTTON_NO_LABEL=No.
+INSTALLRAINTROWIZARD_TITLE=Installation Wizard
+INSTALLRAINTROWIZARD_BORDER_INSTALLRAINTROWIZARD_LABEL=Registration Manager Signing Certificate Installation
+INSTALLRAINTROWIZARD_TEXT_HEADING_LABEL=Do you want to install the certificate now?
+INSTALLRAINTROWIZARD_RADIOBUTTON_YES_LABEL=Yes.
+INSTALLRAINTROWIZARD_RADIOBUTTON_NO_LABEL=No.
+INSTALLKRAINTROWIZARD_TITLE=Installation Wizard
+INSTALLKRAINTROWIZARD_BORDER_INSTALLKRAINTROWIZARD_LABEL=Data Recovery Manager Transport Certificate Installation
+INSTALLKRAINTROWIZARD_TEXT_HEADING_LABEL=Do you want to install the certificate now?
+INSTALLKRAINTROWIZARD_RADIOBUTTON_YES_LABEL=Yes.
+INSTALLKRAINTROWIZARD_RADIOBUTTON_NO_LABEL=No.
+INSTALLSSLINTROWIZARD_TITLE=Installation Wizard
+INSTALLSSLINTROWIZARD_BORDER_INSTALLSSLINTROWIZARD_LABEL=SSL Server Certificate Installation
+INSTALLSSLINTROWIZARD_TEXT_HEADING_LABEL=Do you want to install the certificate now?
+INSTALLSSLINTROWIZARD_RADIOBUTTON_YES_LABEL=Yes.
+INSTALLSSLINTROWIZARD_RADIOBUTTON_NO_LABEL=No.
+ALLCERTSINSTALLEDWIZARD_TITLE=Installation Wizard
+ALLCERTSINSTALLEDWIZARD_BORDER_ALLCERTSINSTALLEDWIZARD_LABEL=Install Certificates
+ALLCERTSINSTALLEDWIZARD_TEXT_DESC_LABEL=All of the subsystems do not have the required certificates. Click done to exit for now. Restart the installation wizard when the required certificates are ready to install.
+ALLCERTSINSTALLEDWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLMANUALCACERTREQUESTWIZARD_TITLE=Installation Wizard
+INSTALLMANUALCACERTREQUESTWIZARD_BORDER_INSTALLMANUALCACERTREQUESTWIZARD_LABEL=Submission of Request
+INSTALLMANUALCACERTREQUESTWIZARD_TEXT_IGNOR_LABEL=Skip to the next panel if you've already submitted the request.
+INSTALLMANUALCACERTREQUESTWIZARD_TEXT_DESC_LABEL=Copy the base-64 encoded certificate request in PKCS #10 Format (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the Certificate Manager enrollment form. Select PKCS #10 in the form.
+INSTALLMANUALCACERTREQUESTWIZARD_TEXT_CMCDESC_LABEL=Copy the base-64 encoded certificate request in a full CMC enrollment request format from the text area below and paste it into the CMC responder form. Select CA Signing Certificate as the Certificate Type.
+INSTALLMANUALCACERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+INSTALLMANUALCACERTREQUESTWIZARD_TEXT_FILELOC_LABEL=This certificate request has been saved to a text file called cacsr.txt which is located in the
+INSTALLMANUALCACERTREQUESTWIZARD_CHECKBOX_SENDNOW_LABEL=Send the request to a remote CS CA now.
+INSTALLMANUALCACERTREQUESTWIZARD_TEXT_SENDNOW_LABEL=Specify the remote CA's host name and EE port number:
+INSTALLMANUALCACERTREQUESTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLMANUALCACERTREQUESTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLMANUALCACERTREQUESTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLMANUALCACERTREQUESTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLMANUALCACERTREQUESTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLMANUALCACERTREQUESTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLMANUALCACERTREQUESTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLMANUALCACERTREQUESTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLMANUALRACERTREQUESTWIZARD_TITLE=Installation Wizard
+INSTALLMANUALRACERTREQUESTWIZARD_BORDER_INSTALLMANUALRACERTREQUESTWIZARD_LABEL=Submission of Request
+INSTALLMANUALRACERTREQUESTWIZARD_TEXT_IGNOR_LABEL=Skip to the next panel if you've already submitted the request.
+INSTALLMANUALRACERTREQUESTWIZARD_TEXT_DESC_LABEL=Copy the base-64 encoded certificate request in PKCS #10 Format (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the Registration Manager enrollment form. Select PKCS #10 in the form.
+INSTALLMANUALRACERTREQUESTWIZARD_TEXT_CMCDESC_LABEL=Copy the base-64 encoded certificate request in a full CMC enrollment request format from the text area below and paste it into the CMC responder form. Select RA Signing Certificate as the Certificate Type.
+INSTALLMANUALRACERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+INSTALLMANUALRACERTREQUESTWIZARD_TEXT_FILELOC_LABEL=This certificate request has been saved to a text file called racsr.txt which is located in the
+INSTALLMANUALRACERTREQUESTWIZARD_CHECKBOX_SENDNOW_LABEL=Send the request to a remote CS now.
+INSTALLMANUALRACERTREQUESTWIZARD_TEXT_SENDNOW_LABEL=Specify the remote CS's host name and EE port number:
+INSTALLMANUALRACERTREQUESTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLMANUALRACERTREQUESTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLMANUALRACERTREQUESTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLMANUALRACERTREQUESTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLMANUALRACERTREQUESTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLMANUALRACERTREQUESTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLMANUALRACERTREQUESTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLMANUALRACERTREQUESTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLMANUALKRACERTREQUESTWIZARD_TITLE=Installation Wizard
+INSTALLMANUALKRACERTREQUESTWIZARD_BORDER_INSTALLMANUALKRACERTREQUESTWIZARD_LABEL=Submission of Request
+INSTALLMANUALKRACERTREQUESTWIZARD_TEXT_IGNOR_LABEL=Skip to the next panel if you've already submitted the request.
+INSTALLMANUALKRACERTREQUESTWIZARD_TEXT_DESC_LABEL=Copy the base-64 encoded certificate request in PKCS #10 Format (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the Certificate System's Manual Data Recovery Manager Transport Certificate Enrollment. Select PKCS #10 in the form.
+INSTALLMANUALKRACERTREQUESTWIZARD_TEXT_CMCDESC_LABEL=Copy the base-64 encoded certificate request in a full CMC enrollment request format from the text area below and paste it into the CMC Responder form. Select Server SSL Certificate as the Certificate Type.
+INSTALLMANUALKRACERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+INSTALLMANUALKRACERTREQUESTWIZARD_TEXT_FILELOC_LABEL=This certificate request has been saved to a text file called kracsr.txt which is located in the
+INSTALLMANUALKRACERTREQUESTWIZARD_CHECKBOX_SENDNOW_LABEL=Send the request to a remote CS now
+INSTALLMANUALKRACERTREQUESTWIZARD_TEXT_SENDNOW_LABEL=Specify the remote CS's host name and EE port number:
+INSTALLMANUALKRACERTREQUESTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLMANUALKRACERTREQUESTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLMANUALKRACERTREQUESTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLMANUALKRACERTREQUESTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLMANUALKRACERTREQUESTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLMANUALKRACERTREQUESTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLMANUALKRACERTREQUESTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLMANUALKRACERTREQUESTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INSTALLMANUALSSLCERTREQUESTWIZARD_TITLE=Installation Wizard
+INSTALLMANUALSSLCERTREQUESTWIZARD_BORDER_INSTALLMANUALSSLCERTREQUESTWIZARD_LABEL=Submission of Request
+INSTALLMANUALSSLCERTREQUESTWIZARD_TEXT_IGNOR_LABEL=Skip to the next panel if you've already submitted the request.
+INSTALLMANUALSSLCERTREQUESTWIZARD_TEXT_DESC_LABEL=Copy the base-64 encoded certificate request in PKCS #10 Format (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the CA's SSL server enrollment form. Select PKCS #10 in the form.
+INSTALLMANUALSSLCERTREQUESTWIZARD_TEXT_CMCDESC_LABEL=Copy the base-64 encoded certificate request in a full CMC enrollment request format from the text area below and paste it into the CMC Responder form. Select Server SSL Certificate as the Certificate Type.
+INSTALLMANUALSSLCERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+INSTALLMANUALSSLCERTREQUESTWIZARD_TEXT_FILELOC_LABEL=This certificate request has been saved to a text file called sslcsr.txt which is located in the
+INSTALLMANUALSSLCERTREQUESTWIZARD_CHECKBOX_SENDNOW_LABEL=Send the request to a remote CS now
+INSTALLMANUALSSLCERTREQUESTWIZARD_TEXT_SENDNOW_LABEL=Specify the remote CS's host name and EE port number:
+INSTALLMANUALSSLCERTREQUESTWIZARD_LABEL_HOST_LABEL=Host name:
+INSTALLMANUALSSLCERTREQUESTWIZARD_LABEL_PORT_LABEL=EE port number:
+INSTALLMANUALSSLCERTREQUESTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+INSTALLMANUALSSLCERTREQUESTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+INSTALLMANUALSSLCERTREQUESTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+INSTALLMANUALSSLCERTREQUESTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+INSTALLMANUALSSLCERTREQUESTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+INSTALLMANUALSSLCERTREQUESTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+REQUESTRESULTWIZARD_TITLE=Installation Wizard
+REQUESTRESULTWIZARD_BORDER_REQUESTRESULTWIZARD_LABEL=Certificate Request Result
+REQUESTRESULTWIZARD_TEXT_DESC_LABEL=Request Successfully Submitted\n\nCongratulations, your request has been successfully submitted to the Certificate System. Your request will be processed when an authorized agent verifies and validates the information in your request.\n\n
+REQUESTRESULTWIZARD_TEXT_X509DESC_LABEL=Your request for an X.509 certificate has been successfully submitted to the Certificate System. Your request will be processed when an authorized agent verifies and validates the information in your request.\n\n
+REQUESTRESULTWIZARD_TEXT_ID_LABEL=Your request ID is 
+REQUESTRESULTWIZARD_TEXT_X509ID_LABEL=Your request ID for an X.509 certificate is
+REQUESTRESULTWIZARD_TEXT_ID_LABEL=Your request ID is
+REQUESTRESULTWIZARD_TEXT_NOID_LABEL=Your request ID is not provided.\nPlease consult your local administrator for assistance.
+REQUESTRESULTWIZARD_TEXT_NOX509ID_LABEL=Your request ID for an X.509 certificate is not provided.\nPlease consult your local administrator for assistance.
+REQUESTRESULTWIZARD_TEXT_END_LABEL=\n\nYou can check on the status of your request with an authorized agent or local administrator by referring to this request ID.
+REQUESTRESULTWIZARD_TEXT_ERRORDESC_LABEL=Problem Processing Your Request\n\nThe Certificate System encountered an unexpected error while processing your request. The following is a detailed message of the error that occurred.\n\n
+REQUESTRESULTWIZARD_TEXT_X509ERRORDESC_LABEL=The Certificate System encountered an unexpected error while processing your request for an X.509 certificate. The following is a detailed message of the error that occurred.\n\n
+REQUESTRESULTWIZARD_TEXT_DETAIL_LABEL=\n\nAdditional Information:
+REQUESTRESULTWIZARD_TEXT_ERROREND_LABEL=\n\nPlease consult your local administrator for further assistance. The Certificate System logs may provide further information.
+REQUESTRESULTWIZARD_TEXT_REJECT_LABEL=Request Rejected\n\nYour request has been rejected by the Certificate System. This may indicate that some attributes of the request violate the policies of this Certificate System.\n\nViolation details:\n\n
+REQUESTRESULTWIZARD_TEXT_REJECTX509_LABEL=Your request for an X.509 certificate has been rejected by the Certificate System. This may indicate that some attributes of the request violate the policies of this Certificate System.\n\nViolation details:\n\n
+REQUESTRESULTWIZARD_TEXT_NODETAIL_LABEL=No further details provided.\n\n
+REQUESTRESULTWIZARD_TEXT_REJECTEND_LABEL=\n\nYou can contact an authorized agent or local administrator for further assistance by referring to the request ID.
+INSTALLCACERTEXTENSION1WIZARD_TITLE=Installation Wizard
+INSTALLCACERTEXTENSION1WIZARD_BORDER_INSTALLCACERTEXTENSION1WIZARD_LABEL=Certificate Extensions for Certificate Manager CA Signing Certificate
+INSTALLCACERTEXTENSION1WIZARD_TEXT_HEADING_LABEL=Specify the certificate extensions:
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_MIME_LABEL=Base-64 SEQUENCE of extensions
+INSTALLCACERTEXTENSION1WIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_BASIC_LABEL=Basic constraints
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_CA_LABEL=CA
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_CERTPATHLENGTH_LABEL=Certification path length:
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_EXTENDEDKEY_LABEL=Extended Key Usage
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_SSLCLIENT_LABEL=SSL client
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_SSLSERVER_LABEL=SSL server
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_EMAIL_LABEL=S/MIME
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_OBJECTSIGNING_LABEL=Object-signing
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_TIMESTAMPING_LABEL=Time stamping
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_OCSPSIGNING_LABEL=OCSP signing
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_AIA_LABEL=Authority Information Access
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_AKI_LABEL=Authority key identifier
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_SKI_LABEL=Subject key identifier
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_OCSPNOCHECK_LABEL=OCSP no check
+INSTALLCACERTEXTENSION1WIZARD_TEXT_CMC_LABEL=(Required for a CMC request)
+INSTALLCACERTEXTENSION1WIZARD_CHECKBOX_KEYUSAGE_LABEL=Key usage
+INSTALLCACERTEXTENSION1WIZARD_DIALOG_DERBLANKFIELD_MESSAGE=The base-64 DER encoding field cannot be empty
+INSTALLCACERTEXTENSION1WIZARD_DIALOG_NONINTEGER_MESSAGE=Certificate length is not an integer
+INSTALLCACERTEXTENSION1WIZARD_DIALOG_INVALID_MESSAGE=Certificate length cannot be negative
+INSTALLCACERTEXTENSION1WIZARD_DIALOG_BLANKLEN_MESSAGE=Certificate length cannot be blank
+INSTALLCACERTEXTENSION1WIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLRACERTEXTENSION1WIZARD_TITLE=Installation Wizard
+INSTALLRACERTEXTENSION1WIZARD_BORDER_INSTALLRACERTEXTENSION1WIZARD_LABEL=Certificate Extensions for Registration Manager Signing Certificate
+INSTALLRACERTEXTENSION1WIZARD_TEXT_HEADING_LABEL=Specify the certificate extensions:
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_MIME_LABEL=Base-64 SEQUENCE of extensions
+INSTALLRACERTEXTENSION1WIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_BASIC_LABEL=Basic constraints
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_CA_LABEL=CA
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_CERTPATHLENGTH_LABEL=Certification path length:
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_EXTENDEDKEY_LABEL=Extended Key Usage
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_SSLCLIENT_LABEL=SSL client
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_SSLSERVER_LABEL=SSL server
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_EMAIL_LABEL=S/MIME
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_OBJECTSIGNING_LABEL=Object-signing
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_TIMESTAMPING_LABEL=Time stamping
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_OCSPSIGNING_LABEL=OCSP signing
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_AIA_LABEL=Authority Information Access
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_AKI_LABEL=Authority key identifier
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_SKI_LABEL=Subject key identifier
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_OCSPNOCHECK_LABEL=OCSP no check
+INSTALLRACERTEXTENSION1WIZARD_TEXT_CMC_LABEL=(Required for a CMC request)
+INSTALLRACERTEXTENSION1WIZARD_CHECKBOX_KEYUSAGE_LABEL=Key usage
+INSTALLRACERTEXTENSION1WIZARD_DIALOG_DERBLANKFIELD_MESSAGE=The base-64 DER encoding field cannot be empty
+INSTALLRACERTEXTENSION1WIZARD_DIALOG_NONINTEGER_MESSAGE=Certificate length is not an integer
+INSTALLRACERTEXTENSION1WIZARD_DIALOG_INVALID_MESSAGE=Certificate length cannot be negative or zero
+INSTALLRACERTEXTENSION1WIZARD_DIALOG_BLANKLEN_MESSAGE=Certificate length cannot be blank
+INSTALLRACERTEXTENSION1WIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLKRACERTEXTENSION1WIZARD_TITLE=Installation Wizard
+INSTALLKRACERTEXTENSION1WIZARD_BORDER_INSTALLKRACERTEXTENSION1WIZARD_LABEL=Certificate Extensions for Data Recovery Manager Transport Certificate
+INSTALLKRACERTEXTENSION1WIZARD_TEXT_HEADING_LABEL=Specify the certificate extensions:
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_MIME_LABEL=Base-64 SEQUENCE of extensions
+INSTALLKRACERTEXTENSION1WIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_BASIC_LABEL=Basic constraints
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_CA_LABEL=CA
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_CERTPATHLENGTH_LABEL=Certification path length:
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_EXTENDEDKEY_LABEL=Extended Key Usage
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_SSLCLIENT_LABEL=SSL client
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_SSLSERVER_LABEL=SSL server
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_EMAIL_LABEL=S/MIME
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_OBJECTSIGNING_LABEL=Object-signing
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_TIMESTAMPING_LABEL=Time stamping
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_OCSPSIGNING_LABEL=OCSP signing
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_AIA_LABEL=Authority Information Access
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_AKI_LABEL=Authority key identifier
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_SKI_LABEL=Subject key identifier
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_OCSPNOCHECK_LABEL=OCSP no check
+INSTALLKRACERTEXTENSION1WIZARD_TEXT_CMC_LABEL=(Required for a CMC request)
+INSTALLKRACERTEXTENSION1WIZARD_CHECKBOX_KEYUSAGE_LABEL=Key usage
+INSTALLKRACERTEXTENSION1WIZARD_DIALOG_DERBLANKFIELD_MESSAGE=The base-64 DER encoding field cannot be empty
+INSTALLKRACERTEXTENSION1WIZARD_DIALOG_NONINTEGER_MESSAGE=Certificate length is not an integer
+INSTALLKRACERTEXTENSION1WIZARD_DIALOG_INVALID_MESSAGE=Certificate length cannot be negative or zero
+INSTALLKRACERTEXTENSION1WIZARD_DIALOG_BLANKLEN_MESSAGE=Certificate length cannot be blank
+INSTALLKRACERTEXTENSION1WIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLSERVERCERTEXTENSION1WIZARD_TITLE=Installation Wizard
+INSTALLSERVERCERTEXTENSION1WIZARD_BORDER_INSTALLSERVERCERTEXTENSION1WIZARD_LABEL=Certificate Extensions for SSL Server Certificate
+INSTALLSERVERCERTEXTENSION1WIZARD_TEXT_HEADING_LABEL=Specify the certificate extensions:
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_MIME_LABEL=Base-64 SEQUENCE of extensions
+INSTALLSERVERCERTEXTENSION1WIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_BASIC_LABEL=Basic constraints
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_CA_LABEL=CA
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_CERTPATHLENGTH_LABEL=Certification path length:
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_EXTENDEDKEY_LABEL=Extended Key Usage
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_SSLCLIENT_LABEL=SSL client
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_SSLSERVER_LABEL=SSL server
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_EMAIL_LABEL=S/MIME
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_OBJECTSIGNING_LABEL=Object-signing
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_TIMESTAMPING_LABEL=Time stamping
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_OCSPSIGNING_LABEL=OCSP signing
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_AIA_LABEL=Authority Information Access
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_AKI_LABEL=Authority key identifier
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_SKI_LABEL=Subject key identifier
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_OCSPNOCHECK_LABEL=OCSP no check
+INSTALLSERVERCERTEXTENSION1WIZARD_TEXT_CMC_LABEL=(Required for a CMC request)
+INSTALLSERVERCERTEXTENSION1WIZARD_CHECKBOX_KEYUSAGE_LABEL=Key usage
+INSTALLSERVERCERTEXTENSION1WIZARD_DIALOG_DERBLANKFIELD_MESSAGE=The base-64 DER encoding field cannot be empty
+INSTALLSERVERCERTEXTENSION1WIZARD_DIALOG_NONINTEGER_MESSAGE=Certificate length is not an integer
+INSTALLSERVERCERTEXTENSION1WIZARD_DIALOG_INVALID_MESSAGE=Certificate length cannot be negative or zero
+INSTALLSERVERCERTEXTENSION1WIZARD_DIALOG_BLANKLEN_MESSAGE=Certificate length cannot be blank
+INSTALLSERVERCERTEXTENSION1WIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLCACERTVALIDWIZARD_TITLE=Installation Wizard
+INSTALLCACERTVALIDWIZARD_BORDER_INSTALLCACERTVALIDWIZARD_LABEL=Validity Period for Certificate Manager CA Signing Certificate
+INSTALLCACERTVALIDWIZARD_LABEL_VALIDITY_LABEL=Specify the validity period for the certificate:
+INSTALLCACERTVALIDWIZARD_LABEL_BEGIN_LABEL=Begin on:
+INSTALLCACERTVALIDWIZARD_LABEL_EXPIRE_LABEL=Expire on:
+INSTALLCACERTVALIDWIZARD_LABEL_YEAR_LABEL=YYYY
+INSTALLCACERTVALIDWIZARD_LABEL_MONTH_LABEL=MM
+INSTALLCACERTVALIDWIZARD_LABEL_DAY_LABEL=DD
+INSTALLCACERTVALIDWIZARD_LABEL_HOUR_LABEL=HH
+INSTALLCACERTVALIDWIZARD_LABEL_MIN_LABEL=mm
+INSTALLCACERTVALIDWIZARD_LABEL_SEC_LABEL=SS
+INSTALLCACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+INSTALLCACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+INSTALLCACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDYEAR_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDYEAR_MESSAGE=Invalid year
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDMONTH_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDMONTH_MESSAGE=Invalid month
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDDAY_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDDAY_MESSAGE=Invalid day
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDHOUR_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDHOUR_MESSAGE=Invalid hour
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDMIN_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDMIN_MESSAGE=Invalid minute
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDSEC_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDSEC_MESSAGE=Invalid second
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_MESSAGE=Invalid begin time
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDENDDATE_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDENDDATE_MESSAGE=Invalid end time
+INSTALLCACERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_MESSAGE=Begin Date should not be earlier than After Date
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDCERT_TITLE=Error
+INSTALLCACERTVALIDWIZARD_DIALOG_INVALIDCERT_MESSAGE=Your Certificate Manager CA Signing Certificate is not valid since the begin time is set in the future. You will not be able to sign any certificate at all.
+INSTALLCACERTVALIDWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLCACERTVALIDWIZARD_LABEL_MAXYEAR_LABEL=The maximum value for the year field is 2037
+INSTALLCACERTVALIDWIZARD_BEYONDCAVALIDITY=End date should not go beyond the end date of the CA signing\ncertificate. Click OK to override. Click Cancel to re-enter the end date.
+INSTALLCACERTVALIDWIZARD_ERROR1=Make sure the end date you enter is not beyond the end date of the CA signing certificate before proceeding to the next panel.
+INSTALLRACERTVALIDWIZARD_TITLE=Installation Wizard
+INSTALLRACERTVALIDWIZARD_BORDER_INSTALLRACERTVALIDWIZARD_LABEL=Validity Period for Registration Manager Signing Certificate
+INSTALLRACERTVALIDWIZARD_LABEL_VALIDITY_LABEL=Specify the validity period for the certificate:
+INSTALLRACERTVALIDWIZARD_LABEL_BEGIN_LABEL=Begin on:
+INSTALLRACERTVALIDWIZARD_LABEL_EXPIRE_LABEL=Expire on:
+INSTALLRACERTVALIDWIZARD_LABEL_YEAR_LABEL=YYYY
+INSTALLRACERTVALIDWIZARD_LABEL_MONTH_LABEL=MM
+INSTALLRACERTVALIDWIZARD_LABEL_DAY_LABEL=DD
+INSTALLRACERTVALIDWIZARD_LABEL_HOUR_LABEL=HH
+INSTALLRACERTVALIDWIZARD_LABEL_MIN_LABEL=mm
+INSTALLRACERTVALIDWIZARD_LABEL_SEC_LABEL=SS
+INSTALLRACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+INSTALLRACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+INSTALLRACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDYEAR_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDYEAR_MESSAGE=Invalid year
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDMONTH_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDMONTH_MESSAGE=Invalid month
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDDAY_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDDAY_MESSAGE=Invalid day
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDHOUR_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDHOUR_MESSAGE=Invalid hour
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDMIN_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDMIN_MESSAGE=Invalid minute
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDSEC_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDSEC_MESSAGE=Invalid second
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_MESSAGE=Invalid begin time
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDENDDATE_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDENDDATE_MESSAGE=Invalid end time
+INSTALLRACERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_MESSAGE=Begin Date should not be earlier than After Date
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDCERT_TITLE=Error
+INSTALLRACERTVALIDWIZARD_DIALOG_INVALIDCERT_MESSAGE=Your Registration Manager Signing Certificate is not valid since the begin time is set in the future.
+INSTALLRACERTVALIDWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLRACERTVALIDWIZARD_LABEL_MAXYEAR_LABEL=The maximum value for the year field is 2037
+INSTALLRACERTVALIDWIZARD_BEYONDCAVALIDITY=End date should not go beyond the end date of the CA signing\ncertificate. Click OK to override. Click Cancel to re-enter the end date.
+INSTALLRACERTVALIDWIZARD_ERROR1=Make sure the end date you enter is not beyond the end date of the CA signing certificate before proceeding to the next panel.
+INSTALLKRACERTVALIDWIZARD_TITLE=Installation Wizard
+INSTALLKRACERTVALIDWIZARD_BORDER_INSTALLKRACERTVALIDWIZARD_LABEL=Validity Period for Data Recovery Manager Transport Certificate
+INSTALLKRACERTVALIDWIZARD_BORDER_SERVER_LABEL=Validity Period for SSL Server Certificate
+INSTALLKRACERTVALIDWIZARD_LABEL_VALIDITY_LABEL=Specify the validity period for the certificate:
+INSTALLKRACERTVALIDWIZARD_LABEL_BEGIN_LABEL=Begin on:
+INSTALLKRACERTVALIDWIZARD_LABEL_EXPIRE_LABEL=Expire on:
+INSTALLKRACERTVALIDWIZARD_LABEL_YEAR_LABEL=YYYY
+INSTALLKRACERTVALIDWIZARD_LABEL_MONTH_LABEL=MM
+INSTALLKRACERTVALIDWIZARD_LABEL_DAY_LABEL=DD
+INSTALLKRACERTVALIDWIZARD_LABEL_HOUR_LABEL=HH
+INSTALLKRACERTVALIDWIZARD_LABEL_MIN_LABEL=mm
+INSTALLKRACERTVALIDWIZARD_LABEL_SEC_LABEL=SS
+INSTALLKRACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+INSTALLKRACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+INSTALLKRACERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDYEAR_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDYEAR_MESSAGE=Invalid year
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDMONTH_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDMONTH_MESSAGE=Invalid month
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDDAY_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDDAY_MESSAGE=Invalid day
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDHOUR_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDHOUR_MESSAGE=Invalid hour
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDMIN_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDMIN_MESSAGE=Invalid minute
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDSEC_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDSEC_MESSAGE=Invalid second
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_MESSAGE=Invalid begin time
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDENDDATE_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDENDDATE_MESSAGE=Invalid end time
+INSTALLKRACERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_MESSAGE=Begin Date should not be earlier than After Date
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDCERT_TITLE=Error
+INSTALLKRACERTVALIDWIZARD_DIALOG_INVALIDCERT_MESSAGE=Your Data Recovery Manager Transport Certificate is not valid since the begin time is set in the future.
+INSTALLKRACERTVALIDWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLKRACERTVALIDWIZARD_LABEL_MAXYEAR_LABEL=The maximum value for the year field is 2037
+INSTALLKRACERTVALIDWIZARD_BEYONDCAVALIDITY=End date should not go beyond the end date of the CA signing\ncertificate. Click OK to override. Click Cancel to re-enter the end date.
+INSTALLKRACERTVALIDWIZARD_ERROR1=Make sure the end date you enter is not beyond the end date of the CA signing certificate before proceeding to the next panel.
+INSTALLSERVERCERTVALIDWIZARD_TITLE=Installation Wizard
+INSTALLSERVERCERTVALIDWIZARD_BORDER_INSTALLSERVERCERTVALIDWIZARD_LABEL=Validity Period for SSL Server Certificate
+INSTALLSERVERCERTVALIDWIZARD_LABEL_VALIDITY_LABEL=Specify the validity period for the certificate:
+INSTALLSERVERCERTVALIDWIZARD_LABEL_BEGIN_LABEL=Begin on:
+INSTALLSERVERCERTVALIDWIZARD_LABEL_EXPIRE_LABEL=Expire on:
+INSTALLSERVERCERTVALIDWIZARD_LABEL_YEAR_LABEL=YYYY
+INSTALLSERVERCERTVALIDWIZARD_LABEL_MONTH_LABEL=MM
+INSTALLSERVERCERTVALIDWIZARD_LABEL_DAY_LABEL=DD
+INSTALLSERVERCERTVALIDWIZARD_LABEL_HOUR_LABEL=HH
+INSTALLSERVERCERTVALIDWIZARD_LABEL_MIN_LABEL=mm
+INSTALLSERVERCERTVALIDWIZARD_LABEL_SEC_LABEL=SS
+INSTALLSERVERCERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+INSTALLSERVERCERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+INSTALLSERVERCERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDYEAR_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDYEAR_MESSAGE=Invalid year
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDMONTH_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDMONTH_MESSAGE=Invalid month
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDDAY_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDDAY_MESSAGE=Invalid day
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDHOUR_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDHOUR_MESSAGE=Invalid hour
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDMIN_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDMIN_MESSAGE=Invalid minute
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDSEC_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDSEC_MESSAGE=Invalid second
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_MESSAGE=Invalid begin time
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDENDDATE_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDENDDATE_MESSAGE=Invalid end time
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_MESSAGE=Begin Date should not be earlier than After Date
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDCERT_TITLE=Error
+INSTALLSERVERCERTVALIDWIZARD_DIALOG_INVALIDCERT_MESSAGE=Your SSL Server Certificate is not valid since the begin time is set in the future.
+INSTALLSERVERCERTVALIDWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLSERVERCERTVALIDWIZARD_LABEL_MAXYEAR_LABEL=The maximum value for the year field is 2037
+INSTALLSERVERCERTVALIDWIZARD_BEYONDCAVALIDITY=End date should not go beyond the end date of the CA signing\ncertificate. Click OK to override. Click Cancel to re-enter the end date.
+INSTALLSERVERCERTVALIDWIZARD_ERROR1=Make sure the end date you enter is not beyond the end date of the CA signing certificate before proceeding to the next panel.
+INSTALLCACERTWIZARD_TITLE=Installation Wizard
+INSTALLCACERTWIZARD_TEXT_DESC_LABEL=The Signing Certificate ...
+INSTALLCACERTWIZARD_BORDER_INSTALLCACERTWIZARD_LABEL=CA Signing Certificate
+INSTALLCACERTWIZARD_TEXT_HEADING_LABEL=Do you want to create a self-signed CA Certificate, or create a certificate signing request to submit to another CA?
+INSTALLCACERTWIZARD_RADIOBUTTON_SELF_LABEL=Create a self-signed CA Certificate
+INSTALLCACERTWIZARD_RADIOBUTTON_SUB_LABEL=Create a subordinate CA Certificate Request
+INSTALLCACERTWIZARD_LABEL_INCOMPLETE_LABEL=You have not installed the CA signing certificate. Please click cancel to exit the wizard for now.
+INSTALLRACERTWIZARD_TITLE=Installation Wizard
+INSTALLRACERTWIZARD_BORDER_INSTALLRACERTWIZARD_LABEL=Registration Manager Signing Certificate
+INSTALLRACERTWIZARD_TEXT_HEADING_LABEL=Do you want to sign this certificate with the CA Signing Certificate you just created, or do you want to create a certificate signing request to submit to another CA?
+INSTALLRACERTWIZARD_RADIOBUTTON_SELF_LABEL=Sign the Registration Manager Signing Certificate with my CA Signing Certificate
+INSTALLRACERTWIZARD_RADIOBUTTON_SUB_LABEL=Create a request for submission to another CA
+INSTALLRACERTWIZARD_LABEL_INCOMPLETE_LABEL=You have not installed the CA signing certificate. Please click cancel to exit the wizard for now.
+INSTALLOCSPCERTWIZARD_TITLE=Installation Wizard
+INSTALLOCSPCERTWIZARD_BORDER_INSTALLOCSPCERTWIZARD_LABEL=Online Certificate Status Manager Signing Certificate
+INSTALLOCSPCERTWIZARD_TEXT_HEADING_LABEL=Do you want to sign this certificate with the CA Signing Certificate you just created, or do you want to create a certificate signing request to submit to another CA?
+INSTALLOCSPCERTWIZARD_RADIOBUTTON_SELF_LABEL=Sign the Online Certificate Status Manager Signing Certificate with my CA Signing Certificate
+INSTALLOCSPCERTWIZARD_RADIOBUTTON_SUB_LABEL=Create a request for submission to another CA
+INSTALLOCSPCERTWIZARD_LABEL_INCOMPLETE_LABEL=You have not installed the CA signing certificate. Please click cancel to exit the wizard for now.
+INSTALLKRACERTWIZARD_TITLE=Installation Wizard
+INSTALLKRACERTWIZARD_BORDER_INSTALLKRACERTWIZARD_LABEL=Data Recovery Manager Transport Certificate
+INSTALLKRACERTWIZARD_TEXT_HEADING_LABEL=Do you want to sign this certificate with the CA Signing Certificate you just created, or do you want to create a certificate signing request to submit to another CA?
+INSTALLKRACERTWIZARD_RADIOBUTTON_SELF_LABEL=Sign the Data Recovery Manager Transport Certificate with my CA Signing Certificate
+INSTALLKRACERTWIZARD_RADIOBUTTON_SUB_LABEL=Create a request for submission to another CA
+INSTALLKRACERTWIZARD_LABEL_INCOMPLETE_LABEL=You have not installed the CA signing certificate. Please click cancel to exit the wizard for now.
+INSTALLSERVERCERTWIZARD_TITLE=Installation Wizard
+INSTALLSERVERCERTWIZARD_BORDER_INSTALLSERVERCERTWIZARD_LABEL=SSL Server Certificate
+INSTALLSERVERCERTWIZARD_TEXT_HEADING_LABEL=Do you want to sign this certificate with this CA's Signing Certificate, or do you want to create a certificate signing request to submit to another CA?
+INSTALLSERVERCERTWIZARD_RADIOBUTTON_SELF_LABEL=Sign the SSL Certificate with my CA Signing Certificate
+INSTALLSERVERCERTWIZARD_RADIOBUTTON_SUB_LABEL=Create a request for submission to another CA
+INSTALLSERVERCERTWIZARD_LABEL_INCOMPLETE_LABEL=You have not installed the CA signing certificate. Please click cancel to exit the wizard for now.
+INSTALLCACERTSTATUSWIZARD_TITLE=Installation Wizard
+INSTALLCACERTSTATUSWIZARD_BORDER_INSTALLCACERTSTATUSWIZARD_LABEL=Import Certificate Chain
+INSTALLCACERTSTATUSWIZARD_TEXT_DESC_LABEL=The Certificate Manager CA Signing Certificate has been successfully installed. Now either specify the location of the base-64 encoded certificate chain (PKCS #7) of the CA which signed the Certificate Manager CA Signing Certificate or paste the base-64 encoded certificate chain into the text area.
+INSTALLCACERTSTATUSWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLCACERTSTATUSWIZARD_RADIOBUTTON_FILE_LABEL=The certificate chain is located in this file:
+INSTALLCACERTSTATUSWIZARD_TEXT_FILE_LABEL=The certificate chain is located in this file:
+INSTALLCACERTSTATUSWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate chain is located in the text area below:
+INSTALLCACERTSTATUSWIZARD_TEXT_DESC1_LABEL=Paste the certificate chain (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area:
+INSTALLCACERTSTATUSWIZARD_DIALOG_B64EEMPTY_TITLE=Error
+INSTALLCACERTSTATUSWIZARD_DIALOG_B64EEMPTY_MESSAGE=Paste the certificate chain into the text area
+INSTALLCACERTSTATUSWIZARD_DIALOG_FILENOTFOUND_TITLE=Error
+INSTALLCACERTSTATUSWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLCACERTSTATUSWIZARD_DIALOG_EMTPYFILEFIELD_TITLE=Error
+INSTALLCACERTSTATUSWIZARD_DIALOG_EMPTYFILEFIELD_MESSAGE=The file field is blank
+INSTALLCACERTSTATUSWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLCACERTSTATUSWIZARD_INCOMPLETECERTCHAIN=The installed Certificate chain is not complete - it does\nnot include a path to a trusted root. Partially\ncomplete chains may result in unexpected client\nand server behavior. If you click OK you will\nneed to enter a full chain in the certificate\nsetup wizard after installation completes. Click\ncancel to enter another chain.
+INSTALLCACERTSTATUSWIZARD_ERROR1=Fix the certificate chain before proceeding to the next panel
+INSTALLRACERTSTATUSWIZARD_TITLE=Installation Wizard
+INSTALLRACERTSTATUSWIZARD_BORDER_INSTALLRACERTSTATUSWIZARD_LABEL=Import Certificate Chain
+INSTALLRACERTSTATUSWIZARD_TEXT_DESC_LABEL=The Registration Manager Signing Certificate has been successfully installed. Now either specify the location of the base-64 encoded certificate chain (PKCS #7) of the CA which signed the Registration Manager Signing Certificate or paste the base-64 encoded certificate chain into the text area.
+INSTALLRACERTSTATUSWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLRACERTSTATUSWIZARD_RADIOBUTTON_FILE_LABEL=The certificate chain is located in this file:
+INSTALLRACERTSTATUSWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate chain is located in the text area below:
+INSTALLRACERTSTATUSWIZARD_TEXT_DESC1_LABEL=Paste the certificate chain (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area:
+INSTALLRACERTSTATUSWIZARD_DIALOG_B64EEMPTY_TITLE=Error
+INSTALLRACERTSTATUSWIZARD_DIALOG_B64EEMPTY_MESSAGE=Paste the certificate chain into the text area
+INSTALLRACERTSTATUSWIZARD_DIALOG_FILENOTFOUND_TITLE=Error
+INSTALLRACERTSTATUSWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLRACERTSTATUSWIZARD_DIALOG_EMTPYFILEFIELD_TITLE=Error
+INSTALLRACERTSTATUSWIZARD_DIALOG_EMPTYFILEFIELD_MESSAGE=The file field is blank
+INSTALLRACERTSTATUSWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLRACERTSTATUSWIZARD_INCOMPLETECERTCHAIN=The installed Certificate chain is not complete - it does\nnot include a path to a trusted root. Partially\ncomplete chains may result in unexpected client\nand server behavior.
+INSTALLRACERTSTATUSWIZARD_ERROR1=Fix the certificate chain before proceeding to the next panel
+INSTALLKRACERTSTATUSWIZARD_TITLE=Installation Wizard
+INSTALLKRACERTSTATUSWIZARD_BORDER_INSTALLKRACERTSTATUSWIZARD_LABEL=Import Certificate Chain
+INSTALLKRACERTSTATUSWIZARD_TEXT_DESC_LABEL=The Data Recovery Manager Transport Certificate has been successfully installed. Now either specify the location of the base-64 encoded certificate chain (PKCS #7) of the CA which signed the Data Recovery Manager Transport Certificate or paste the base-64 encoded certificate chain into the text area.
+INSTALLKRACERTSTATUSWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLKRACERTSTATUSWIZARD_RADIOBUTTON_FILE_LABEL=The certificate chain is located in this file:
+INSTALLKRACERTSTATUSWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate chain is located in the text area below:
+INSTALLKRACERTSTATUSWIZARD_TEXT_DESC1_LABEL=Paste the certificate chain (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area:
+INSTALLKRACERTSTATUSWIZARD_DIALOG_B64EEMPTY_TITLE=Error
+INSTALLKRACERTSTATUSWIZARD_DIALOG_B64EEMPTY_MESSAGE=Paste the certificate chain into the text area
+INSTALLKRACERTSTATUSWIZARD_DIALOG_FILENOTFOUND_TITLE=Error
+INSTALLKRACERTSTATUSWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLKRACERTSTATUSWIZARD_DIALOG_EMTPYFILEFIELD_TITLE=Error
+INSTALLKRACERTSTATUSWIZARD_DIALOG_EMPTYFILEFIELD_MESSAGE=The file field is blank
+INSTALLKRACERTSTATUSWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLKRACERTSTATUSWIZARD_INCOMPLETECERTCHAIN=The installed Certificate chain is not complete - it does\nnot include a path to a trusted root. Partially\ncomplete chains may result in unexpected client\nand server behavior.
+INSTALLKRACERTSTATUSWIZARD_ERROR1=Fix the certificate chain before proceeding to the next panel
+INSTALLSSLCERTSTATUSWIZARD_TITLE=Installation Wizard
+INSTALLSSLCERTSTATUSWIZARD_BORDER_INSTALLSSLCERTSTATUSWIZARD_LABEL=Import Certificate Chain
+INSTALLSSLCERTSTATUSWIZARD_TEXT_DESC_LABEL=The SSL Server Certificate has been successfully installed. Now either specify the location of the base-64 encoded certificate chain (PKCS #7) of the CA which signed the SSL Server Certificate or paste the base-64 encoded certificate chain into the text area.
+INSTALLSSLCERTSTATUSWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLSSLCERTSTATUSWIZARD_RADIOBUTTON_FILE_LABEL=The certificate chain is located in this file:
+INSTALLSSLCERTSTATUSWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate chain is located in the text area below:
+INSTALLSSLCERTSTATUSWIZARD_TEXT_DESC1_LABEL=Paste the certificate chain (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area:
+INSTALLSSLCERTSTATUSWIZARD_DIALOG_B64EEMPTY_TITLE=Error
+INSTALLSSLCERTSTATUSWIZARD_DIALOG_B64EEMPTY_MESSAGE=Paste the certificate chain into the text area
+INSTALLSSLCERTSTATUSWIZARD_DIALOG_FILENOTFOUND_TITLE=Error
+INSTALLSSLCERTSTATUSWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+INSTALLSSLCERTSTATUSWIZARD_DIALOG_EMTPYFILEFIELD_TITLE=Error
+INSTALLSSLCERTSTATUSWIZARD_DIALOG_EMPTYFILEFIELD_MESSAGE=The file field is blank
+INSTALLSSLCERTSTATUSWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLSSLCERTSTATUSWIZARD_INCOMPLETECERTCHAIN=The installed Certificate chain is not complete - it does\nnot include a path to a trusted root. Partially\ncomplete chains may result in unexpected client\nand server behavior.
+INSTALLSSLCERTSTATUSWIZARD_ERROR1=Fix the certificate chain before proceeding to the next panel
+INSTALLCAMESSAGEDIGESTWIZARD_TITLE=Installation Wizard
+INSTALLCAMESSAGEDIGESTWIZARD_BORDER_INSTALLCAMESSAGEDIGESTWIZARD_LABEL=Message Digest Algorithm
+INSTALLCAMESSAGEDIGESTWIZARD_TEXT_HASHTYPE_LABEL=Select the hashing algorithm to use when computing the signature on this certificate:
+INSTALLCAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_0=MD2
+INSTALLCAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_1=MD5
+INSTALLCAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_2=SHA1
+INSTALLCAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_3=SHA256
+INSTALLCAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_4=SHA512
+INSTALLCAMESSAGEDIGESTWIZARD_COMBOBOX_DSAHASHTYPE_VALUE_0=SHA1
+INSTALLRAMESSAGEDIGESTWIZARD_TITLE=Installation Wizard
+INSTALLRAMESSAGEDIGESTWIZARD_BORDER_INSTALLRAMESSAGEDIGESTWIZARD_LABEL=Message Digest Algorithm
+INSTALLRAMESSAGEDIGESTWIZARD_TEXT_HASHTYPE_LABEL=Select the hashing algorithm to use for computing the signature on this certificate:
+INSTALLRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_0=MD2
+INSTALLRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_1=MD5
+INSTALLRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_2=SHA1
+INSTALLRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_3=SHA256
+INSTALLRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_4=SHA512
+INSTALLRAMESSAGEDIGESTWIZARD_COMBOBOX_DSAHASHTYPE_VALUE_0=SHA1
+INSTALLOCSPMESSAGEDIGESTWIZARD_TITLE=Installation Wizard
+INSTALLOCSPMESSAGEDIGESTWIZARD_BORDER_INSTALLOCSPMESSAGEDIGESTWIZARD_LABEL=Message Digest Algorithm
+INSTALLOCSPMESSAGEDIGESTWIZARD_TEXT_HASHTYPE_LABEL=Select the hashing algorithm to use for computing the signature on this certificate:
+INSTALLOCSPMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_0=MD2
+INSTALLOCSPMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_1=MD5
+INSTALLOCSPMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_2=SHA1
+INSTALLOCSPMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_3=SHA256
+INSTALLOCSPMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_4=SHA512
+INSTALLOCSPMESSAGEDIGESTWIZARD_COMBOBOX_DSAHASHTYPE_VALUE_0=SHA1
+INSTALLKRAMESSAGEDIGESTWIZARD_TITLE=Installation Wizard
+INSTALLKRAMESSAGEDIGESTWIZARD_BORDER_INSTALLKRAMESSAGEDIGESTWIZARD_LABEL=Message Digest Algorithm
+INSTALLKRAMESSAGEDIGESTWIZARD_TEXT_HASHTYPE_LABEL=Select the hashing algorithm to use for computing the signature on this certificate:
+INSTALLKRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_0=MD2
+INSTALLKRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_1=MD5
+INSTALLKRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_2=SHA1
+INSTALLKRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_3=SHA256
+INSTALLKRAMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_4=SHA512
+INSTALLKRAMESSAGEDIGESTWIZARD_COMBOBOX_DSAHASHTYPE_VALUE_0=SHA1
+INSTALLSSLMESSAGEDIGESTWIZARD_TITLE=Installation Wizard
+INSTALLSSLMESSAGEDIGESTWIZARD_BORDER_INSTALLSSLMESSAGEDIGESTWIZARD_LABEL=Message Digest Algorithm
+INSTALLSSLMESSAGEDIGESTWIZARD_TEXT_HASHTYPE_LABEL=Select the hashing algorithm to use for computing the signature on this certificate:
+INSTALLSSLMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_0=MD2
+INSTALLSSLMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_1=MD5
+INSTALLSSLMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_2=SHA1
+INSTALLSSLMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_3=SHA256
+INSTALLSSLMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_4=SHA512
+INSTALLSSLMESSAGEDIGESTWIZARD_COMBOBOX_DSAHASHTYPE_VALUE_0=SHA1
+INSTALLCAKEYWIZARD_TITLE=Installation Wizard
+INSTALLCAKEYWIZARD_BORDER_INSTALLCAKEYWIZARD_LABEL=Key-Pair Information for Certificate Manager CA Signing Certificate
+INSTALLCAKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+INSTALLCAKEYWIZARD_LABEL_PWD_LABEL=Password:
+INSTALLCAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+INSTALLCAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+INSTALLCAKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+INSTALLCAKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+INSTALLCAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+INSTALLCAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+INSTALLCAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_2=Custom
+INSTALLCAKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_0=1024
+INSTALLCAKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_1=Custom
+INSTALLCAKEYWIZARD_LABEL_UNITS_LABEL=bits
+INSTALLCAKEYWIZARD_LABEL_KEY_LABEL=Specify the key type and key length:
+INSTALLCAKEYWIZARD_LABEL_CUSTOMKEY_LABEL=Enter a value for the customized key length:
+INSTALLCAKEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) for the key pair:
+INSTALLCAKEYWIZARD_DIALOG_CASIGNINGCERTNOTFOUND_MESSAGE=The CA signing certificate cannot be found
+INSTALLCAKEYWIZARD_LABEL_INITTOKEN_LABEL=Initialize the selected token:
+INSTALLCAKEYWIZARD_LABEL_LOGONTOKEN_LABEL=Logon to the selected token:
+INSTALLCAKEYWIZARD_LABEL_PASSWD_LABEL=Password:
+INSTALLCAKEYWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+INSTALLCAKEYWIZARD_LABEL_SOP_LABEL=Security officer password:
+INSTALLCAKEYWIZARD_LABEL_LOGIN_LABEL=Logon to the selected token:
+INSTALLCAKEYWIZARD_LABEL_INITIALIZE_LABEL=Initialize the selected token:
+INSTALLCAKEYWIZARD_DIALOG_BLANKLEN_MESSAGE=Key length cannot be blank
+INSTALLCAKEYWIZARD_DIALOG_NONINTEGER_MESSAGE=Key length is not an integer
+INSTALLCAKEYWIZARD_DIALOG_INVALIDKEYLEN_MESSAGE=Invalid key length
+INSTALLCAKEYWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INSTALLCAKEYWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INSTALLCAKEYWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INSTALLCAKEYWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+INSTALLCAKEYWIZARD_DIALOG_RSAINVALID_MESSAGE=The RSA key length must be divisible by 8.
+INSTALLCAKEYWIZARD_DIALOG_DSAINVALID_MESSAGE=The DSA key length must be divisible by 64, and within the range of 512 to 1024.
+INSTALLCAKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLRAKEYWIZARD_TITLE=Installation Wizard
+INSTALLRAKEYWIZARD_BORDER_INSTALLRAKEYWIZARD_LABEL=Key-Pair Information for Registration Manager Signing Certificate
+INSTALLRAKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+INSTALLRAKEYWIZARD_LABEL_PWD_LABEL=Password:
+INSTALLRAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+INSTALLRAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+INSTALLRAKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+INSTALLRAKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+INSTALLRAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+INSTALLRAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+INSTALLRAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_2=Custom
+INSTALLRAKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_0=1024
+INSTALLRAKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_1=Custom
+INSTALLRAKEYWIZARD_LABEL_UNITS_LABEL=bits
+INSTALLRAKEYWIZARD_LABEL_KEY_LABEL=Specify the key type and key length:
+INSTALLRAKEYWIZARD_LABEL_CUSTOMKEY_LABEL=Enter a value for the customized key length:
+INSTALLRAKEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) for the key pair:
+INSTALLRAKEYWIZARD_DIALOG_RASIGNINGCERTNOTFOUND_MESSAGE=The RA signing certificate cannot be found
+INSTALLRAKEYWIZARD_LABEL_INITTOKEN_LABEL=Initialize the selected token:
+INSTALLRAKEYWIZARD_LABEL_LOGONTOKEN_LABEL=Logon to the selected token:
+INSTALLRAKEYWIZARD_LABEL_PASSWD_LABEL=Password:
+INSTALLRAKEYWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+INSTALLRAKEYWIZARD_LABEL_SOP_LABEL=Security officer password:
+INSTALLRAKEYWIZARD_LABEL_LOGIN_LABEL=Logon to the selected token:
+INSTALLRAKEYWIZARD_LABEL_INITIALIZE_LABEL=Initialize the selected token:
+INSTALLRAKEYWIZARD_DIALOG_BLANKLEN_MESSAGE=Key length cannot be blank
+INSTALLRAKEYWIZARD_DIALOG_NONINTEGER_MESSAGE=Key length is not an integer
+INSTALLRAKEYWIZARD_DIALOG_INVALIDKEYLEN_MESSAGE=Invalid key length
+INSTALLRAKEYWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INSTALLRAKEYWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INSTALLRAKEYWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INSTALLRAKEYWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+INSTALLRAKEYWIZARD_DIALOG_RSAINVALID_MESSAGE=The RSA key length must be divisible by 8.
+INSTALLRAKEYWIZARD_DIALOG_DSAINVALID_MESSAGE=The DSA key length must be divisible by 64, and within the range of 512 to 1024.
+INSTALLRAKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLKRAKEYWIZARD_TITLE=Installation Wizard
+INSTALLKRAKEYWIZARD_BORDER_INSTALLKRAKEYWIZARD_LABEL=Key-Pair Information for Data Recovery Manager Transport Certificate
+INSTALLKRAKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+INSTALLKRAKEYWIZARD_LABEL_PWD_LABEL=Password:
+INSTALLKRAKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+INSTALLKRAKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+INSTALLKRAKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+INSTALLKRAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+INSTALLKRAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+INSTALLKRAKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_2=Custom
+INSTALLKRAKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_0=1024
+INSTALLKRAKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_1=Custom
+INSTALLKRAKEYWIZARD_LABEL_UNITS_LABEL=bits
+INSTALLKRAKEYWIZARD_LABEL_KEY_LABEL=Specify the key type and key length:
+INSTALLKRAKEYWIZARD_LABEL_CUSTOMKEY_LABEL=Enter a value for the customized key length:
+INSTALLKRAKEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) for the key pair:
+INSTALLKRAKEYWIZARD_DIALOG_KRACERTNOTFOUND_MESSAGE=The KRA transport certificate cannot be found
+INSTALLKRAKEYWIZARD_LABEL_INITTOKEN_LABEL=Initialize the selected token:
+INSTALLKRAKEYWIZARD_LABEL_LOGONTOKEN_LABEL=Logon to the selected token:
+INSTALLKRAKEYWIZARD_LABEL_PASSWD_LABEL=Password:
+INSTALLKRAKEYWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+INSTALLKRAKEYWIZARD_LABEL_SOP_LABEL=Security officer password:
+INSTALLKRAKEYWIZARD_LABEL_LOGIN_LABEL=Logon to the selected token:
+INSTALLKRAKEYWIZARD_LABEL_INITIALIZE_LABEL=Initialize the selected token:
+INSTALLKRAKEYWIZARD_DIALOG_BLANKLEN_MESSAGE=Key length cannot be blank
+INSTALLKRAKEYWIZARD_DIALOG_NONINTEGER_MESSAGE=Key length is not an integer
+INSTALLKRAKEYWIZARD_DIALOG_INVALIDKEYLEN_MESSAGE=Invalid key length
+INSTALLKRAKEYWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INSTALLKRAKEYWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INSTALLKRAKEYWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INSTALLKRAKEYWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+INSTALLKRAKEYWIZARD_DIALOG_RSAINVALID_MESSAGE=The RSA key length must be divisible by 8.
+INSTALLKRAKEYWIZARD_DIALOG_DSAINVALID_MESSAGE=The DSA key length must be divisible by 64, and within the range of 512 to 1024.
+INSTALLKRAKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLSERVERKEYWIZARD_TITLE=Installation Wizard
+INSTALLSERVERKEYWIZARD_BORDER_INSTALLSERVERKEYWIZARD_LABEL=Key-Pair Information for SSL Server Certificate
+INSTALLSERVERKEYWIZARD_LABEL_TOKEN_LABEL=Token:
+INSTALLSERVERKEYWIZARD_LABEL_PWD_LABEL=Password:
+INSTALLSERVERKEYWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+INSTALLSERVERKEYWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+INSTALLSERVERKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+INSTALLSERVERKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+INSTALLSERVERKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+INSTALLSERVERKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_2=Custom
+INSTALLSERVERKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_0=1024
+INSTALLSERVERKEYWIZARD_COMBOBOX_DSAKEYLENGTH_VALUE_1=Custom
+INSTALLSERVERKEYWIZARD_LABEL_UNITS_LABEL=bits
+INSTALLSERVERKEYWIZARD_LABEL_KEY_LABEL=Specify the key type and key length:
+INSTALLSERVERKEYWIZARD_LABEL_CUSTOMKEY_LABEL=Enter a value for the customized key length:
+INSTALLSERVERKEYWIZARD_LABEL_SELECTTOKEN_LABEL=Select the token (cryptographic device) for the key pair:
+INSTALLSERVERKEYWIZARD_DIALOG_SERVERCERTNOTFOUND_MESSAGE=The SSL server certificate cannot be found
+INSTALLSERVERKEYWIZARD_LABEL_INITTOKEN_LABEL=Initialize the selected token:
+INSTALLSERVERKEYWIZARD_LABEL_LOGONTOKEN_LABEL=Logon to the selected token:
+INSTALLSERVERKEYWIZARD_LABEL_PASSWD_LABEL=Password:
+INSTALLSERVERKEYWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+INSTALLSERVERKEYWIZARD_LABEL_SOP_LABEL=Security officer password:
+INSTALLSERVERKEYWIZARD_LABEL_LOGIN_LABEL=Logon to the selected token:
+INSTALLSERVERKEYWIZARD_LABEL_INITIALIZE_LABEL=Initialize the selected token:
+INSTALLSERVERKEYWIZARD_DIALOG_BLANKLEN_MESSAGE=Key length cannot be blank
+INSTALLSERVERKEYWIZARD_DIALOG_NONINTEGER_MESSAGE=Key length is not an integer
+INSTALLSERVERKEYWIZARD_DIALOG_INVALIDKEYLEN_MESSAGE=Invalid key length
+INSTALLSERVERKEYWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INSTALLSERVERKEYWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INSTALLSERVERKEYWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INSTALLSERVERKEYWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+INSTALLSERVERKEYWIZARD_DIALOG_RSAINVALID_MESSAGE=The RSA key length must be divisible by 8.
+INSTALLSERVERKEYWIZARD_DIALOG_DSAINVALID_MESSAGE=The DSA key length must be divisible by 64, and within the range of 512 to 1024.
+INSTALLSERVERKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLKRASTORAGEKEYWIZARD_TITLE=Installation Wizard
+INSTALLKRASTORAGEKEYWIZARD_BORDER_INSTALLKRASTORAGEKEYWIZARD_LABEL=Storage Key Creation for Data Recovery Manager
+INSTALLKRASTORAGEKEYWIZARD_LABEL_HEADING_LABEL=Specify the key length of the storage key:
+INSTALLKRASTORAGEKEYWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+INSTALLKRASTORAGEKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+INSTALLKRASTORAGEKEYWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+INSTALLCACERTDNWIZARD_TITLE=Installation Wizard
+INSTALLCACERTDNWIZARD_LABEL_SUBJECTNAME_LABEL=The current subject name in distinguished name (DN) format is:
+INSTALLCACERTDNWIZARD_BORDER_INSTALLCACERTDNWIZARD_LABEL=Subject Name for Certificate Manager CA Signing Certificate
+INSTALLCACERTDNWIZARD_LABEL_DN_LABEL=To modify the subject DN for the certificate:
+INSTALLCACERTDNWIZARD_RADIOBUTTON_DNCOMP_LABEL=Enter the values for the subject DN components:
+INSTALLCACERTDNWIZARD_RADIOBUTTON_DNSTRING_LABEL=Enter the values for the subject DN string:
+INSTALLCACERTDNWIZARD_LABEL_CN_LABEL=Common name (CN=):
+INSTALLCACERTDNWIZARD_LABEL_OU_LABEL=Organizational unit (OU=):
+INSTALLCACERTDNWIZARD_LABEL_O_LABEL=Organization (O=):
+INSTALLCACERTDNWIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+INSTALLCACERTDNWIZARD_LABEL_STATE_LABEL=State (ST=):
+INSTALLCACERTDNWIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+INSTALLCACERTDNWIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+INSTALLCACERTDNWIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+INSTALLCACERTDNWIZARD_LABEL_NEWDN_LABEL=New DN:
+INSTALLCACERTDNWIZARD_DIALOG_BLANKFIELD_MESSAGE=Subject DN cannot be blank
+INSTALLCACERTDNWIZARD_DIALOG_MISSINGO_MESSAGE=Leaving out O= will cause Communicator 4.X\nto crash during SSL client authentication. If you do not provide\nan O= attribute, you will not be able to access\nthe issuing agent pages.
+INSTALLCACERTDNWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLRACERTDNWIZARD_TITLE=Installation Wizard
+INSTALLRACERTDNWIZARD_LABEL_SUBJECTNAME_LABEL=The current subject name in distinguished name (DN) format is:
+INSTALLRACERTDNWIZARD_BORDER_INSTALLRACERTDNWIZARD_LABEL=Subject Name for Registration Manager Signing Certificate
+INSTALLRACERTDNWIZARD_LABEL_DN_LABEL=To modify the subject DN for the certificate:
+INSTALLRACERTDNWIZARD_RADIOBUTTON_DNCOMP_LABEL=Enter the values for the subject DN components:
+INSTALLRACERTDNWIZARD_RADIOBUTTON_DNSTRING_LABEL=Enter the values for the subject DN string:
+INSTALLRACERTDNWIZARD_LABEL_CN_LABEL=Common name (CN=):
+INSTALLRACERTDNWIZARD_LABEL_OU_LABEL=Organizational unit (OU=):
+INSTALLRACERTDNWIZARD_LABEL_O_LABEL=Organization (O=):
+INSTALLRACERTDNWIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+INSTALLRACERTDNWIZARD_LABEL_STATE_LABEL=State (ST=):
+INSTALLRACERTDNWIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+INSTALLRACERTDNWIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+INSTALLRACERTDNWIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+INSTALLRACERTDNWIZARD_LABEL_NEWDN_LABEL=New DN:
+INSTALLRACERTDNWIZARD_DIALOG_BLANKFIELD_MESSAGE=Subject DN cannot be blank
+INSTALLRACERTDNWIZARD_DIALOG_MISSINGO_MESSAGE=Leaving out O= will cause Communicator 4.X\nto crash during SSL client authentication. If you do not provide\nan O= attribute, you will not be able to access\nthe issuing agent pages.
+INSTALLRACERTDNWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work,\nthen restart the\nwizard.
+INSTALLKRACERTDNWIZARD_TITLE=Installation Wizard
+INSTALLKRACERTDNWIZARD_LABEL_SUBJECTNAME_LABEL=The current subject name in distinguished name (DN) format is:
+INSTALLKRACERTDNWIZARD_BORDER_INSTALLKRACERTDNWIZARD_LABEL=Subject Name for Data Recovery Manager Transport Certificate
+INSTALLKRACERTDNWIZARD_LABEL_DN_LABEL=To modify the subject DN for the certificate:
+INSTALLKRACERTDNWIZARD_RADIOBUTTON_DNCOMP_LABEL=Enter the values for the subject DN components:
+INSTALLKRACERTDNWIZARD_RADIOBUTTON_DNSTRING_LABEL=Enter the values for the subject DN string:
+INSTALLKRACERTDNWIZARD_LABEL_CN_LABEL=Common name (CN=):
+INSTALLKRACERTDNWIZARD_LABEL_OU_LABEL=Organizational unit (OU=):
+INSTALLKRACERTDNWIZARD_LABEL_O_LABEL=Organization (O=):
+INSTALLKRACERTDNWIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+INSTALLKRACERTDNWIZARD_LABEL_STATE_LABEL=State (ST=):
+INSTALLKRACERTDNWIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+INSTALLKRACERTDNWIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+INSTALLKRACERTDNWIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+INSTALLKRACERTDNWIZARD_LABEL_NEWDN_LABEL=New DN:
+INSTALLKRACERTDNWIZARD_DIALOG_BLANKFIELD_MESSAGE=Subject DN cannot be blank
+INSTALLKRACERTDNWIZARD_DIALOG_MISSINGO_MESSAGE=Leaving out O= will cause Communicator 4.X\nto crash during SSL client authentication. If you do not provide\nan O= attribute, you will not be able to access\nthe issuing agent pages.
+INSTALLKRACERTDNWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLSSLCERTDNWIZARD_TITLE=Installation Wizard
+INSTALLSSLCERTDNWIZARD_LABEL_SUBJECTNAME_LABEL=The current subject name in distinguished name (DN) format is:
+INSTALLSSLCERTDNWIZARD_BORDER_INSTALLSSLCERTDNWIZARD_LABEL=Subject Name for SSL Server Certificate
+INSTALLSSLCERTDNWIZARD_LABEL_DN_LABEL=WARNING: If this is a cloned system which resides on the same machine as your master subsystem, please be sure to make its DN different than that of the master's (can be achieved by manipulating fields other than the CN attribute), violation of which will result in an error during startup.\n\nTo modify the subject DN for the certificate:
+INSTALLSSLCERTDNWIZARD_RADIOBUTTON_DNCOMP_LABEL=Enter the values for the subject DN components:
+INSTALLSSLCERTDNWIZARD_RADIOBUTTON_DNSTRING_LABEL=Enter the values for the subject DN string:
+INSTALLSSLCERTDNWIZARD_LABEL_CN_LABEL=*Common name (CN=):
+INSTALLSSLCERTDNWIZARD_LABEL_OU_LABEL=Organizational unit (OU=):
+INSTALLSSLCERTDNWIZARD_LABEL_O_LABEL=Organization (O=):
+INSTALLSSLCERTDNWIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+INSTALLSSLCERTDNWIZARD_LABEL_STATE_LABEL=State (ST=):
+INSTALLSSLCERTDNWIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+INSTALLSSLCERTDNWIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+INSTALLSSLCERTDNWIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+INSTALLSSLCERTDNWIZARD_LABEL_NEWDN_LABEL=New DN:
+INSTALLSSLCERTDNWIZARD_DIALOG_BLANKFIELD_MESSAGE=Subject DN cannot be blank
+INSTALLSSLCERTDNWIZARD_DIALOG_MISSINGO_MESSAGE=Leaving out O= will cause Communicator 4.X\nto crash during SSL client authentication. If you do not provide\nan O= attribute, you will not be able to access\nthe issuing agent pages.
+INSTALLSSLCERTDNWIZARD_DIALOG_MISSINGCN_MESSAGE=Leaving out CN= will cause problems with Communicator 4.X. If you do not provide\na CN= attribute, you will not be able to access\nthe issuing agent pages.
+INSTALLSSLCERTDNWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INTROINSTALLWIZARD_TITLE=Installation Wizard
+INTROINSTALLWIZARD_BORDER_INTROINSTALLWIZARD_LABEL=Introduction
+INTROINSTALLWIZARD_TEXT_DESC_LABEL=Welcome to Dogtag Certificate System (DCS).\n\nThis installation wizard will take you through the tasks necessary to configure CS.\n\nYou may suspend the installation process by pressing cancel. When you restart this wizard, you will be able to continue where you left off.\n\nYou may create additional instances of CS by right-clicking on the 'Server Group' item in the main console window.
+INTROINSTALLWIZARD_TEXT_HEADING_LABEL=Select one of the following steps to continue the configuration of the certificate server.
+INTROINSTALLWIZARD_RADIOBUTTON_CREATEDB_LABEL=Create an internal database
+INTROINSTALLWIZARD_RADIOBUTTON_NETWORK_LABEL=Configure network ports
+INTROINSTALLWIZARD_RADIOBUTTON_ADMIN_LABEL=Setup the certificate server administrator
+INTROINSTALLWIZARD_RADIOBUTTON_SUBSYSTEMS_LABEL=Select server subsystems
+INTROINSTALLWIZARD_RADIOBUTTON_MIGRATION_LABEL=Migrate from a previous certificate server 1.0 installation
+CLONEINSTALLWIZARD_TITLE=Installation Wizard
+CLONEINSTALLWIZARD_BORDER_CLONEINSTALLWIZARD_LABEL=Clone Feature
+CLONEINSTALLWIZARD_TEXT_DESC_LABEL=You are installing a cloned subsystem.\n\n To install a cloned subsystem, execute the following steps on the command line if you have not already performed them:\n\n1) In the master's <server_root>/alias directory, copy cert-<master_instance_id>-<master_machine_name>-cert8.db and cert-<master_instance_id>-<master_machine_name>-key3.db to this cloned instance's cert-<clone_instance_id>-<clone_machine_name>-cert8.db and cert-<clone_instance_id>-<clone_machine_name>-key3.db in the same directory.\n\n2) Copy the master's <server_root>/<master_instance_id>/config/kra-cert.db to the clone's <server_root>/<clone_instance_id>/config/kra-cert.db (For Data Recovery Manager Clone Only)\n\n3)Copy the master's <server_root>/<master_instance_id>/config/kra-key.db to clone's <server_root>/<clone_instance_id>/config/kra-key.db (For Data Recovery Manager Clone Only, and if the master DRM's storage key is not stored on a hardware token)\n\n4)Copy the master's <server_root>/<master_instance_id>/config/kra-mn.conf to the clone's <server_root>/<clone_instance_id>/config/kra-mn.conf (For Data Recovery Manager Clone Only)\n\n5) Click cancel to exit this installation wizard and then click open to restart this wizard.
+INSTALLDBAGAIN_TITLE=Installation Wizard
+INSTALLDBAGAIN_BORDER_INSTALLDBAGAIN_LABEL=Re-Create Internal Database
+INSTALLDBAGAIN_RADIOBUTTON_YES_LABEL=Yes, create another new internal database
+INSTALLDBAGAIN_RADIOBUTTON_NO_LABEL=No, do not create another new internal database
+INSTALLDBAGAIN_TEXT_HEADING_LABEL=The internal database has been created. If you want to re-create a new internal database, you have to remove the previous internal database first.
+MASTERORCLONE_TITLE=Installation Wizard
+MASTERORCLONE_BORDER_MASTERORCLONE_LABEL=Cloning
+MASTERORCLONE_RADIOBUTTON_YES_LABEL=Yes.
+MASTERORCLONE_RADIOBUTTON_NO_LABEL=No.
+MASTERORCLONE_TEXT_HEADING_LABEL=Are you setting up a clone for an existing subsystem? For high-availability, subsystems can be cloned to provide multiple access points to the users.
+INSTALLMODEWIZARD_TITLE=Installation Wizard
+INSTALLMODEWIZARD_BORDER_INSTALLMODEWIZARD_LABEL=Installation Mode
+INSTALLMODEWIZARD_LABEL_MODE_LABEL=Select Installation Mode:
+INSTALLMODEWIZARD_RADIOBUTTON_EXPRESS_LABEL=Express
+INSTALLMODEWIZARD_TEXT_EXPRESS_LABEL=Express installation mode will install self-signed CA and all Certificate Server Services using the default configuration.
+INSTALLMODEWIZARD_RADIOBUTTON_CUSTOM_LABEL=Custom
+INSTALLMODEWIZARD_TEXT_CUSTOM_LABEL=Custom installation mode allows advanced configuration for all Certificate Server Services.
+CLONEMASTERWIZARD_TITLE=Installation Wizard
+CLONEMASTERWIZARD_BORDER_CLONEMASTERWIZARD_LABEL=Clone Master CA
+CLONEMASTERWIZARD_TEXT_ISCLONECA_LABEL=Do you want to connect the Clone Master CA?
+CLONEMASTERWIZARD_TEXT_HEADING_LABEL=Specify the host name and port numbers for the Clone Master CA
+CLONEMASTERWIZARD_RADIOBUTTON_YES_LABEL=Yes
+CLONEMASTERWIZARD_RADIOBUTTON_NO_LABEL=No
+CLONEMASTERWIZARD_LABEL_HOST_LABEL=Host name:
+CLONEMASTERWIZARD_LABEL_PORT_LABEL=Clone Master Agent SSL port number:
+CLONEMASTERWIZARD_LABEL_PORTEE_LABEL=Clone Master EE SSL port number:
+CLONEMASTERWIZARD_LABEL_TIMEOUT_LABEL=Timeout (Sec.):
+CLONEMASTERWIZARD_LABEL_TIMEUNIT_LABEL=(Seconds)
+CLONEMASTERWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+CLONEMASTERWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+CLONEMASTERWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+CLONEMASTERWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+CLONEMASTERWIZARD_DIALOG_BLANKTIMEOUT_MESSAGE=Timeout cannot be blank.
+REMOTECAWIZARD_TITLE=Installation Wizard
+REMOTECAWIZARD_BORDER_REMOTECAWIZARD_LABEL=Remote Certificate Manager
+REMOTECAWIZARD_TEXT_HEADING_LABEL=Specify the host name and port number for the Certificate Manager
+REMOTECAWIZARD_LABEL_HOST_LABEL=Host name:
+REMOTECAWIZARD_LABEL_PORT_LABEL=Agent SSL port number:
+REMOTECAWIZARD_LABEL_TIMEOUT_LABEL=Timeout (Sec.):
+REMOTECAWIZARD_LABEL_TIMEUNIT_LABEL=(Seconds)
+REMOTECAWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+REMOTECAWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+REMOTECAWIZARD_DIALOG_BLANKTIMEOUT_MESSAGE=Timeout cannot be blank.
+REMOTECAWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+REMOTECAWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+REMOTEKRAWIZARD_TITLE=Installation Wizard
+REMOTEKRAWIZARD_BORDER_REMOTEKRAWIZARD_LABEL=Remote Data Recovery Manager
+REMOTEKRAWIZARD_TEXT_ISREMOTEKRA_LABEL=Do you want to connect the current subsystems to a remote data recovery manager?
+REMOTEKRAWIZARD_TEXT_HEADING_LABEL=Specify the host name and port number for the Data Recovery Manager
+REMOTEKRAWIZARD_RADIOBUTTON_YES_LABEL=Yes
+REMOTEKRAWIZARD_RADIOBUTTON_NO_LABEL=No
+REMOTEKRAWIZARD_LABEL_HOST_LABEL=Host name:
+REMOTEKRAWIZARD_LABEL_PORT_LABEL=Agent SSL port number:
+REMOTEKRAWIZARD_LABEL_TIMEOUT_LABEL=Timeout (Sec.):
+REMOTEKRAWIZARD_LABEL_TIMEUNIT_LABEL=(Seconds)
+REMOTEKRAWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+REMOTEKRAWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+REMOTEKRAWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+REMOTEKRAWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+REMOTEKRAWIZARD_DIALOG_BLANKTIMEOUT_MESSAGE=Timeout cannot be blank.
+SERVICESWIZARD_TITLE=Installation Wizard
+SERVICESWIZARD_BORDER_SERVICESWIZARD_LABEL=Subsystems
+SERVICESWIZARD_LABEL_INSTALL_LABEL=Select the subsystems to be installed:
+SERVICESWIZARD_LABEL_INSTALL_CLONE_LABEL=You will now proceed to install a Clone of the following subsystem:
+SERVICESWIZARD_RADIOBUTTON_CA_LABEL=Certificate Manager
+SERVICESWIZARD_RADIOBUTTON_RA_LABEL=Registration Manager
+SERVICESWIZARD_RADIOBUTTON_OCSP_LABEL=Online Certificate Status Manager
+SERVICESWIZARD_RADIOBUTTON_KRA_LABEL=Data Recovery Manager
+SERVICESWIZARD_RADIOBUTTON_TKS_LABEL=Token Key Service Manager
+SERVICESWIZARD_LABEL_CMHOST_LABEL=Ceritificate Manager host name:
+SERVICESWIZARD_LABEL_CMPORT_LABEL=Certificate Manager Secure End-Entity port number:
+SERVICESWIZARD_DIALOG_NOCOLOCATED_MESSAGE=The Certificate Manager and Registration Manager cannot be co-located
+SERVICESWIZARD_DIALOG_NOSERVICESINSTALLED_MESSAGE=No subsytems were selected
+SERVICESWIZARD_DIALOG_BLANKHOST_MESSAGE=Host field cannot be blank
+SERVICESWIZARD_DIALOG_BLANKPORT_MESSAGE=Port field cannot be blank
+SERVICESWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=Port field cannot be a non-number
+SERVICESWIZARD_DIALOG_INCORRECTRESPONSE_MESSAGE=Incorrect response from the server
+SERVICESWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+SERVICESWIZARD_LABEL_CAOCSP_LABEL=The Certificate Manager and OCSP Manager are not allowed to be co-located.
+SERVICESWIZARD_LABEL_CARA_LABEL=The Certificate Manager and Registration Manager are not allowed to be co-located.
+SERVICESWIZARD_LABEL_RAOCSP_LABEL=The Registration Manager and OCSP Manager are not allowed to be co-located.
+SERVICESWIZARD_LABEL_KRAOCSP_LABEL=The Data Recovery Manager and OCSP Manager are not allowed to be co-located.
+SERVICESWIZARD_LABEL_CAOCSPKRA_LABEL=The Certificate Manager, Data Recovery Manager, and OCSP Manager are not allowed to be co-located.
+SERVICESWIZARD_LABEL_RAOCSPKRA_LABEL=The Registration Manager, Data Recovery Manager, and OCSP Manager are not allowed to be co-located.
+NETWORKWIZARD_TITLE=Installation Wizard
+NETWORKWIZARD_TEXT_HEADING1_LABEL=Enter the following information for the Master CS server:
+NETWORKWIZARD_LABEL_AGENTPORT_LABEL=Agent Port:
+NETWORKWIZARD_BORDER_NETWORKWIZARD_LABEL=Network Configuration
+NETWORKWIZARD_TEXT_DESC_LABEL=Select the network port numbers CS will use for:
+NETWORKWIZARD_BORDER_ADMIN_LABEL=Administration
+NETWORKWIZARD_BORDER_AGENT_LABEL=Agent
+NETWORKWIZARD_BORDER_EE_LABEL=End-Entity
+NETWORKWIZARD_LABEL_ADMINSSLPORT_LABEL=SSL administration port:
+NETWORKWIZARD_DIALOG_BLANKFIELD_MESSAGE=No fields can be blank!
+NETWORKWIZARD_DIALOG_BLANKFIELD_TITLE=Error
+NETWORKWIZARD_DIALOG_SAMEPORT_TITLE=Error
+NETWORKWIZARD_DIALOG_SAMEPORT_MESSAGE=Ports cannot share the same value
+NETWORKWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=Port numbers must be integers!
+NETWORKWIZARD_DIALOG_NUMBERFORMAT_TITLE=Number Format Error
+NETWORKWIZARD_DIALOG_PORTRANGE_MESSAGE=Valid port numbers are between 1 and 65535 inclusive!
+NETWORKWIZARD_DIALOG_PORTRANGE_TITLE=Port Number Out Of Range
+NETWORKWIZARD_LABEL_GATEWAYSSLPORT_LABEL=SSL end-entity port:
+NETWORKWIZARD_LABEL_AGENTSSLPORT_LABEL=SSL agent port:
+NETWORKWIZARD_LABEL_AGENTSSLPORT_TTIP=Agent secure port number should be between 1 and 65535 inclusive
+NETWORKWIZARD_LABEL_GATEWAYPORT_LABEL=Non-SSL end-entity port:
+NETWORKWIZARD_LABEL_GATEWAYPORT_TTIP=Gateway port number should be between 1 and 65535 inclusive
+NETWORKWIZARD_LABEL_ADMINBACKLOG_LABEL=Backlog:
+NETWORKWIZARD_LABEL_ADMINBACKLOG_TTIP=Specify the backlog size
+NETWORKWIZARD_LABEL_EEBACKLOG_LABEL=Backlog:
+NETWORKWIZARD_LABEL_EEBACKLOG_TTIP=Specify the backlog size
+NETWORKWIZARD_LABEL_SECUREEEBACKLOG_LABEL=Backlog:
+NETWORKWIZARD_LABEL_SECUREEEBACKLOG_TTIP=Specify the backlog size
+NETWORKWIZARD_LABEL_SECUREAGENTBACKLOG_LABEL=Backlog:
+NETWORKWIZARD_LABEL_SECUREAGENTBACKLOG_TTIP=Specify the backlog size
+NETWORKWIZARD_LABEL_ENABLED_LABEL=Enable:
+NETWORKWIZARD_LABEL_ENABLED_TTIP=Enable the end-entity non-secure port
+NETWORKWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+NETWORKWIZARD_WARNING=You just disabled the non-SSL end-entity port\nwhich is required for the OCSP service. You need to\nhave this port selected for the service.
+KRASCHEME1WIZARD_TITLE=Installation Wizard
+KRASCHEME1WIZARD_BORDER_KRASCHEME1WIZARD_LABEL=Data Recovery Key Scheme - 1
+KRASCHEME1WIZARD_LABEL_REQUIRED_LABEL=Number of recovery agents required:
+KRASCHEME1WIZARD_LABEL_AVAILABLE_LABEL=Total number of recovery agents:
+KRASCHEME1WIZARD_DIALOG_CANNOTBEBLANK_MESSAGE=Fields cannot be blank!
+KRASCHEME1WIZARD_DIALOG_LARGER_MESSAGE=The number of required recovery agents is greater than that of available recovery agents!
+KRASCHEME1WIZARD_DIALOG_NOTINTEGER_MESSAGE=Fields must be integers!
+KRASCHEME1WIZARD_DIALOG_NONZERO_MESSAGE=Fields must be a nonzero number!
+KRASCHEME2WIZARD_TITLE=Installation Wizard
+KRASCHEME2WIZARD_BORDER_KRASCHEME2WIZARD_LABEL=Data Recovery Key Scheme - 2
+KRASCHEME2WIZARD_LABEL_HEADING_LABEL=Enter new recovery agent UIDs and passwords:
+KRASCHEME2WIZARD_DIALOG_CANNOTBEBLANK_MESSAGE=Fields cannot be blank!
+KRASCHEME2WIZARD_DIALOG_PASSWORDERROR_MESSAGE=One or more passwords specified in the password and confirm fields do not match!
+KRASCHEME2WIZARD_DIALOG_DUPLICATEERROR_MESSAGE=Not allowed for duplicate user ids!
+KRASCHEME2WIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INTROMIGRATIONWIZARD_TITLE=Installation Wizard
+INTROMIGRATIONWIZARD_BORDER_INTROMIGRATIONWIZARD_LABEL=Server Migration from Certificate Server 1.x - Step 1
+INTROMIGRATIONWIZARD_LABEL_DESC_LABEL=Do you want to migrate your keys and certificates from a previous Netscape Certificate Server 1.x installation?
+INTROMIGRATIONWIZARD_RADIOBUTTON_YES_LABEL=Yes
+INTROMIGRATIONWIZARD_RADIOBUTTON_NO_LABEL=No
+INTROMIGRATIONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+MIGRATIONWIZARD_TITLE=Installation Wizard
+MIGRATIONWIZARD_BORDER_MIGRATIONWIZARD_LABEL=Server Migration from Certificate Server 1.x - Step 2
+MIGRATIONWIZARD_TEXT_DESC_LABEL=Enter the following information for data migration:
+MIGRATIONWIZARD_LABEL_PATH_LABEL=Pathname of the output files:
+MIGRATIONWIZARD_LABEL_TRANSPORTPASSWORD_LABEL=Transport password:
+MIGRATIONWIZARD_LABEL_DBPASSWORD_LABEL=Internal database password:
+MIGRATIONWIZARD_LABEL_SELECTCATOKEN_LABEL=Select the token in which the CA signing certificate will reside:
+MIGRATIONWIZARD_LABEL_SELECTSSLTOKEN_LABEL=Select the token in which the SSL server certificate will reside:
+MIGRATIONWIZARD_LABEL_TOKEN_LABEL=Token:
+MIGRATIONWIZARD_LABEL_INITTOKEN_LABEL=Initialize the selected token:
+MIGRATIONWIZARD_LABEL_LOGONTOKEN_LABEL=Logon to the selected token:
+MIGRATIONWIZARD_LABEL_PASSWD_LABEL=Password:
+MIGRATIONWIZARD_LABEL_PASSWDAGAIN_LABEL=Password again:
+MIGRATIONWIZARD_LABEL_SOP_LABEL=Security officer password:
+MIGRATIONWIZARD_LABEL_LOGIN_LABEL=Logon to the selected token:
+MIGRATIONWIZARD_LABEL_INITIALIZE_LABEL=Initialize the selected token:
+MIGRATIONWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+MIGRATIONWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+MIGRATIONWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+MIGRATIONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+MIGRATIONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+TRUSTDBWIZARD_TITLE=Installation Wizard
+TRUSTDBWIZARD_BORDER_TRUSTDBWIZARD_LABEL=Initialize the Internal Token
+TRUSTDBWIZARD_TEXT_DESC_LABEL=If you want to put any certificates (e. g. - CA signing certificate, SSL certificate) in the internal token, please initialize the token as follows:
+TRUSTDBWIZARD_LABEL_PASSWD_LABEL=Password:
+TRUSTDBWIZARD_LABEL_PASSWDAGAIN_LABEL=Password (again):
+CACERTWIZARD_TITLE=Installation Wizard
+CACERTWIZARD_BORDER_CACERTWIZARD_LABEL=Setup the CA Signing Key and Certificate -1
+CACERTWIZARD_TEXT_HEADING_LABEL=Is this Certificate Authority a self-signed CA or a subordinate CA?
+CACERTWIZARD_RADIOBUTTON_SELF_LABEL=Self-signed Certificate authority
+CACERTWIZARD_RADIOBUTTON_SUBORDINATE_LABEL=Subordinate Certificate authority
+CACERTWIZARD_TEXT_HEADING1_LABEL=How do you wish to submit this certificate request to the certificate authority (CA)?
+CACERTWIZARD_RADIOBUTTON_EMAIL_LABEL=To CA's email address:
+CACERTWIZARD_RADIOBUTTON_URL_LABEL=To CA's URL:
+CACERTWIZARD_RADIOBUTTON_MANUAL_LABEL=Manually
+CACERT1WIZARD_TITLE=Installation Wizard
+CACERT1WIZARD_BORDER_CACERT1WIZARD_LABEL=Setup the CA Signing Key and Certificate -2
+CACERT1WIZARD_TEXT_HEADING_LABEL=The Certificate Authority generates a CA signing certificate to sign other certificates.
+CACERT1WIZARD_TEXT_HARDWARE_LABEL=If you select a token other than the internal token, please login first.
+CACERT1WIZARD_TEXT_TOKENHEADING_LABEL=The keypair can reside on the internal token or on an external token.
+CACERT1WIZARD_LABEL_TOKEN_LABEL=Token:
+CACERT1WIZARD_LABEL_PWD_LABEL=Password:
+CACERT1WIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+CACERT1WIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+CACERT1WIZARD_LABEL_KEYTYPE_LABEL=Key type:
+CACERT1WIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+CACERT1WIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+CACERT1WIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+CACERT1WIZARD_LABEL_UNITS_LABEL=bits
+CACERT1WIZARD_TEXT_KEY_LABEL=Please specify the key type and key length as follows:
+CACERT1CUSTOMWIZARD_TITLE=Installation Wizard
+CACERT1CUSTOMWIZARD_BORDER_CACERT1CUSTOMWIZARD_LABEL=Setup the CA Signing Key and Certificate -2
+CACERT1CUSTOMWIZARD_TEXT_HEADING_LABEL=The Certificate Authority generates a CA signing certificate to sign other certificates.
+CACERT1CUSTOMWIZARD_TEXT_HARDWARE_LABEL=If you select a token other than the internal token, please login first.
+CACERT1CUSTOMWIZARD_TEXT_TOKENHEADING_LABEL=The keypair can reside on the internal token or on an external token.
+CACERT1CUSTOMWIZARD_LABEL_TOKEN_LABEL=Token:
+CACERT1CUSTOMWIZARD_LABEL_PWD_LABEL=Password:
+CACERT1CUSTOMWIZARD_COMBOBOX_KEYTYPE_VALUE_0=RSA
+CACERT1CUSTOMWIZARD_COMBOBOX_KEYTYPE_VALUE_1=DSA
+CACERT1CUSTOMWIZARD_LABEL_KEYTYPE_LABEL=Key type:
+CACERT1CUSTOMWIZARD_LABEL_KEYLENGTH_LABEL=Key length:
+CACERT1CUSTOMWIZARD_COMBOBOX_KEYLENGTH_VALUE_0=1024
+CACERT1CUSTOMWIZARD_COMBOBOX_KEYLENGTH_VALUE_1=2048
+CACERT1CUSTOMWIZARD_LABEL_UNITS_LABEL=bits
+CACERT1CUSTOMWIZARD_TEXT_KEY_LABEL=Please specify the key type and key length as follows:
+CACERT1CUSTOMWIZARD_TEXT_CUSTOMKEY_LABEL=If you want to customize the key length, please enter the value as follows:
+CACERT2WIZARD_TITLE=Installation Wizard
+CACERT2WIZARD_BORDER_CACERT2WIZARD_LABEL=Setup the CA Signing Key and Certificate -3
+CACERT2WIZARD_TEXT_DN_LABEL=Specify the Subject Distinguished Name for the certificate.
+CACERT2WIZARD_LABEL_CN_LABEL=Common Name (CN=):
+CACERT2WIZARD_LABEL_OU_LABEL=Organizational Unit (OU=):
+CACERT2WIZARD_LABEL_O_LABEL=Organization (O=):
+CACERT2WIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+CACERT2WIZARD_LABEL_STATE_LABEL=State (ST=):
+CACERT2WIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+CACERT2WIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+CACERT2WIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+CACERT2WIZARD_LABEL_NEWDN_LABEL=New DN:
+CACERT2WIZARD_TEXT_VALIDITY_LABEL=Specify the Validity Period for the certificate.
+CACERT2WIZARD_LABEL_VALIDITY_LABEL=Validity period:
+CACERT2WIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+CACERT2WIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+CACERT2WIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+CERTDNWIZARD_TITLE=Certificate Setup Wizard
+CERTDNWIZARD_LABEL_SUBJECTNAME_LABEL=The current subject name in distinguished name (DN) format:
+CERTDNWIZARD_BORDER_CASIGNING_LABEL=Subject Name for Certificate Manager CA Signing Certificate
+CERTDNWIZARD_BORDER_OCSPSIGNING_LABEL=Subject Name for OCSP Signing Certificate
+CERTDNWIZARD_BORDER_RASIGNING_LABEL=Subject Name for Registration Manager Signing Certificate
+CERTDNWIZARD_BORDER_KRATRANSPORT_LABEL=Subject Name for Data Recovery Manager Transport Certificate
+CERTDNWIZARD_BORDER_SERVER_LABEL=Subject Name for SSL Server Certificate
+CERTDNWIZARD_LABEL_DN_LABEL=To modify the subject DN for the certificate.
+CERTDNWIZARD_RADIOBUTTON_DNCOMP_LABEL=Enter the values for the subject DN components:
+CERTDNWIZARD_RADIOBUTTON_DNSTRING_LABEL=Enter the values for the subject DN string:
+CERTDNWIZARD_BORDER_OTHER_LABEL=Subject Name for log and CRL Signing Certificate
+CERTDNWIZARD_LABEL_CN_LABEL=Common Name (CN=):
+CERTDNWIZARD_LABEL_OU_LABEL=Organizational Unit (OU=):
+CERTDNWIZARD_LABEL_O_LABEL=Organization (O=):
+CERTDNWIZARD_LABEL_LOCALITY_LABEL=Locality (L=):
+CERTDNWIZARD_LABEL_STATE_LABEL=State (ST=):
+CERTDNWIZARD_LABEL_COUNTRY_LABEL=Country (C=):
+CERTDNWIZARD_LABEL_SELECTEDDN_LABEL=Selected DN:
+CERTDNWIZARD_TEXT_NEWDNHEADING_LABEL=If you want to modify the selected DN, please enter the new one as follows:
+CERTDNWIZARD_LABEL_NEWDN_LABEL=New DN:
+CERTDNWIZARD_TEXT_VALIDITY_LABEL=Specify the Validity Period for the certificate.
+CERTDNWIZARD_LABEL_VALIDITY_LABEL=Validity period:
+CERTDNWIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+CERTDNWIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+CERTDNWIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+CERTDNWIZARD_DIALOG_BLANKFIELD_MESSAGE=Subject DN cannot be empty
+CERTDNWIZARD_DIALOG_MISSINGO_MESSAGE=Leaving out O= will cause Communicator 4.x to crash during SSL\nclient authentication. If you do not provide an O= attribute,\nyou will not be able to access the issuing agent pages.
+CERTVALIDWIZARD_TITLE=Certificate Setup Wizard
+CERTVALIDWIZARD_BORDER_CASIGNING_LABEL=Validity Period for Certificate Manager CA Signing Certificate
+CERTVALIDWIZARD_BORDER_OCSPSIGNING_LABEL=Validity Period for OCSP Signing Certificate
+CERTVALIDWIZARD_BORDER_RASIGNING_LABEL=Validity Period for Registration Manager Signing Certificate
+CERTVALIDWIZARD_BORDER_KRATRANSPORT_LABEL=Validity Period for Data Recovery Manager Transport Certificate
+CERTVALIDWIZARD_BORDER_SERVER_LABEL=Validity Period for SSL Server Certificate
+CERTVALIDWIZARD_BORDER_SUBSYSTEM_LABEL=Validity Period for Subsystem Certificate
+CERTVALIDWIZARD_LABEL_VALIDITY_LABEL=Specify the validity period for the certificate:
+CERTVALIDWIZARD_LABEL_BEGIN_LABEL=Begin on:
+CERTVALIDWIZARD_LABEL_EXPIRE_LABEL=Expire on:
+CERTVALIDWIZARD_LABEL_YEAR_LABEL=YYYY
+CERTVALIDWIZARD_LABEL_MONTH_LABEL=MM
+CERTVALIDWIZARD_LABEL_DAY_LABEL=DD
+CERTVALIDWIZARD_LABEL_HOUR_LABEL=HH
+CERTVALIDWIZARD_LABEL_MIN_LABEL=mm
+CERTVALIDWIZARD_LABEL_SEC_LABEL=SS
+CERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_0=days
+CERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_1=months
+CERTVALIDWIZARD_COMBOBOX_VALIDITY_VALUE_2=years
+CERTVALIDWIZARD_DIALOG_INVALIDYEAR_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDYEAR_MESSAGE=Invalid year
+CERTVALIDWIZARD_DIALOG_INVALIDMONTH_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDMONTH_MESSAGE=Invalid month
+CERTVALIDWIZARD_DIALOG_INVALIDDAY_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDDAY_MESSAGE=Invalid day
+CERTVALIDWIZARD_DIALOG_INVALIDHOUR_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDHOUR_MESSAGE=Invalid hour
+CERTVALIDWIZARD_DIALOG_INVALIDMIN_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDMIN_MESSAGE=Invalid minute
+CERTVALIDWIZARD_DIALOG_INVALIDSEC_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDSEC_MESSAGE=Invalid second
+CERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDBEGINDATE_MESSAGE=Invalid begin time
+CERTVALIDWIZARD_DIALOG_INVALIDENDDATE_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDENDDATE_MESSAGE=Invalid end time
+CERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_TITLE=Error
+CERTVALIDWIZARD_DIALOG_SMALLAFTERDATE_MESSAGE=Begin Date should not be earlier than After Date
+CERTVALIDWIZARD_DIALOG_INVALIDCACERT_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDCACERT_MESSAGE=Your Certificate Manager CA Signing Certificate is not valid since the begin time is set in the future. You will not be able to sign any certificate at all.
+CERTVALIDWIZARD_DIALOG_INVALIDRACERT_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDRACERT_MESSAGE=Your Registration Manager Signing Certificate is not valid since the begin time is set in the future.
+CERTVALIDWIZARD_DIALOG_INVALIDRACERT_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDKRACERT_MESSAGE=Your Data Recovery Manager Transport Certificate is not valid since the begin time is set in the future.
+CERTVALIDWIZARD_DIALOG_INVALIDSSLCERT_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDSSLCERT_MESSAGE=Your SSL Server Certificate is not valid since the begin time is set in the future.
+CERTVALIDWIZARD_DIALOG_INVALIDSUBSYSTEMCERT_TITLE=Error
+CERTVALIDWIZARD_DIALOG_INVALIDSUBSYSTEMCERT_MESSAGE=Your Certificate Manager Subsystem Certificate is not valid since the begin time is set in the future.
+CERTVALIDWIZARD_LABEL_MAXYEAR_LABEL=The maximum value for the year field is 2037
+CERTREQUESTWIZARD_TITLE=Installation Wizard
+CERTREQUESTWIZARD_BORDER_CERTREQUESTWIZARD_LABEL=Generate a Certificate Request
+CERTREQUESTWIZARD_TEXT_UNIXDESC_LABEL=If you're using Unix, your request has been emailed automatically to the CA for you. After you receive the certificate from the CA, run this wizard again to install the certificate. To exit the wizard now, click Cancel.
+CERTREQUESTWIZARD_TEXT_NTDESC_LABEL=If you're using Windows NT, you need to manually email this request to the CA. There are two methods for doing this. Click help for detailed information.
+CERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+COPYCERTREQUESTWIZARD_TITLE=Certificate Setup Wizard
+COPYCERTREQUESTWIZARD_BORDER_COPYCERTREQUESTWIZARD_LABEL=Submission of Request
+COPYCERTREQUESTWIZARD_TEXT_UNIXDESC_LABEL=If you're using Unix, your request has been emailed automatically to the CA for you. After you receive the certificate from the CA, run this wizard again to install the certificate. To exit the wizard now, click Cancel.
+COPYCERTREQUESTWIZARD_TEXT_NTDESC_LABEL=If you're using Windows NT, you need to manually email this request to the CA. There are two methods for doing this. Click help for detailed information.
+COPYCERTREQUESTWIZARD_LABEL_DESC_LABEL=Select the way to submit your request:
+COPYCERTREQUESTWIZARD_RADIOBUTTON_EMAIL_LABEL=To CA's email address:
+COPYCERTREQUESTWIZARD_RADIOBUTTON_URL_LABEL=To CA's URL:
+COPYCERTREQUESTWIZARD_RADIOBUTTON_MANUAL_LABEL=Manually
+COPYCERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+COPYCERTREQUESTWIZARD_TEXT_CONTACT_LABEL=Enter contact information if your request is submitted via CA's email address or URL:
+COPYCERTREQUESTWIZARD_LABEL_NAME_LABEL=Name:
+COPYCERTREQUESTWIZARD_LABEL_EMAILADDRESS_LABEL=Email address:
+COPYCERTREQUESTWIZARD_LABEL_PHONE_LABEL=Phone number:
+MANUALCERTREQUESTWIZARD_TITLE=Certificate Setup Wizard
+MANUALCERTREQUESTWIZARD_BORDER_MANUALCERTREQUESTWIZARD_LABEL=Submission of Request
+MANUALCERTREQUESTWIZARD_TEXT_DESC_LABEL=Copy the base-64 encoded certificate request (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the CA's server enrollment form.
+MANUALCERTREQUESTWIZARD_TEXT_CADESC_LABEL=Copy the base-64 encoded certificate request (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the Certificate Manager enrollment form.
+MANUALCERTREQUESTWIZARD_TEXT_RADESC_LABEL=Copy the base-64 encoded certificate request (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the Registration Manager enrollment form.
+MANUALCERTREQUESTWIZARD_TEXT_KRADESC_LABEL=Copy the base-64 encoded certificate request (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the CA's SSL server enrollment form.
+MANUALCERTREQUESTWIZARD_TEXT_SSLDESC_LABEL=Copy the base-64 encoded certificate request (including -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST-----) from the text area below and paste it into the CA's SSL server enrollment form.
+MANUALCERTREQUESTWIZARD_TEXT_OTHERFILELOC_LABEL=file location
+MANUALCERTREQUESTWIZARD_TEXT_OTHERDESC_LABEL=certificate description
+MANUALCERTREQUESTWIZARD_BUTTON_COPY_LABEL=Copy to the Clipboard
+MANUALCERTREQUESTWIZARD_TEXT_CAFILELOC_LABEL=This certificate request has been saved to a text file called cacsr.txt which is located in the
+MANUALCERTREQUESTWIZARD_TEXT_OCSPFILELOC_LABEL=This certificate request has been saved to a text file called ocspcsr.txt which is located in the
+MANUALCERTREQUESTWIZARD_TEXT_RAFILELOC_LABEL=This certificate request has been saved to a text file called racsr.txt which is located in the
+MANUALCERTREQUESTWIZARD_TEXT_KRAFILELOC_LABEL=This certificate request has been saved to a text file called kracsr.txt which is located in the
+MANUALCERTREQUESTWIZARD_TEXT_SSLFILELOC_LABEL=This certificate request has been saved to a text file called sslcsr.txt which is located in the
+MANUALCERTREQUESTWIZARD_TEXT_SSLRADMFILELOC_LABEL=This certificate request has been saved to a text file called sslcsrradm.txt which is located in the
+MANUALCERTREQUESTWIZARD_CHECKBOX_SENDNOW_LABEL=Send the request to a remote CS now
+MANUALCERTREQUESTWIZARD_TEXT_SENDNOW_LABEL=Specify the remote CA's host name and EE port number:
+MANUALCERTREQUESTWIZARD_LABEL_HOST_LABEL=Host name:
+MANUALCERTREQUESTWIZARD_LABEL_PORT_LABEL=EE port number:
+MANUALCERTREQUESTWIZARD_DIALOG_BLANKHOST_MESSAGE=Host name cannot be blank.
+MANUALCERTREQUESTWIZARD_DIALOG_BLANKPORT_MESSAGE=Port number cannot be blank.
+MANUALCERTREQUESTWIZARD_DIALOG_INVALIDPORT_MESSAGE=Port number is not an integer.
+MANUALCERTREQUESTWIZARD_DIALOG_OUTOFRANGE_MESSAGE=Port number is not between 1 and 65535 inclusive
+MANUALCERTREQUESTWIZARD_TEXT_SSL_LABEL=Is it an SSL secure port?
+MANUALCERTREQUESTWIZARD_CHECKBOX_SSL_LABEL=Yes. It's the SSL secure EE port.
+INTROINSTALLCERTWIZARD_TITLE=Certificate Setup Wizard
+INTROINSTALLCERTWIZARD_BORDER_INTROINSTALLCERTWIZARD_LABEL=Install the Certificate
+INTROINSTALLCERTWIZARD_TEXT_DESC_LABEL=The wizard will now guide you through the certificate installation process. If you want to skip this process, you can click \"Cancel\" to exit the wizard.
+PASTECERTWIZARD_TITLE=Certificate Setup Wizard
+PASTECERTWIZARD_BORDER_PASTECERTWIZARD_LABEL=Location of Certificate
+PASTECERTWIZARD_LABEL_INTRO_LABEL=Indicate the location of the certificate:
+PASTECERTWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+PASTECERTWIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in this file:
+PASTECERTWIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the text area below:
+PASTECERTWIZARD_TEXT_DESC_LABEL=Paste a base-64 encoded certificate (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the text area.
+PASTECERTWIZARD_DIALOG_EMPTYFILE_MESSAGE=The file field should not be empty
+PASTECERTWIZARD_DIALOG_FILENOTFOUND_MESSAGE=File not found
+PASTECERTWIZARD_DIALOG_B64EEMPTY_MESSAGE=The base-64 encoded text field should not be empty
+DISPLAYCERTWIZARD_TITLE=Certificate Setup Wizard
+DISPLAYCERTWIZARD_BORDER_DISPLAYCERTWIZARD_LABEL=Certificate Details
+DISPLAYCERTWIZARD_LABEL_NAME_LABEL=Certificate name:
+DISPLAYCERTWIZARD_LABEL_CONTENT_LABEL=This is the certificate you have chosen to install:
+DISPLAYCERTWIZARD_BUTTON_ADD_LABEL=Install
+DISPLAYCERTWIZARD_DIALOG_NOTINSTALL_MESSAGE=You have not installed the cerificate.
+DISPLAYCERTWIZARD_DIALOG_INSTALL_TITLE=Information
+DISPLAYCERTWIZARD_DIALOG_INSTALL_MESSAGE=The certificate has been installed successfully
+WARNINGWIZARD_TITLE=Certificate Setup Wizard
+WARNINGWIZARD_BORDER_WARNINGWIZARD_LABEL=Warning
+WARNINGWIZARD_TEXT_DESC_LABEL=This is a warning. You have chosen the new key material for the CA signing certificate and need to realize the consequences of this decision.
+WARNINGWIZARD_LABEL_WARNING_LABEL=Do you realize the consequences? If yes, please click OK
+WARNINGWIZARD_BUTTON_OK_LABEL=OK
+WARNINGWIZARD_DIALOG_PROCEED_MESSAGE=You need to click OK and Next to proceed to the next page
+WARNINGEXECUTEWIZARD_TITLE=Certificate Setup Wizard
+WARNINGEXECUTEWIZARD_BORDER_WARNINGEXECUTEWIZARD_LABEL=Warning
+WARNINGEXECUTEWIZARD_TEXT_DESC_LABEL=This is a warning. You have chosen the new key material for the CA signing certificate and need to realize the consequences of this decision.
+WARNINGEXECUTEWIZARD_LABEL_WARNING_LABEL=If you realize the consequences and decide to use the new key material to create the CA signing certificate, please click OK and then Next to create the certificate.
+WARNINGEXECUTEWIZARD_BUTTON_OK_LABEL=OK
+WARNINGEXECUTEWIZARD_DIALOG_PROCEED_MESSAGE=You need to click OK and Next to proceed to the next page
+WARNINGEXECUTE1WIZARD_TITLE=Certificate Setup Wizard
+WARNINGEXECUTE1WIZARD_BORDER_WARNINGEXECUTE1WIZARD_LABEL=Warning
+WARNINGEXECUTE1WIZARD_TEXT_DESC_LABEL=This is a warning. You have chosen the new key material for the CA signing certificate and need to realize the consequences of this decision.
+WARNINGEXECUTE1WIZARD_LABEL_WARNING_LABEL=If you realize the consequences and decide to use the new key material to create the CA signing certificate, please click OK and then Next to create the certificate request.
+WARNINGEXECUTE1WIZARD_BUTTON_OK_LABEL=OK
+WARNINGEXECUTE1WIZARD_DIALOG_PROCEED_MESSAGE=You need to click OK and Next to proceed to the next page
+EXECUTEWIZARD_TITLE=Certificate Setup Wizard
+EXECUTEWIZARD_BORDER_EXECUTEWIZARD_LABEL=Certificate Creation
+EXECUTEWIZARD_TEXT_DESC_LABEL=The self-signed Certificate Manager certificate is ready to install. Click Next to install.
+EXECUTEWIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate. Click Next to continue.
+EXECUTEWIZARD_TEXT_OLDKEY_LABEL=The wizard has all the information required to generate the certificate. Click Next to continue.
+EXECUTEWIZARD_DIALOG_PROCEED_MESSAGE=You need to click OK and Next to proceed to the next page
+EXECUTE1WIZARD_TITLE=Certificate Setup Wizard
+EXECUTE1WIZARD_BORDER_EXECUTE1WIZARD_LABEL=Certificate Request
+EXECUTE1WIZARD_BORDER_CASIGNING_LABEL=Certificate Request for Certificate Manager CA Signing Certificate
+EXECUTE1WIZARD_BORDER_OCSPSIGNING_LABEL=Certificate Request for OCSP Signing Certificate
+EXECUTE1WIZARD_BORDER_RASIGNING_LABEL=Certificate Request for Registration Manager Signing Certificate
+EXECUTE1WIZARD_BORDER_KRATRANSPORT_LABEL=Certificate Request for Data Recovery Manager Transport Certificate
+EXECUTE1WIZARD_BORDER_SERVER_LABEL=Certificate Request for SSL Server Certificate
+EXECUTE1WIZARD_BORDER_OTHER_LABEL=Certificate Request for log and CRL signing Certificate
+EXECUTE1WIZARD_TEXT_NEWKEY_LABEL=The wizard has all the information required to generate the key pair and the corresponding certificate request. Click Next to continue.
+EXECUTE1WIZARD_RADIOBUTTON_PKCS10_LABEL=Generate a PKCS #10 request.
+EXECUTE1WIZARD_RADIOBUTTON_CMC_LABEL=Generate a full CMC enrollment request.
+EXECUTE1WIZARD_TEXT_OLDKEY_LABEL=The wizard has all the information required to generate the certificate request. Click Next to continue.
+EXECUTE1WIZARD_DIALOG_PROCEED_MESSAGE=You need to click OK and Next to proceed to the next page
+ISSUEIMPORTSTATUSWIZARD_TITLE=Certificate Setup Wizard
+ISSUEIMPORTSTATUSWIZARD_BORDER_ISSUEIMPORTSTATUSWIZARD_LABEL=Status
+ISSUEIMPORTSTATUSWIZARD_TEXT_DESC_LABEL=The certificate has been successfully installed. Click Done to exit from this wizard. You need to restart the server right away.
+REQUESTSTATUSWIZARD_TITLE=Certificate Setup Wizard
+REQUESTSTATUSWIZARD_BORDER_REQUESTSTATUSWIZARD_LABEL=  Status
+REQUESTSTATUSWIZARD_TEXT_REQUEST_LABEL=The certificate request process has been finished. Click Done to exit from this wizard. If you just finish submitting your certificate request, make sure to inform the CA to approve the request. As soon as the certificate is received, please re-enter the Certificate Setup Wizard to install the certificate.
+INSTALLSTATUSWIZARD_TITLE=Certificate Setup Wizard
+INSTALLSTATUSWIZARD_BORDER_INSTALLSTATUSWIZARD_LABEL=Status
+INSTALLSTATUSWIZARD_TEXT_SUCCESS_LABEL=The certificate has been successfully installed. Click Done to exit from this wizard. You need to restart the server right away.
+INSTALLSTATUSWIZARD_TEXT_FAIL_LABEL=The certificate has not been successfully installed. Please try again or exit.
+INSTALLCERT1WIZARD_TITLE=Installation Wizard
+INSTALLCERT1WIZARD_BORDER_INSTALLCERT1WIZARD_LABEL=Install the certificate -1
+INSTALLCERT1WIZARD_TEXT_DESC_LABEL=(Paste the base-64 Encoded certificate with BEGIN and END headers.)
+INSTALLCERT1WIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+INSTALLCERT1WIZARD_RADIOBUTTON_FILE_LABEL=The certificate is located in the following file:
+INSTALLCERT1WIZARD_RADIOBUTTON_BASE64_LABEL=The certificate is located in the following text area:
+INSTALLCERT1WIZARD_TEXT_DESC_LABEL=Paste the base-64 Encoded certificate with BEGIN and END headers
+INSTALLCERT2WIZARD_TITLE=Installation Wizard
+INSTALLCERT2WIZARD_BORDER_INSTALLCERT2WIZARD_LABEL=Install the certificate -2
+INSTALLCERT2WIZARD_LABEL_SUBJECTDN_LABEL=This certificate belongs to:
+INSTALLCERT2WIZARD_LABEL_ISSUE_LABEL=This certificate was issued by:
+INSTALLCERT2WIZARD_LABEL_SERIAL_LABEL=Serial number:
+INSTALLCERT2WIZARD_LABEL_VALID_LABEL=This certificate is valid from {0} to {1}
+INSTALLCERT2WIZARD_LABEL_FINGERPRINT_LABEL=Certificate fingerprint:
+INSTALLCERT2WIZARD_BUTTON_ADD_LABEL=Add
+CERTEXTENSIONWIZARD_TITLE=Installation Wizard
+CERTEXTENSIONWIZARD_BORDER_CERTEXTENSIONWIZARD_LABEL=Setup the CA Signing Key and Certificate -4
+CERTEXTENSIONWIZARD_TEXT_HEADING_LABEL=Specify certificate extension:
+CERTEXTENSIONWIZARD_CHECKBOX_MIME_LABEL=Extension in base-64 DER encoding
+CERTEXTENSIONWIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+CERTEXTENSIONWIZARD_CHECKBOX_BASIC_LABEL=Basic constraints
+CERTEXTENSIONWIZARD_CHECKBOX_CA_LABEL=CA
+CERTEXTENSIONWIZARD_LABEL_CERTPATHLENGTH_LABEL=Certification path length:
+CERTEXTENSIONWIZARD_CHECKBOX_NETSCAPE_LABEL=Netscape certificate type
+CERTEXTENSIONWIZARD_CHECKBOX_SSLCLIENT_LABEL=SSL client bit
+CERTEXTENSIONWIZARD_CHECKBOX_SSLSERVER_LABEL=SSL server bit
+CERTEXTENSIONWIZARD_CHECKBOX_EMAIL_LABEL=SSL email bit
+CERTEXTENSIONWIZARD_CHECKBOX_OBJECTSIGNING_LABEL=Object signing bit
+CERTEXTENSIONWIZARD_CHECKBOX_SSLCA_LABEL=SSL CA bit
+CERTEXTENSIONWIZARD_CHECKBOX_EMAILCA_LABEL=Email CA bit
+CERTEXTENSIONWIZARD_CHECKBOX_OBJECTSIGNINGCA_LABEL=Object signing CA bit
+CERTEXTENSIONWIZARD_CHECKBOX_AIA_LABEL=Authority Information Access
+CERTEXTENSIONWIZARD_CHECKBOX_AKI_LABEL=Authority key identifier
+CERTEXTENSIONWIZARD_CHECKBOX_SKI_LABEL=Subject key identifier
+CERTEXTENSIONWIZARD_CHECKBOX_OCSPNOCHECK_LABEL=OCSP no check
+CERTEXTENSIONWIZARD_TEXT_CMC_LABEL=(Required for a CMC request)
+CERTEXTENSION1WIZARD_TITLE=Certificate Setup Wizard
+CERTEXTENSION1WIZARD_BORDER_CASIGNING_LABEL=Certificate Extensions for Certificate Manager CA Signing Certificate
+CERTEXTENSION1WIZARD_BORDER_OCSPSIGNING_LABEL=Certificate Extensions for OCSP Signing Certificate
+CERTEXTENSION1WIZARD_BORDER_RASIGNING_LABEL=Certificate Extensions for Registration Manager Signing Certificate
+CERTEXTENSION1WIZARD_BORDER_KRATRANSPORT_LABEL=Certificate Extensions for Data Recovery Manager Transport Certificate
+CERTEXTENSION1WIZARD_BORDER_SERVER_LABEL=Certificate Extensions for SSL Server Certificate
+CERTEXTENSION1WIZARD_TEXT_HEADING_LABEL=Specify the certificate extensions for the certificate:
+CERTEXTENSION1WIZARD_CHECKBOX_MIME_LABEL=Base-64 SEQUENCE of extensions
+CERTEXTENSION1WIZARD_BUTTON_PASTE_LABEL=Paste from the Clipboard
+CERTEXTENSION1WIZARD_CHECKBOX_BASIC_LABEL=Basic constraints
+CERTEXTENSION1WIZARD_CHECKBOX_CA_LABEL=CA
+CERTEXTENSION1WIZARD_CHECKBOX_CERTPATHLENGTH_LABEL=Certification path length:
+CERTEXTENSION1WIZARD_CHECKBOX_EXTENDEDKEY_LABEL=Extended Key Usage
+CERTEXTENSION1WIZARD_CHECKBOX_SSLCLIENT_LABEL=SSL client
+CERTEXTENSION1WIZARD_CHECKBOX_SSLSERVER_LABEL=SSL server
+CERTEXTENSION1WIZARD_CHECKBOX_EMAIL_LABEL=S/MIME
+CERTEXTENSION1WIZARD_CHECKBOX_OBJECTSIGNING_LABEL=Object-signing
+CERTEXTENSION1WIZARD_CHECKBOX_TIMESTAMPING_LABEL=Time stamping
+CERTEXTENSION1WIZARD_CHECKBOX_OCSPSIGNING_LABEL=OCSP signing
+CERTEXTENSION1WIZARD_CHECKBOX_AIA_LABEL=Authority Information Access
+CERTEXTENSION1WIZARD_CHECKBOX_AKI_LABEL=Authority key identifier
+CERTEXTENSION1WIZARD_CHECKBOX_SKI_LABEL=Subject key identifier
+CERTEXTENSION1WIZARD_CHECKBOX_OCSPNOCHECK_LABEL=OCSP no check
+CERTEXTENSION1WIZARD_TEXT_CMC_LABEL=(Required for a CMC request)
+CERTEXTENSION1WIZARD_CHECKBOX_KEYUSAGE_LABEL=Key Usage
+CERTEXTENSION1WIZARD_DIALOG_DERBLANKFIELD_MESSAGE=Base-64 DER encoding field cannot be empty
+CERTMESSAGEDIGESTWIZARD_TITLE=Certificate Setup Wizard
+CERTMESSAGEDIGESTWIZARD_BORDER_CERTMESSAGEDIGESTWIZARD_LABEL=Message Digest Algorithm
+CERTMESSAGEDIGESTWIZARD_TEXT_HASHTYPE_LABEL=Select the signing algorithm to use when signing objects with this certificate:
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_0=MD2withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_1=MD5withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_2=SHA1withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_3=SHA256withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSAHASHTYPE_VALUE_4=SHA512withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_DSAHASHTYPE_VALUE_0=SHA1withDSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCHASHTYPE_VALUE_0=SHA1withEC
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCHASHTYPE_VALUE_1=SHA256withEC
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCHASHTYPE_VALUE_2=SHA384withEC
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCHASHTYPE_VALUE_3=SHA512withEC
+CERTMESSAGEDIGESTWIZARD_TEXT_SIGNEDBYTYPE_LABEL=Select the signing algorithm to use for computing the signature of this certificate:
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSASIGNEDBYTYPE_VALUE_0=MD2withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSASIGNEDBYTYPE_VALUE_1=MD5withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSASIGNEDBYTYPE_VALUE_2=SHA1withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSASIGNEDBYTYPE_VALUE_3=SHA256withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_RSASIGNEDBYTYPE_VALUE_4=SHA512withRSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_DSASIGNEDBYTYPE_VALUE_0=SHA1withDSA
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCSIGNEDBYTYPE_VALUE_0=SHA1withEC
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCSIGNEDBYTYPE_VALUE_1=SHA256withEC
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCSIGNEDBYTYPE_VALUE_2=SHA384withEC
+CERTMESSAGEDIGESTWIZARD_COMBOBOX_ECCSIGNEDBYTYPE_VALUE_3=SHA512withEC
+LOGGINGWIZARD_TITLE=Installation Wizard
+LOGGINGWIZARD_BORDER_LOGGINGWIZARD_LABEL=Logging
+LOGGINGWIZARD_CHECKBOX_SYSLOG_LABEL=Enable system log
+LOGGINGWIZARD_CHECKBOX_ERRORLOG_LABEL=Enable error log
+LOGGINGWIZARD_CHECKBOX_AUDITLOG_LABEL=Enable transactions log
+LOGGINGWIZARD_LABEL_LOGMAXSIZ_LABEL=Maximum size:
+LOGGINGWIZARD_LABEL_LOGBUFSIZ_LABEL=Buffer size:
+LOGGINGWIZARD_LABEL_LOGFQC_LABEL=Rotation frequency:
+LOGGINGWIZARD_LABEL_LOGFQC_TTIP=Frequency to rotate a log file
+LOGGINGWIZARD_LABEL_SIZEUNIT_LABEL=KB
+LOGGINGWIZARD_COMBOBOX_LOGFQC_VALUE_0=Hourly
+LOGGINGWIZARD_COMBOBOX_LOGFQC_VALUE_1=Daily
+LOGGINGWIZARD_COMBOBOX_LOGFQC_VALUE_2=Weekly
+LOGGINGWIZARD_COMBOBOX_LOGFQC_VALUE_3=Monthly
+LOGGINGWIZARD_COMBOBOX_LOGFQC_VALUE_4=Yearly
+LOGGINGWIZARD_LABEL_LOGLEVEL_LABEL=Log level:
+LOGGINGWIZARD_LABEL_LOGLEVEL_TTIP=Specify log level
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_0=Debug
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_1=Info
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_2=Warning
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_3=Failure
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_4=Misconfiguration
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_5=Catastrophe
+LOGGINGWIZARD_COMBOBOX_LOGLEVEL_VALUE_6=Security
+LOGGINGWIZARD_DIALOG_BLANKFIELD_MESSAGE=All fields must be filled
+LOGGINGWIZARD_DIALOG_BLANKFIELD_TITLE=Error Log Error
+LOGGINGWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=You must specify a numeric value
+LOGGINGWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error Log error
+LOGGINGWIZARD_BUTTON_REFRESH_LABEL=Refresh
+LOGGINGWIZARD_BUTTON_REFRESH_TTIP=Refresh error log content
+LOGGINGWIZARD_BUTTON_HELP_LABEL=Help
+LOGGINGWIZARD_BUTTON_HELP_TTIP=Online Help
+LOGGINGWIZARD_LABEL_NUMBERREC_LABEL=Number of entries
+LOGGINGWIZARD_LABEL_NUMBERREC_LTTIP=Specify mumber of entries to be returned
+INTERNALDBWIZARD_TITLE=Installation Wizard
+INTERNALDBWIZARD_BORDER_INTERNALDBWIZARD_LABEL=Internal Database
+INTERNALDBWIZARD_TEXT_HEADING_LABEL=CS needs access to an LDAP server instance to store requests and certificate records. This server instance is referred to as the internal database. You can either have CS create a new instance for you, or use an existing directory. For security reasons, you should not delegate control of this directory to unauthorized persons.
+INTERNALDBWIZARD_LABEL_PORT_LABEL=Port number:
+INTERNALDBWIZARD_LABEL_ADMIN_LABEL=Directory manager DN:
+INTERNALDBWIZARD_LABEL_VERSION_LABEL=Version:
+INTERNALDBWIZARD_COMBOBOX_VERSION_VALUE_0=2
+INTERNALDBWIZARD_COMBOBOX_VERSION_VALUE_1=3
+INTERNALDBWIZARD_LABEL_PWD_LABEL=Password:
+INTERNALDBWIZARD_LABEL_PWDAGAIN_LABEL=Password (again):
+INTERNALDBWIZARD_LABEL_INSTANCEID_LABEL=Instance ID:
+INTERNALDBWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error
+INTERNALDBWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+INTERNALDBWIZARD_DIALOG_PASSWD_TITLE=Error
+INTERNALDBWIZARD_DIALOG_PASSWD_MESSAGE=Failed to verify the password!
+INTERNALDBWIZARD_DIALOG_BLANKFIELD_TITLE=Error
+INTERNALDBWIZARD_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+INTERNALDBWIZARD_DIALOG_UNMATCHEDPASSWD_TITLE=Error
+INTERNALDBWIZARD_DIALOG_UNMATCHEDPASSWD_MESSAGE=The password does not match the confirmed password
+INTERNALDBWIZARD_DIALOG_SSLERROR_TITLE=Error
+INTERNALDBWIZARD_DIALOG_SSLERROR_MESSAGE=Need to enable SSL if SSL client authentication is selected
+INTERNALDBWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INTERNALDBWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INTERNALDBWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INTERNALDBWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password fields cannot be blank.
+INTERNALDBWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+EXISTINGDBWIZARD_TITLE=Installation Wizard
+EXISTINGDBWIZARD_BORDER_EXISTINGDBWIZARD_LABEL=Master Database
+EXISTINGDBWIZARD_TEXT_HEADING_LABEL=Enter the following information for the Master Database:
+EXISTINGDBWIZARD_LABEL_REMOTEHOST_LABEL=Host name:
+EXISTINGDBWIZARD_LABEL_REMOTEPORT_LABEL=Port number:
+EXISTINGDBWIZARD_LABEL_REMOTEADMIN_LABEL=Directory manager DN:
+EXISTINGDBWIZARD_LABEL_REMOTEPWD_LABEL=Password:
+EXISTINGDBWIZARD_LABEL_REMOTEBASEDN_LABEL=Base DN for this instance:
+EXISTINGDBWIZARD_DIALOG_EMPTYHOST_TITLE=Error
+EXISTINGDBWIZARD_DIALOG_EMPTYHOST_MESSAGE=Host name cannot be blank.
+EXISTINGDBWIZARD_DIALOG_EMPTYPORT_TITLE=Error
+EXISTINGDBWIZARD_DIALOG_EMPTYPORT_MESSAGE=Port cannot be blank.
+EXISTINGDBWIZARD_DIALOG_EMPTYBINDDN_TITLE=Error
+EXISTINGDBWIZARD_DIALOG_EMPTYBINDDN_MESSAGE=Bind DN cannot be blank.
+EXISTINGDBWIZARD_DIALOG_EMPTYPASSWD_TITLE=Error
+EXISTINGDBWIZARD_DIALOG_EMPTYPASSWD_MESSAGE=Password field cannot be blank.
+EXISTINGDBWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error
+EXISTINGDBWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be numeric.
+REPLDBWIZARD_TITLE=Installation Wizard
+REPLDBWIZARD_BORDER_REPLDBWIZARD_LABEL=Replication Setup
+REPLDBWIZARD_TEXT_HEADING_LABEL=CS needs to setup the replication between master and local consumer databases to achieve high availability. In this panel, the entry for the Replication Manager required for replication is being added to each database. The names for replication agreements are also needed.
+REPLDBWIZARD_CHECKBOX_ENABLE_LABEL=Enable Replication
+REPLDBWIZARD_TEXT_MASTER1_LABEL=Enter the password for the Replication Manager in the Master database:
+REPLDBWIZARD_LABEL_PASSWORD_LABEL=Password:
+REPLDBWIZARD_LABEL_PASSWORDAGAIN_LABEL=Password (again):
+REPLDBWIZARD_LABEL_MASTER2_LABEL=Enter the password for the Replication Manager in the Consumer database:
+REPLDBWIZARD_TEXT_AGREEMENT_LABEL=The following information is required for setting up the replication agreement.
+REPLDBWIZARD_TEXT_AGREEMENT1_LABEL=Specify the agreement name for master database to consumer database:
+REPLDBWIZARD_LABEL_NAME_LABEL=Agreement Name:
+REPLDBWIZARD_TEXT_AGREEMENT2_LABEL=Specify the agreement name for consumer database to master database:
+REPLDBWIZARD_DIALOG_EMPTYNAME_TITLE=Error
+REPLDBWIZARD_DIALOG_EMPTYNAME_MESSAGE=Replication agreement's name cannot be blank.
+REPLDBWIZARD_DIALOG_EMPTYPASSWORD_TITLE=Error
+REPLDBWIZARD_DIALOG_EMPTYPASSWORD_MESSAGE=Replication Manager's password cannot be blank.
+REPLDBWIZARD_DIALOG_NOTSAMEPASSWORD_TITLE=Error
+REPLDBWIZARD_DIALOG_NOTSAMEPASSWORD_MESSAGE=Replication Manager's password and password (again) are not identical
+REPLDBWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+CREATEINTERNALDBWIZARD_TITLE=Installation Wizard
+CREATEINTERNALDBWIZARD_BORDER_CREATEINTERNALDBWIZARD_LABEL=Consumer Database
+CREATEINTERNALDBWIZARD_TEXT_HEADING_LABEL=This consumer database provides the purpose of high availability. If you choose not to have this consumer database, the CS will connect to the Master database.
+CREATEINTERNALDBWIZARD_LABEL_PORT_LABEL=Port number:
+CREATEINTERNALDBWIZARD_LABEL_HOST_LABEL=Host name:
+CREATEINTERNALDBWIZARD_LABEL_BASEDN_LABEL=Base DN for this instance:
+CREATEINTERNALDBWIZARD_LABEL_DNAME_LABEL=Database Name (for DS 5.x or later):
+CREATEINTERNALDBWIZARD_CHECKBOX_SCHEMA_LABEL=Add CS-Specific Schema and Indices to Database?
+CREATEINTERNALDBWIZARD_LABEL_ADMIN_LABEL=Directory manager DN:
+CREATEINTERNALDBWIZARD_LABEL_VERSION_LABEL=Version:
+CREATEINTERNALDBWIZARD_COMBOBOX_VERSION_VALUE_0=2
+CREATEINTERNALDBWIZARD_COMBOBOX_VERSION_VALUE_1=3
+CREATEINTERNALDBWIZARD_LABEL_PWD_LABEL=Password:
+CREATEINTERNALDBWIZARD_LABEL_PWDAGAIN_LABEL=Password (again):
+CREATEINTERNALDBWIZARD_LABEL_INSTANCEID_LABEL=Instance ID:
+CREATEINTERNALDBWIZARD_CHECKBOX_ENABLE_LABEL=Consumer database for high availability
+CREATEINTERNALDBWIZARD_RADIOBUTTON_LOCAL_LABEL=Create a local consumer database
+CREATEINTERNALDBWIZARD_RADIOBUTTON_REMOTE_LABEL=Connect to the existing remote LDAP server
+CREATEINTERNALDBWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_NUMBERFORMAT_MESSAGE=Port number must be an integer!
+CREATEINTERNALDBWIZARD_DIALOG_PASSWD_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_PASSWD_MESSAGE=Failed to verify the password!
+CREATEINTERNALDBWIZARD_DIALOG_BLANKFIELD_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+CREATEINTERNALDBWIZARD_DIALOG_UNMATCHEDPASSWD_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_UNMATCHEDPASSWD_MESSAGE=The password does not match the confirmed password
+CREATEINTERNALDBWIZARD_DIALOG_SSLERROR_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_SSLERROR_MESSAGE=Need to enable SSL if SSL client authentication is selected
+CREATEINTERNALDBWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+CREATEINTERNALDBWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+CREATEINTERNALDBWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password fields cannot be blank.
+CREATEINTERNALDBWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INTERNALDBINFOWIZARD_TITLE=Installation Wizard
+INTERNALDBINFOWIZARD_BORDER_INTERNALDBINFOWIZARD_LABEL=Logon to the Certificate Server Internal Database
+INTERNALDBINFOWIZARD_TEXT_HEADING_LABEL=Enter the password for the directory manager DN:
+INTERNALDBINFOWIZARD_LABEL_ADMIN_LABEL=Directory manager DN:
+INTERNALDBINFOWIZARD_LABEL_PWD_LABEL=Password:
+INTERNALDBINFOWIZARD_DIALOG_NUMBERFORMAT_TITLE=Error
+INTERNALDBINFOWIZARD_DIALOG_PASSWD_TITLE=Error
+INTERNALDBINFOWIZARD_DIALOG_PASSWD_MESSAGE=Failed to verify the password!
+INTERNALDBINFOWIZARD_DIALOG_BLANKFIELD_TITLE=Error
+INTERNALDBINFOWIZARD_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+INTERNALDBINFOWIZARD_DIALOG_SSLERROR_TITLE=Error
+INTERNALDBINFOWIZARD_DIALOG_SSLERROR_MESSAGE=Need to enable SSL if SSL client authentication is selected
+INTERNALDBINFOWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+INTERNALDBINFOWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password fields cannot be blank.
+CATOKENLOGONWIZARD_TITLE=Installation Wizard
+CATOKENLOGONWIZARD_BORDER_CATOKENLOGONWIZARD_LABEL=Logon Token
+CATOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the token where the Certificate Manager CA Signing Certificate will reside:
+CATOKENLOGONWIZARD_TEXT_INIT_LABEL=Initialize the token where the Certificate Manager CA Signing Certificate will reside:
+CATOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+CATOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+CATOKENLOGONWIZARD_LABEL_PWDAGAIN_LABEL=Password Again:
+CATOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+CATOKENLOGONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+RATOKENLOGONWIZARD_TITLE=Installation Wizard
+RATOKENLOGONWIZARD_BORDER_RATOKENLOGONWIZARD_LABEL=Logon Token
+RATOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the token where the Registration Manager Signing Certificate will reside:
+RATOKENLOGONWIZARD_TEXT_INIT_LABEL=Initialize the token where the Registration Manager Signing Certificate will reside:
+RATOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+RATOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+RATOKENLOGONWIZARD_LABEL_PWDAGAIN_LABEL=Password Again:
+RATOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+RATOKENLOGONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+KRATOKENLOGONWIZARD_TITLE=Installation Wizard
+KRATOKENLOGONWIZARD_BORDER_KRATOKENLOGONWIZARD_LABEL=Logon Token
+KRATOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the token where the Data Recovery Manager Transport Certificate will reside:
+KRATOKENLOGONWIZARD_TEXT_INIT_LABEL=Initialize the token where the Data Recovery Manager Transport Certificate will reside:
+KRATOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+KRATOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+KRATOKENLOGONWIZARD_LABEL_PWDAGAIN_LABEL=Password Again:
+KRATOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+KRATOKENLOGONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+SSLTOKENLOGONWIZARD_TITLE=Installation Wizard
+SSLTOKENLOGONWIZARD_BORDER_SSLTOKENLOGONWIZARD_LABEL=Logon Token
+SSLTOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the token where the server SSL Certificate will reside:
+SSLTOKENLOGONWIZARD_TEXT_INIT_LABEL=Initialize the token where the server SSL Certificate will reside:
+SSLTOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+SSLTOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+SSLTOKENLOGONWIZARD_LABEL_PWDAGAIN_LABEL=Password Again:
+SSLTOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+SSLTOKENLOGONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INTERNALTOKENLOGONWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INTERNALTOKENLOGONWIZARD_TITLE=Installation Wizard
+INTERNALTOKENLOGONWIZARD_BORDER_INTERNALTOKENLOGONWIZARD_LABEL=Logon Token
+INTERNALTOKENLOGONWIZARD_TEXT_HEADING_LABEL=Logon to the internal token:
+INTERNALTOKENLOGONWIZARD_TEXT_INIT_LABEL=Initialize the internal cryptographic token:
+INTERNALTOKENLOGONWIZARD_LABEL_TOKEN_LABEL=Token:
+INTERNALTOKENLOGONWIZARD_LABEL_PWD_LABEL=Password:
+INTERNALTOKENLOGONWIZARD_LABEL_PWDAGAIN_LABEL=Password Again:
+INTERNALTOKENLOGONWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+INTERNALTOKENLOGONWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+INTERNALTOKENLOGONWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank.
+DBENROLLWIZARD_TITLE=Installation Wizard
+DBENROLLWIZARD_BORDER_DBENROLLWIZARD_LABEL=Setup Directory-Based Enrollment
+DBENROLLWIZARD_TEXT_HEADING_LABEL=The LDAP directory is used to authenticate the end-entity for certificate enrollment.
+DBENROLLWIZARD_CHECKBOX_ENABLE_LABEL=Enable directory-based enrollment
+DBENROLLWIZARD_BORDER_DESTINATION_LABEL=Destination
+DBENROLLWIZARD_LABEL_HOST_LABEL=Host name:
+DBENROLLWIZARD_LABEL_PORT_LABEL=Port number:
+DBENROLLWIZARD_CHECKBOX_SECUREPORT_LABEL=Use SSL communication
+DBENROLLWIZARD_LABEL_BASEDN_LABEL=Base DN:
+DBENROLLWIZARD_LABEL_VERSION_LABEL=LDAP version
+DBENROLLWIZARD_COMBOBOX_VERSION_VALUE_0=2
+DBENROLLWIZARD_COMBOBOX_VERSION_VALUE_1=3
+LDAPPUBLISHINGWIZARD_TITLE=Installation Wizard
+LDAPPUBLISHINGWIZARD_BORDER_DESTINATION_LABEL=Destination
+LDAPPUBLISHINGWIZARD_BORDER_LDAPPUBLISHINGWIZARD_LABEL=Setup LDAP Certificate Publishing
+LDAPPUBLISHINGWIZARD_TEXT_HEADING_LABEL=The issued Certificate will be automatically published to a specified LDAP server by Certificate Server.
+LDAPPUBLISHINGWIZARD_LABEL_HOST_LABEL=Host name:
+LDAPPUBLISHINGWIZARD_LABEL_PORT_LABEL=Port number:
+LDAPPUBLISHINGWIZARD_CHECKBOX_SECUREPORT_LABEL=Use SSL communication
+LDAPPUBLISHINGWIZARD_LABEL_BASEDN_LABEL=Base DN:
+LDAPPUBLISHINGWIZARD_LABEL_BINDAS_LABEL=Directory manager DN:
+LDAPPUBLISHINGWIZARD_LABEL_VERSION_LABEL=LDAP version:
+LDAPPUBLISHINGWIZARD_COMBOBOX_VERSION_VALUE_0=2
+LDAPPUBLISHINGWIZARD_COMBOBOX_VERSION_VALUE_1=3
+LDAPPUBLISHINGWIZARD_LABEL_AUTHTYPE_LABEL=Authentication:
+LDAPPUBLISHINGWIZARD_COMBOBOX_AUTHTYPE_VALUE_0=Basic authentication
+LDAPPUBLISHINGWIZARD_COMBOBOX_AUTHTYPE_VALUE_1=SSL client authentication
+LDAPPUBLISHINGWIZARD_LABEL_CERTLIST_LABEL=Client Certificate:
+LDAPPUBLISHINGWIZARD_CHECKBOX_ENABLE_LABEL=Enable LDAP publishing
+ADMININSTALLWIZARD_TITLE=Installation Wizard
+ADMININSTALLWIZARD_BORDER_ADMININSTALLWIZARD_LABEL=Administrator
+ADMININSTALLWIZARD_TEXT_HEADING_LABEL=The administrator is the privileged user who can access the CS console window. Specify the user ID, full name, and password for the CS administrator:
+ADMININSTALLWIZARD_LABEL_ADMINID_LABEL=Administrator ID:
+ADMININSTALLWIZARD_LABEL_FULLNAME_LABEL=Full name:
+ADMININSTALLWIZARD_LABEL_PASSWORD_LABEL=Password:
+ADMININSTALLWIZARD_LABEL_PASSWORDAGAIN_LABEL=Password (again):
+ADMININSTALLWIZARD_LABEL_DUMMY_LABEL=
+ADMININSTALLWIZARD_CHECKBOX_ENABLE_LABEL=Allow multiple roles for users
+ADMININSTALLWIZARD_DIALOG_NOTSAMEPASSWD_TITLE=Error
+ADMININSTALLWIZARD_DIALOG_NOTSAMEPASSWD_MESSAGE=The two passwords you entered do not match
+ADMININSTALLWIZARD_DIALOG_BLANKADMINID_TITLE=Error
+ADMININSTALLWIZARD_DIALOG_BLANKADMINID_MESSAGE=The administrator ID cannot be blank
+ADMININSTALLWIZARD_DIALOG_BLANKADMINNAME_TITLE=Error
+ADMININSTALLWIZARD_DIALOG_BLANKADMINNAME_MESSAGE=The administrator full name cannot be blank
+ADMININSTALLWIZARD_DIALOG_BLANKPASSWD_TITLE=Error
+ADMININSTALLWIZARD_DIALOG_BLANKPASSWD_MESSAGE=The password field cannot be blank
+ADMININSTALLWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+LOGONALLTOKENSWIZARD_TITLE=Installation Wizard
+LOGONALLTOKENSWIZARD_BORDER_LOGONALLTOKENSWIZARD_LABEL=Logon Tokens
+LOGONALLTOKENSWIZARD_TEXT_HEADING_LABEL=Logon to the following tokens:
+LOGONALLTOKENSWIZARD_DIALOG_CANNOTBEBLANK_MESSAGE=Password field cannot be blank.
+CLONECAKEYCERTWIZARD_TITLE=Installation Wizard
+CLONECAKEYCERTWIZARD_BORDER_CLONECAKEYCERTWIZARD_LABEL=Clone Key and Certificate Materials for CA Subsystem
+CLONECAKEYCERTWIZARD_TEXT_HEADING_LABEL=Select one of the following certificates as the cloned CA signing certificate for this instance:
+CLONECAKEYCERTWIZARD_TEXT_HEADING1_LABEL=Select one of the following certificates as the cloned OCSP signing certificate for this instance:
+CLONECAKEYCERTWIZARD_TEXT_HEADING2_LABEL=Select one of the following certificates as the cloned SSL server certificate for this instance:
+CLONECAKEYCERTWIZARD_LABEL_CANICKNAME_LABEL=CA Signing Certificate's Nickname:
+CLONECAKEYCERTWIZARD_LABEL_OCSPNICKNAME_LABEL=OCSP Signing Certificate's Nickname:
+CLONECAKEYCERTWIZARD_LABEL_SSLNICKNAME_LABEL=SSL Server Certificate's Nickname:
+CLONECAKEYCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+CLONEOCSPKEYCERTWIZARD_TITLE=Installation Wizard
+CLONEOCSPKEYCERTWIZARD_BORDER_CLONEOCSPKEYCERTWIZARD_LABEL=Clone Key and Certificate Materials for OCSP Subsystem
+CLONEOCSPKEYCERTWIZARD_TEXT_HEADING1_LABEL=Select one of the following certificates as the cloned OCSP signing certificate for this instance:
+CLONEOCSPKEYCERTWIZARD_TEXT_HEADING2_LABEL=Select one of the following certificates as the cloned SSL server certificate for this instance:
+CLONEOCSPKEYCERTWIZARD_LABEL_OCSPNICKNAME_LABEL=OCSP Signing Certificate's Nickname:
+CLONEOCSPKEYCERTWIZARD_LABEL_SSLNICKNAME_LABEL=SSL Server Certificate's Nickname:
+CLONEOCSPKEYCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+CLONERAKEYCERTWIZARD_TITLE=Installation Wizard
+CLONERAKEYCERTWIZARD_BORDER_CLONERAKEYCERTWIZARD_LABEL=Clone Key and Certificate Materials for RA Subsystem
+CLONERAKEYCERTWIZARD_TEXT_HEADING_LABEL=Select one of the following certificates as the cloned RA signing certificate for this instance:
+CLONERAKEYCERTWIZARD_TEXT_HEADING1_LABEL=Select one of the following certificates as the cloned SSL server certificate for this instance:
+CLONERAKEYCERTWIZARD_LABEL_RANICKNAME_LABEL=RA Signing Certificate's Nickname:
+CLONERAKEYCERTWIZARD_LABEL_SSLNICKNAME_LABEL=SSL Server Certificate's Nickname:
+CLONERAKEYCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+CLONEKRAKEYCERTWIZARD_TITLE=Installation Wizard
+CLONEKRAKEYCERTWIZARD_BORDER_CLONEKRAKEYCERTWIZARD_LABEL=Clone Key and Certificate Materials for DRM Subsystem
+CLONEKRAKEYCERTWIZARD_TEXT_HEADING_LABEL=Select one of the following certificates as the cloned DRM Transport certificate for this instance:
+CLONEKRAKEYCERTWIZARD_TEXT_HEADING1_LABEL=Select one of the following certificates as the cloned DRM Storage certificate for this instance:
+CLONEKRAKEYCERTWIZARD_TEXT_HEADING2_LABEL=Select one of the following certificates as the cloned SSL server certificate for this instance:
+CLONEKRAKEYCERTWIZARD_LABEL_KRANICKNAME_LABEL=DRM Transport  Certificate's Nickname:
+CLONEKRAKEYCERTWIZARD_LABEL_STORAGENICKNAME_LABEL=DRM Storage Certificate's Nickname:
+CLONEKRAKEYCERTWIZARD_LABEL_SSLNICKNAME_LABEL=SSL Server Certificate's Nickname:
+CLONEKRAKEYCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+CLONETKSKEYCERTWIZARD_TITLE=Installation Wizard
+CLONETKSKEYCERTWIZARD_BORDER_CLONETKSKEYCERTWIZARD_LABEL=Clone Key and Certificate Materials for TKS Subsystem
+CLONETKSKEYCERTWIZARD_TEXT_HEADING_LABEL=Select one of the following certificates as the cloned SSL server certificate for this instance:
+CLONETKSKEYCERTWIZARD_LABEL_SSLNICKNAME_LABEL=SSL Server Certificate's Nickname:
+CLONETKSKEYCERTWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLCAEXISTKEYWIZARD_TITLE=Installation Wizard
+INSTALLCAEXISTKEYWIZARD_BORDER_INSTALLCAEXISTKEYWIZARD_LABEL=Clone key and certificate materials
+INSTALLCAEXISTKEYWIZARD_TEXT_REUSE_LABEL=Do you want to use the existing Certificate Manager's key and certificate in the database?
+INSTALLCAEXISTKEYWIZARD_RADIOBUTTON_YES_LABEL=Yes
+INSTALLCAEXISTKEYWIZARD_RADIOBUTTON_NO_LABEL=No
+INSTALLCAEXISTKEYWIZARD_TEXT_INFO_LABEL=Specify information about the instance where your key and certificate materials were copied from:
+INSTALLCAEXISTKEYWIZARD_LABEL_INSTANCENAME_LABEL=Instance name:
+INSTALLCAEXISTKEYWIZARD_LABEL_TOKENNAME_LABEL=Token name:
+INSTALLCAEXISTKEYWIZARD_LABEL_PASSWORD_LABEL=Token password:
+INSTALLCAEXISTKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLRAEXISTKEYWIZARD_TITLE=Installation Wizard
+INSTALLRAEXISTKEYWIZARD_BORDER_INSTALLRAEXISTKEYWIZARD_LABEL=Clone key and certificate materials
+INSTALLRAEXISTKEYWIZARD_TEXT_REUSE_LABEL=Do you want to use the existing Registration Manager's key and certificate in the database?
+INSTALLRAEXISTKEYWIZARD_RADIOBUTTON_YES_LABEL=Yes
+INSTALLRAEXISTKEYWIZARD_RADIOBUTTON_NO_LABEL=No
+INSTALLRAEXISTKEYWIZARD_TEXT_INFO_LABEL=Specify information about the instance where your key and certificate materials were copied from:
+INSTALLRAEXISTKEYWIZARD_LABEL_INSTANCENAME_LABEL=Instance name:
+INSTALLRAEXISTKEYWIZARD_LABEL_TOKENNAME_LABEL=Token name:
+INSTALLRAEXISTKEYWIZARD_LABEL_PASSWORD_LABEL=Token password:
+INSTALLRAEXISTKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLKRAEXISTKEYWIZARD_TITLE=Installation Wizard
+INSTALLKRAEXISTKEYWIZARD_BORDER_INSTALLKRAEXISTKEYWIZARD_LABEL=Clone key and certificate materials
+INSTALLKRAEXISTKEYWIZARD_TEXT_REUSE_LABEL=Do you want to use the existing Data Recovery Manager's key and certificate in the database?
+INSTALLKRAEXISTKEYWIZARD_RADIOBUTTON_YES_LABEL=Yes
+INSTALLKRAEXISTKEYWIZARD_RADIOBUTTON_NO_LABEL=No
+INSTALLKRAEXISTKEYWIZARD_TEXT_INFO_LABEL=Specify information about the instance where your key and certificate materials were copied from:
+INSTALLKRAEXISTKEYWIZARD_LABEL_INSTANCENAME_LABEL=Instance name:
+INSTALLKRAEXISTKEYWIZARD_LABEL_TOKENNAME_LABEL=Token name:
+INSTALLKRAEXISTKEYWIZARD_LABEL_PASSWORD_LABEL=Token password:
+INSTALLKRAEXISTKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+INSTALLSSLEXISTKEYWIZARD_TITLE=Installation Wizard
+INSTALLSSLEXISTKEYWIZARD_BORDER_INSTALLSSLEXISTKEYWIZARD_LABEL=Clone key and certificate materials
+INSTALLSSLEXISTKEYWIZARD_TEXT_REUSE_LABEL=Do you want to use the existing SSL Server key and certificate in the database?
+INSTALLSSLEXISTKEYWIZARD_RADIOBUTTON_YES_LABEL=Yes
+INSTALLSSLEXISTKEYWIZARD_RADIOBUTTON_NO_LABEL=No
+INSTALLSSLEXISTKEYWIZARD_TEXT_INFO_LABEL=Specify information about the instance where your key and certificate materials were copied from:
+INSTALLSSLEXISTKEYWIZARD_LABEL_INSTANCENAME_LABEL=Instance name:
+INSTALLSSLEXISTKEYWIZARD_LABEL_TOKENNAME_LABEL=Token name:
+INSTALLSSLEXISTKEYWIZARD_LABEL_PASSWORD_LABEL=Token password:
+INSTALLSSLEXISTKEYWIZARD_TEXT_CLONESAMEMACHINE_LABEL=Cloning is performed on:
+INSTALLSSLEXISTKEYWIZARD_RADIOBUTTON_SAMEMACHINE_LABEL=Same machine
+INSTALLSSLEXISTKEYWIZARD_RADIOBUTTON_DIFFERENTMACHINE_LABEL=Different machine
+INSTALLSSLEXISTKEYWIZARD_ERRORMSG=The back-end server may be down, click\nnext to retry the operation. If it\nstill does not work, then restart the\nwizard.
+SMTPWIZARD_TITLE=Installation Wizard
+SMTPWIZARD_BORDER_SMTPWIZARD_LABEL=SMTP
+SMTPWIZARD_LABEL_HEADING_LABEL=Please specify SMTP information:
+SMTPWIZARD_LABEL_SERVERNAME_LABEL=Host name:
+SMTPWIZARD_LABEL_PORT_LABEL=Port number:
+WMNSELECTION_TITLE=Scheme Setup Wizard
+WMNSELECTION_BORDER_WMNSELECTION_LABEL=Change Recovery Key Scheme
+WMNSELECTION_BORDER_NEWSCHEME_LABEL=New Scheme
+WMNSELECTION_BORDER_OLDSCHEME_LABEL=Current Scheme
+WMNSELECTION_TEXT_DESC_LABEL=Welcome to the Recovery Key Scheme Wizard. This wizard will take you through the steps of reconfiguring the recovery key scheme.
+WMNSELECTION_LABEL_M_LABEL=Number of recovery agents required:
+WMNSELECTION_LABEL_M_TTIP=Minimum number of recovery agents required to perform the key recovery operation
+WMNSELECTION_LABEL_N_LABEL=Total number of recovery agents:
+WMNSELECTION_LABEL_N_TTIP=Total number of recovery agents authorized to perform the key recovery operation
+WMNSELECTION_DIALOG_CANNOTBEBLANK_MESSAGE=Fields cannot be blank!
+WMNSELECTION_DIALOG_LARGER_MESSAGE=The number of required recovery agents is greater than that of available recovery agents!
+WMNSELECTION_DIALOG_NOTINTEGER_MESSAGE=Fields must be integers!
+WMNSELECTION_DIALOG_NONZERO_MESSAGE=Fields must be nonzero numbers!
+WMNOLDAGENT_TITLE=Scheme Setup Wizard
+WMNOLDAGENT_BORDER_WMNOLDAGENT_LABEL=Existing Recovery Agent Passwords
+WMNOLDAGENT_LABEL_DESC_LABEL=Enter current recovery agent UIDs and passwords
+WMNOLDAGENT_DIALOG_CANNOTBEBLANK_MESSAGE=Fields cannot be blank!
+WMNNEWAGENT_TITLE=Scheme Setup Wizard
+WMNNEWAGENT_BORDER_WMNNEWAGENT_LABEL=New Recovery Agent Passwords
+WMNNEWAGENT_LABEL_DESC_LABEL=Enter new recovery agent UIDs and passwords
+WMNNEWAGENT_DIALOG_CANNOTBEBLANK_MESSAGE=Fields cannot be blank!
+WMNNEWAGENT_DIALOG_PASSWORDERROR_MESSAGE=one or more passwords specified in password and confirm fields do not match!
+WMNNEWAGENT_DIALOG_DUPLICATEERROR_MESSAGE=Not allowed for duplicate user ids!
+WMNRESULTPAGE_TITLE=Scheme Setup Wizard
+WMNRESULTPAGE_BORDER_WMNRESULTPAGE_LABEL=Result
+WMNRESULTPAGE_LABEL_DESC_LABEL=Congratulations. You have successfully modified the MN scheme.
+RULEORDERDIALOG_TITLE=Reorder Rule Rules
+RULEORDERDIALOG_BUTTON_HELP_LABEL=Help
+RULEORDERDIALOG_BUTTON_HELP_TTIP=Online Help
+RULEORDERDIALOG_BUTTON_OK_LABEL=OK
+RULEORDERDIALOG_BUTTON_OK_TTIP=Save and close this window
+RULEORDERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+RULEORDERDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+RULEORDERDIALOG_BUTTON_UP_LABEL=Up
+RULEORDERDIALOG_BUTTON_UP_TTIP=Move this rule up
+RULEORDERDIALOG_BUTTON_DOWN_LABEL=Down
+RULEORDERDIALOG_BUTTON_DOWN_TTIP=Move this rule down
+RULESELECTIONDIALOG_TITLE=Select Rule Plugin Implementation
+RULESELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+RULESELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+RULESELECTIONDIALOG_BUTTON_OK_LABEL=Next
+RULESELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+RULESELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+RULESELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+OCSPSTORESELECTIONDIALOG_TITLE=Select Revocation Info Store Implementation
+OCSPSTORESELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+OCSPSTORESELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+OCSPSTORESELECTIONDIALOG_BUTTON_OK_LABEL=Next
+OCSPSTORESELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+OCSPSTORESELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+OCSPSTORESELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+CRLEXTSELECTIONDIALOG_TITLE=Select CRL extension Implementation
+CRLEXTSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+CRLEXTSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+CRLEXTSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+CRLEXTSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+CRLEXTSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+CRLEXTSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+MAPPERORDERDIALOG_TITLE=Reorder Mapper Rules
+MAPPERORDERDIALOG_BUTTON_HELP_LABEL=Help
+MAPPERORDERDIALOG_BUTTON_HELP_TTIP=Online Help
+MAPPERORDERDIALOG_BUTTON_OK_LABEL=OK
+MAPPERORDERDIALOG_BUTTON_OK_TTIP=Save and close this window
+MAPPERORDERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+MAPPERORDERDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+MAPPERORDERDIALOG_BUTTON_UP_LABEL=Up
+MAPPERORDERDIALOG_BUTTON_UP_TTIP=Move this mapper up
+MAPPERORDERDIALOG_BUTTON_DOWN_LABEL=Down
+MAPPERORDERDIALOG_BUTTON_DOWN_TTIP=Move this mapper down
+MAPPERSELECTIONDIALOG_TITLE=Select Mapper Plugin Implementation
+MAPPERSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+MAPPERSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+MAPPERSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+MAPPERSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+MAPPERSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+MAPPERSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PUBLISHERORDERDIALOG_TITLE=Reorder Publisher Rules
+PUBLISHERORDERDIALOG_BUTTON_HELP_LABEL=Help
+PUBLISHERORDERDIALOG_BUTTON_HELP_TTIP=Online Help
+PUBLISHERORDERDIALOG_BUTTON_OK_LABEL=OK
+PUBLISHERORDERDIALOG_BUTTON_OK_TTIP=Save and close this window
+PUBLISHERORDERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PUBLISHERORDERDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PUBLISHERORDERDIALOG_BUTTON_UP_LABEL=Up
+PUBLISHERORDERDIALOG_BUTTON_UP_TTIP=Move this publisher up
+PUBLISHERORDERDIALOG_BUTTON_DOWN_LABEL=Down
+PUBLISHERORDERDIALOG_BUTTON_DOWN_TTIP=Move this publisher down
+PUBLISHERSELECTIONDIALOG_TITLE=Select Publisher Plugin Implementation
+PUBLISHERSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+PUBLISHERSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+PUBLISHERSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+PUBLISHERSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+PUBLISHERSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PUBLISHERSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+POLICYORDERDIALOG_TITLE=Reorder Policy Rules
+POLICYORDERDIALOG_BUTTON_HELP_LABEL=Help
+POLICYORDERDIALOG_BUTTON_HELP_TTIP=Online Help
+POLICYORDERDIALOG_BUTTON_OK_LABEL=OK
+POLICYORDERDIALOG_BUTTON_OK_TTIP=Save and close this window
+POLICYORDERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+POLICYORDERDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+POLICYORDERDIALOG_BUTTON_UP_LABEL=Up
+POLICYORDERDIALOG_BUTTON_UP_TTIP=Move this rule up
+POLICYORDERDIALOG_BUTTON_DOWN_LABEL=Down
+POLICYORDERDIALOG_BUTTON_DOWN_TTIP=Move this rule down
+POLICYSELECTIONDIALOG_TITLE=Select Policy Plugin Implementation
+POLICYSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+POLICYSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+POLICYSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+POLICYSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+POLICYSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+POLICYSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PROFILESELECTIONDIALOG_TITLE=Select Certificate Profile Plugin Implementation
+PROFILESELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+PROFILESELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+PROFILESELECTIONDIALOG_BUTTON_OK_LABEL=Next
+PROFILESELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+PROFILESELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILESELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+SERVLETSELECTIONDIALOG_TITLE=Select Servlet Plugin Implementation
+SERVLETSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+SERVLETSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+SERVLETSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+SERVLETSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+SERVLETSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+SERVLETSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+SERVLETCONFIGDIALOG_TITLE=Configure Servlet Parameters
+SERVLETCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+SERVLETCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+SERVLETCONFIGDIALOG_BUTTON_OK_LABEL=OK
+SERVLETCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+SERVLETCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+SERVLETCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+SERVLETCONFIGDIALOG_LABEL_SERVLETNAME_LABEL=Servlet ID:
+SERVLETCONFIGDIALOG_LABEL_SERVLETNAME_TTIP=Unique identifier for this servlet. No space allowed.
+SERVLETCONFIGDIALOG_LABEL_SERVLETURI_LABEL=Servlet URI:
+SERVLETCONFIGDIALOG_LABEL_SERVLETURI_TTIP=Unique URI for this servlet. No space allowed.
+SERVLETCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Servlet Plugin ID:
+SERVLETCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Servlet plugin implementation unique ID
+SERVLETCONFIGDIALOG_DIALOG_NOSERVLETNAME_MESSAGE=Servlet ID can not be blank!
+OCSPSTORECONFIGDIALOG_TITLE=Revocation Info Store Editor
+OCSPSTORECONFIGDIALOG_BUTTON_HELP_LABEL=Help
+OCSPSTORECONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+OCSPSTORECONFIGDIALOG_BUTTON_OK_LABEL=OK
+OCSPSTORECONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+OCSPSTORECONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+OCSPSTORECONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+OCSPSTORECONFIGDIALOG_LABEL_RULENAME_LABEL=Revocation Info Store ID:
+OCSPSTORECONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this store. No space allowed.
+OCSPSTORECONFIGDIALOG_LABEL_IMPLNAME_LABEL=Store Type:
+OCSPSTORECONFIGDIALOG_LABEL_IMPLNAME_LABEL=Store Plugin ID:
+OCSPSTORECONFIGDIALOG_LABEL_IMPLNAME_TTIP=Store implementation unique ID
+OCSPSTORETCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Store ID can not be blank!
+CRLEXTCONFIGDIALOG_TITLE=CRL Extension Editor
+CRLEXTCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+CRLEXTCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+CRLEXTCONFIGDIALOG_BUTTON_OK_LABEL=OK
+CRLEXTCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+CRLEXTCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+CRLEXTCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+CRLEXTCONFIGDIALOG_LABEL_RULENAME_LABEL=CRL Extension ID:
+CRLEXTCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this CRL extension. No space allowed.
+CRLEXTCONFIGDIALOG_LABEL_IMPLNAME_LABEL=CRL Extension Type:
+CRLEXTCONFIGDIALOG_LABEL_IMPLNAME_LABEL=CRL Extension Plugin ID:
+CRLEXTCONFIGDIALOG_LABEL_IMPLNAME_TTIP=CRL Extension implementation unique ID
+CRLEXTCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=CRL Extension ID can not be blank!
+RULECONFIGDIALOG_TITLE=Rule Editor
+RULECONFIGDIALOG_BUTTON_HELP_LABEL=Help
+RULECONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+RULECONFIGDIALOG_BUTTON_OK_LABEL=OK
+RULECONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+RULECONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+RULECONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+RULECONFIGDIALOG_LABEL_RULENAME_LABEL=Rule ID:
+RULECONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this rule. No space allowed.
+RULECONFIGDIALOG_LABEL_IMPLNAME_LABEL=Rule Plugin ID:
+RULECONFIGDIALOG_LABEL_IMPLNAME_TTIP=Rule plugin implementation unique ID
+RULECONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Rule ID can not be blank!
+MAPPERCONFIGDIALOG_TITLE=Mapper Editor
+MAPPERCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+MAPPERCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+MAPPERCONFIGDIALOG_BUTTON_OK_LABEL=OK
+MAPPERCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+MAPPERCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+MAPPERCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+MAPPERCONFIGDIALOG_LABEL_RULENAME_LABEL=Mapper ID:
+MAPPERCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this mapper. No space allowed.
+MAPPERCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Mapper Plugin ID:
+MAPPERCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Mapper plugin implementation unique ID
+MAPPERCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Mapper ID can not be blank!
+PUBLISHERCONFIGDIALOG_TITLE=Publisher Editor
+PUBLISHERCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+PUBLISHERCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+PUBLISHERCONFIGDIALOG_BUTTON_OK_LABEL=OK
+PUBLISHERCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+PUBLISHERCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PUBLISHERCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PUBLISHERCONFIGDIALOG_LABEL_RULENAME_LABEL=Publisher ID:
+PUBLISHERCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this publisher. No space allowed.
+PUBLISHERCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Publisher Plugin ID:
+PUBLISHERCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Publisher plugin implementation unique ID
+PUBLISHERCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Publisher ID can not be blank!
+INSTANCECONFIGDIALOG_DIALOG_NOINSTANCENAME_MESSAGE=Instance ID can not be blank!
+POLICYCONFIGDIALOG_TITLE=Policy Rule Editor
+POLICYCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+POLICYCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+POLICYCONFIGDIALOG_BUTTON_OK_LABEL=OK
+POLICYCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+POLICYCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+POLICYCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+POLICYCONFIGDIALOG_LABEL_RULENAME_LABEL=Policy Rule ID:
+POLICYCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this policy rule. No space allowed.
+POLICYCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Policy Plugin ID:
+POLICYCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Policy plugin implementation unique ID
+POLICYCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Policy Rule ID can not be blank!
+SETMAX_TITLE=Set Max Login Attempts
+SETMAX_LABEL_NUMBER_LABEL=Max Number:
+MAXATTEMP_TITLE=Number of Login Attempts
+MAXATTEMP_BUTTON_SETMAX_LABEL=Set Max
+MAXATTEMP_BUTTON_SETMAX_TTIP=Set the user's max number of attempts
+MAXATTEMP_BUTTON_RESET_LABEL=Reset
+MAXATTEMP_BUTTON_RESET_TTIP=Reset the user's number of attempts to zero
+LOG_COLUMN_CURRENTNUMBER_LABEL=Current Number of Attempts
+MAXATTEMP_BUTTON_REFRESH_LABEL=Refresh
+MAXATTEMP_BUTTON_REFRESH_TTIP=Refresh user's max number of attempts
+MAXATTEMP_BUTTON_HELP_LABEL=Help
+MAXATTEMP_BUTTON_HELP_TTIP=Online Help
+MAXATTEMP_DIALOG_RESET_MESSAGE=Do you want to reset the "current number of attempts" to zero?
+LOG_COLUMN_USERNAME_LABEL=User Name
+MAXATTEMP_DIALOG_SERVERERROR_MESSAGE=Server Error
+MAXATTEMP_DIALOG_SERVERERROR_TITLE=Error
+MAXATTEMP_DIALOG_DELETE_TITLE=Warning
+PROFILECONFIGDIALOG_TITLE=Certificate Profile Instance Editor
+PROFILECONFIGDIALOG_BUTTON_HELP_LABEL=Help
+PROFILECONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+PROFILECONFIGDIALOG_BUTTON_OK_LABEL=OK
+PROFILECONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+PROFILECONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILECONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PROFILECONFIGDIALOG_LABEL_RULENAME_LABEL=* Certificate Profile Instance ID:
+PROFILECONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this policy rule. No space allowed.
+PROFILECONFIGDIALOG_LABEL_IMPLNAME_LABEL=Certificate Profile Plugin ID:
+PROFILECONFIGDIALOG_LABEL_IMPLNAME_TTIP=Certificate Profile plugin implementation unique ID
+PROFILECONFIGDIALOG_LABEL_NAMENAME_LABEL=Certificate Profile Name:
+PROFILECONFIGDIALOG_LABEL_NAMENAME_TTIP=Certificate Profile name
+PROFILECONFIGDIALOG_LABEL_DESCNAME_LABEL=Certificate Profile Description:
+PROFILECONFIGDIALOG_LABEL_DESCNAME_TTIP=Certificate Profile description
+PROFILECONFIGDIALOG_LABEL_AUTHNAME_LABEL=Certificate Profile Authentication:
+PROFILECONFIGDIALOG_LABEL_AUTHNAME_TTIP=Authentication
+PROFILECONFIGDIALOG_LABEL_VISIBLENAME_LABEL=End User Certificate Profile:
+PROFILECONFIGDIALOG_LABEL_VISIBLENAME_TTIP=Visible
+PROFILECONFIGDIALOG_LABEL_CONFIGNAME_LABEL=Certificate Profile Configuration File Path:
+PROFILECONFIGDIALOG_LABEL_CONFIGNAME_TTIP=Certificate Profile configuration file path
+PROFILECONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Certificate Profile Instance ID can not be blank!
+PROFILEEDITDIALOG_TITLE=Certificate Profile Rule Editor
+PROFILEEDITDIALOG_POLICIES_TAB=Policies
+PROFILEEDITDIALOG_INPUTS_TAB=Inputs
+PROFILEEDITDIALOG_OUTPUTS_TAB=Outputs
+PROFILEEDITDIALOG_AUTHS_TAB=Auths
+PROFILEEDITDIALOG_BUTTON_ADD_LABEL=Add
+PROFILEEDITDIALOG_BUTTON_DELETE_LABEL=Delete
+PROFILEEDITDIALOG_BUTTON_EDIT_LABEL=Edit
+PROFILEEDITDIALOG_BUTTON_HELP_LABEL=Help
+PROFILEEDITDIALOG_BUTTON_HELP_TTIP=Online Help
+PROFILEEDITDIALOG_BUTTON_OK_LABEL=OK
+PROFILEEDITDIALOG_BUTTON_OK_TTIP=Save and close this window
+PROFILEEDITDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEEDITDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PROFILEEDITDIALOG_LABEL_RULENAME_LABEL=Certificate Profile Instance ID:
+PROFILEEDITDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this policy rule. No space allowed.
+PROFILEEDITDIALOG_LABEL_IMPLNAME_LABEL=Certificate Profile Plugin ID:
+PROFILEEDITDIALOG_LABEL_IMPLNAME_TTIP=Certificate Profile plugin implementation unique ID
+PROFILEEDITDIALOG_LABEL_NAMENAME_LABEL=Certificate Profile Name:
+PROFILEEDITDIALOG_LABEL_NAMENAME_TTIP=Certificate Profile name
+PROFILEEDITDIALOG_LABEL_DESCNAME_LABEL=Certificate Profile Description:
+PROFILEEDITDIALOG_LABEL_IDNAME_LABEL=Certificate Profile Policy ID:
+PROFILEEDITDIALOG_LABEL_AUTHNAME_LABEL=Certificate Profile Authentication:
+PROFILEEDITDIALOG_LABEL_VISIBLENAME_LABEL=End User Certificate Profile:
+PROFILEEDITDIALOG_LABEL_CONFIGNAME_LABEL=Certificate Profile Configuration File Path:
+PROFILEEDITDIALOG_LABEL_CONFIGNAME_TTIP=Certificate Profile configuration file path
+PROFILEEDITDIALOG_DIALOG_NORULENAME_MESSAGE=Certificate Profile Instance ID can not be blank!
+PROFILEEDITDIALOG_DIALOG_NOPOLICY_MESSAGE=No policy gets selected.
+PROFILEEDITDIALOG_DIALOG_DELETE_MESSAGE=Do you want to delete this policy?
+PROFILEEDITDIALOG_DIALOG_NOINPUT_MESSAGE=No input gets selected.
+PROFILEEDITDIALOG_DIALOG_DELETE_TITLE=Warning
+PROFILEEDITDIALOG_DIALOG_DELETE_MESSAGE=Are you sure you want to delete this?
+PROFILENEWDIALOG_TITLE=New Certificate Profile Editor
+PROFILENEWDIALOG_BUTTON_ADD_LABEL=Add
+PROFILENEWDIALOG_BUTTON_ADD_TTIP=Add Policy
+PROFILENEWDIALOG_BUTTON_DELETE_LABEL=Delete
+PROFILENEWDIALOG_BUTTON_DELETE_TTIP=Delete Policy
+PROFILENEWDIALOG_BUTTON_EDIT_LABEL=Edit
+PROFILENEWDIALOG_BUTTON_EDIT_TTIP=Edit Certificate Profile
+PROFILENEWDIALOG_BUTTON_HELP_LABEL=Help
+PROFILENEWDIALOG_BUTTON_HELP_TTIP=Online Help
+PROFILENEWDIALOG_BUTTON_OK_LABEL=OK
+PROFILENEWDIALOG_BUTTON_OK_TTIP=Save and close this window
+PROFILENEWDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILENEWDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PROFILENEWDIALOG_LABEL_RULENAME_LABEL=Certificate Profile Instance ID:
+PROFILENEWDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this policy rule. No space allowed.
+PROFILENEWDIALOG_LABEL_IMPLNAME_LABEL=Certificate Profile Plugin ID:
+PROFILENEWDIALOG_LABEL_IMPLNAME_TTIP=Certificate Profile plugin implementation unique ID
+PROFILENEWDIALOG_LABEL_NAMENAME_LABEL=Certificate Profile Name:
+PROFILENEWDIALOG_LABEL_NAMENAME_TTIP=Certificate Profile name
+PROFILENEWDIALOG_LABEL_DESCNAME_LABEL=Policy Set ID:
+PROFILENEWDIALOG_LABEL_DESCNAME_TTIP=Policy Set ID
+PROFILENEWDIALOG_LABEL_IDNAME_LABEL=Policy ID:
+PROFILENEWDIALOG_LABEL_IDNAME_TTIP=Policy ID
+PROFILENEWDIALOG_LABEL_CONFIGNAME_LABEL=Certificate Profile Configuration File Path:
+PROFILENEWDIALOG_LABEL_CONFIGNAME_TTIP=Certificate Profile configuration file path
+PROFILENEWDIALOG_DIALOG_NORULENAME_MESSAGE=Certificate Profile Instance ID can not be blank!
+PROFILENEWDIALOG_DIALOG_BLANKPOLICYID_MESSAGE=Policy ID must not be empty
+PROFILENEWDIALOG_DIALOG_BLANKPOLICYSET_MESSAGE=Policy set ID must not be empty
+PROFILEREGISTRYNEWDIALOG_TITLE=New Certificate Profile Editor
+PROFILEREGISTRYNEWDIALOG_BUTTON_ADD_LABEL=Add
+PROFILEREGISTRYNEWDIALOG_BUTTON_ADD_TTIP=Add Policy
+PROFILEREGISTRYNEWDIALOG_BUTTON_DELETE_LABEL=Delete
+PROFILEREGISTRYNEWDIALOG_BUTTON_DELETE_TTIP=Delete Policy
+PROFILEREGISTRYNEWDIALOG_BUTTON_EDIT_LABEL=Edit
+PROFILEREGISTRYNEWDIALOG_BUTTON_EDIT_TTIP=Edit Certificate Profile
+PROFILEREGISTRYNEWDIALOG_BUTTON_HELP_LABEL=Help
+PROFILEREGISTRYNEWDIALOG_BUTTON_HELP_TTIP=Online Help
+PROFILEREGISTRYNEWDIALOG_BUTTON_OK_LABEL=OK
+PROFILEREGISTRYNEWDIALOG_BUTTON_OK_TTIP=Save and close this window
+PROFILEREGISTRYNEWDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEREGISTRYNEWDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PROFILEREGISTRYNEWDIALOG_LABEL_RULENAME_LABEL=Certificate Profile Instance ID:
+PROFILEREGISTRYNEWDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this policy rule. No space allowed.
+PROFILEREGISTRYNEWDIALOG_LABEL_IMPLNAME_LABEL=Certificate Profile Plugin ID:
+PROFILEREGISTRYNEWDIALOG_LABEL_IMPLNAME_TTIP=Certificate Profile plugin implementation unique ID
+PROFILEREGISTRYNEWDIALOG_LABEL_NAMENAME_LABEL=Certificate Profile Name:
+PROFILEREGISTRYNEWDIALOG_LABEL_NAMENAME_TTIP=Certificate Profile name
+PROFILEREGISTRYNEWDIALOG_LABEL_DESCNAME_LABEL=ID:
+PROFILEREGISTRYNEWDIALOG_LABEL_DESCNAME_TTIP=Policy ID
+PROFILEREGISTRYNEWDIALOG_LABEL_CONFIGNAME_LABEL=Certificate Profile Configuration File Path:
+PROFILEREGISTRYNEWDIALOG_LABEL_CONFIGNAME_TTIP=Certificate Profile configuration file path
+PROFILEREGISTRYNEWDIALOG_DIALOG_NORULENAME_MESSAGE=Certificate Profile Instance ID can not be blank!
+PROFILEREGISTRYNEWDIALOG_DIALOG_BLANKPOLICYID_MESSAGE=ID must not be empty
+PROFILEPOLICYSELDIALOG_TITLE=Certificate Profile Policy Editor
+PROFILEPOLICYSELDIALOG_BUTTON_ADD_LABEL=Add
+PROFILEPOLICYSELDIALOG_BUTTON_ADD_TTIP=Add Policy
+PROFILEPOLICYSELDIALOG_BUTTON_DELETE_LABEL=Delete
+PROFILEPOLICYSELDIALOG_BUTTON_DELETE_TTIP=Delete Policy
+PROFILEPOLICYSELDIALOG_BUTTON_EDIT_LABEL=Edit
+PROFILEPOLICYSELDIALOG_BUTTON_EDIT_TTIP=Edit Certificate Profile
+PROFILEPOLICYSELDIALOG_BUTTON_HELP_LABEL=Help
+PROFILEPOLICYSELDIALOG_BUTTON_HELP_TTIP=Online Help
+PROFILEPOLICYSELDIALOG_BUTTON_OK_LABEL=OK
+PROFILEPOLICYSELDIALOG_BUTTON_OK_TTIP=Save and close this window
+PROFILEPOLICYSELDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEPOLICYSELDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+PROFILEPOLICYSELDIALOG_LABEL_RULENAME_LABEL=Certificate Profile Instance ID:
+PROFILEPOLICYSELDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this policy rule. No space allowed.
+PROFILEPOLICYSELDIALOG_LABEL_IMPLNAME_LABEL=Certificate Profile Plugin ID:
+PROFILEPOLICYSELDIALOG_LABEL_IMPLNAME_TTIP=Certificate Profile plugin implementation unique ID
+PROFILEPOLICYSELDIALOG_LABEL_NAMENAME_LABEL=Certificate Profile Name:
+PROFILEPOLICYSELDIALOG_LABEL_NAMENAME_TTIP=Certificate Profile name
+PROFILEPOLICYSELDIALOG_LABEL_DESCNAME_LABEL=Certificate Profile Description:
+PROFILEPOLICYSELDIALOG_LABEL_DESCNAME_TTIP=Certificate Profile description
+PROFILEPOLICYSELDIALOG_LABEL_CONFIGNAME_LABEL=Certificate Profile Configuration File Path:
+PROFILEPOLICYSELDIALOG_LABEL_CONFIGNAME_TTIP=Certificate Profile configuration file path
+PROFILEPOLICYSELDIALOG_DIALOG_NORULENAME_MESSAGE=Certificate Profile Instance ID can not be blank!
+PROFILEPOLICYSELDIALOG_LABEL_CONSTRAINTNAME_LABEL=Constraint
+PROFILEPOLICYSELDIALOG_LABEL_CONSTRAINTNAME_TTIP=Constraint
+PROFILEPOLICYSELDIALOG_LABEL_DEFAULTNAME_LABEL=Default
+PROFILEPOLICYSELDIALOG_LABEL_DEFAULTNAME_TTIP=Default
+PROFILEINPUTSELDIALOG_TITLE=Certificate Profile Input Editor
+PROFILEINPUTSELDIALOG_BUTTON_OK_LABEL=OK
+PROFILEINPUTSELDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEINPUTSELDIALOG_BUTTON_HELP_LABEL=Help
+PROFILEINPUTSELDIALOG_LABEL_SELECT_LABEL=Select one of the following inputs:
+PROFILEOUTPUTSELDIALOG_TITLE=Certificate Profile Output Editor
+PROFILEOUTPUTSELDIALOG_BUTTON_OK_LABEL=OK
+PROFILEOUTPUTSELDIALOG_BUTTON_CANCEL_LABEL=Cancel
+PROFILEOUTPUTSELDIALOG_BUTTON_HELP_LABEL=Help
+PROFILEOUTPUTSELDIALOG_LABEL_SELECT_LABEL=Select one of the following outputs:
+AUTHIMPL_TITLE=Authentication Plugin Registration
+AUTHIMPL_BUTTON_REFRESH_LABEL=Refresh
+AUTHIMPL_BUTTON_REFRESH_TTIP=Refresh authentication plugin information
+AUTHIMPL_BUTTON_ADD_LABEL=Register
+AUTHIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+AUTHIMPL_BUTTON_DELETE_LABEL=Delete
+AUTHIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+AUTHIMPL_BUTTON_VIEW_LABEL=View
+AUTHIMPL_BUTTON_VIEW_TTIP=View authentication plugin details
+AUTHIMPL_BUTTON_HELP_LABEL=Help
+AUTHIMPL_BUTTON_HELP_TTIP=Online Help
+AUTHIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+AUTHIMPL_DIALOG_SERVERERROR_TITLE=Error
+AUTHIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this authentication plugin?
+AUTHIMPL_DIALOG_DELETE_TITLE=Warning
+AUTHREGISTERDIALOG_TITLE=Register Authentication Plugin Implementation
+AUTHREGISTERDIALOG_BUTTON_OK_LABEL=OK
+AUTHREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+AUTHREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+AUTHREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+AUTHREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+AUTHREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+AUTHREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+AUTHREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+AUTHRULE_TITLE=Authentication Instance
+AUTHRULE_BUTTON_REFRESH_LABEL=Refresh
+AUTHRULE_BUTTON_REFRESH_TTIP=Refresh Authentication instance information
+AUTHRULE_BUTTON_EDIT_LABEL=Edit/View
+AUTHRULE_BUTTON_EDIT_TTIP=Modify or view authentication instance configuration
+AUTHRULE_BUTTON_ADD_LABEL=Add
+AUTHRULE_BUTTON_ADD_TTIP=Add new authentication instance
+AUTHRULE_BUTTON_DELETE_LABEL=Delete
+AUTHRULE_BUTTON_DELETE_TTIP=Delete selected authentication instance
+AUTHRULE_BUTTON_HELP_LABEL=Help
+AUTHRULE_BUTTON_HELP_TTIP=Online Help
+AUTHRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+AUTHRULE_DIALOG_SERVERERROR_TITLE=Error
+AUTHRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this instance?
+AUTHRULE_DIALOG_DELETE_TITLE=Warning
+AUTHRULE_LABEL_ENABLED_LABEL=Enabled
+AUTHRULE_LABEL_DISABLED_LABEL=Disabled
+AUTHCONFIGDIALOG_TITLE=Authentication Instance Editor
+AUTHCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+AUTHCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+AUTHCONFIGDIALOG_BUTTON_OK_LABEL=OK
+AUTHCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+AUTHCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+AUTHCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+AUTHCONFIGDIALOG_LABEL_RULENAME_LABEL=Authentication Instance ID:
+AUTHCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this instance. No space allowed.
+AUTHCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Authentication Plugin ID:
+AUTHCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Authentication plugin implementation unique ID
+AUTHCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Authentication instance ID can not be blank!
+AUTHVIEWDIALOG_TITLE=View Authentication Instance Parameters
+AUTHVIEWDIALOG_BUTTON_HELP_LABEL=Help
+AUTHVIEWDIALOG_BUTTON_HELP_TTIP=Online Help
+AUTHVIEWDIALOG_BUTTON_OK_LABEL=OK
+AUTHVIEWDIALOG_BUTTON_OK_TTIP=Save and close this window
+AUTHVIEWDIALOG_BUTTON_CANCEL_LABEL=Cancel
+AUTHVIEWDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+AUTHVIEWDIALOG_LABEL_RULENAME_LABEL=Authentication Instance ID:
+AUTHVIEWDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this instance. No space allowed.
+AUTHVIEWDIALOG_LABEL_IMPLNAME_LABEL=Authentication Plugin ID:
+AUTHVIEWDIALOG_LABEL_IMPLNAME_TTIP=Authentication plugin implementation unique ID
+AUTHVIEWDIALOG_DIALOG_NORULENAME_MESSAGE=Authentication instance ID can not be blank!
+AUTHSELECTIONDIALOG_TITLE=Select Authentication Plugin Implementation
+AUTHSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+AUTHSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+AUTHSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+AUTHSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+AUTHSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+AUTHSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+SSL2CIPHERPREF_TITLE=SSL 2.0 ciphers
+SSL2CIPHERPREF_RC440MD5=RC4 with 40-bit encryption and MD5 message authentication
+SSL2CIPHERPREF_RC240MD5=RC2 with 40-bit encryption and MD5 message authentication
+SSL2CIPHERPREF_DES56MD5=DES with 56-bit encryption and MD5 message authentication
+SSL2CIPHERPREF_RC4128MD5=RC4 with 128-bit encryption and MD5 message authentication
+SSL2CIPHERPREF_RC2128MD5=RC2 with 128-bit encryption and MD5 message authentication
+SSL2CIPHERPREF_TRIPLEDES168MD5=Triple DES with 168-bit encryption and MD5 message authentication
+SSL3CIPHERPREF_TITLE=SSL 3.0 ciphers
+SSL3CIPHERPREF_RC440MD5=RC4 with 40-bit encryption and MD5 message authentication
+SSL3CIPHERPREF_RC240MD5=RC2 with 40-bit encryption and MD5 message authentication
+SSL3CIPHERPREF_DES56SHA=DES with 56-bit encryption and SHA message authentication
+SSL3CIPHERPREF_RC4128MD5=RC4 with 128-bit encryption and MD5 message authentication
+SSL3CIPHERPREF_TRIPLEDES168SHA=Triple DES with 168-bit encryption and SHA message authentication
+SSL3CIPHERPREF_FIPSDES56SHA=(FIPS)DES with 56-bit encryption and SHA message authentication
+SSL3CIPHERPREF_FIPSTRIPLEDES168SHA=(FIPS)Triple DES with 168-bit encryption and SHA message authentication
+SSL3CIPHERPREF_FORT80SHA=Fortezza with 80-bit encryption and SHA message authentication
+SSL3CIPHERPREF_RC4128FORTSHA=RC4 with 128-bit encryption and Fortezza/SHA message authentication
+SSL3CIPHERPREF_NOENCRYPTIONFORSHA=No encryption, only Fortezza and SHA message authentication
+SSL3CIPHERPREF_NOENCRYPTION=No encryption, only MD5 message authentication
+ENCRYPTION_TITLE=Encryption
+ENCRYPTION_LABEL_SELECT_LABEL=Certificate Type:
+ENCRYPTION_LABEL_SELECT_TTIP=Select certificate functionality to configure
+ENCRYPTION_LABEL_TOKEN_LABEL=Token:
+ENCRYPTION_LABEL_TOKEN_TTIP=Crypto device to be used
+ENCRYPTION_LABEL_CERTIFICATE_LABEL=Certificate:
+ENCRYPTION_LABEL_CERTIFICATE_TTIP=Certificate to be used
+ENCRYPTION_BUTTON_WIZARD_LABEL=Certificate Setup Wizard
+ENCRYPTION_BUTTON_WIZARD_TTIP=Setup or install certificates
+ENCRYPTION_BUTTON_CIPHERPREF_LABEL=SSL Cipher Preferences
+ENCRYPTION_BUTTON_CIPHERPREF_TTIP=Setup SSL cipher preferences
+ENCRYPTION_BUTTON_SETUP_LABEL=Manage Certificate
+ENCRYPTION_BORDER_CERT_LABEL=Certificate Settings
+ENCRYPTION_BORDER_MAPTO_LABEL=Map To:
+ENCRYPTION_COMBOBOX_SELECT_VALUE_SERVER=SSL Server Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_ADMIN=Admin SSL Server Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_AGENT=Agent SSL Server Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_EE=End-entity SSL Server Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_CA=Certificate Manager CA Signing Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_RA=Registration Manager Signing Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_POA=KRA Proof-of-Archival Certificate
+ENCRYPTION_COMBOBOX_SELECT_VALUE_TRANS=Data Recovery Manager Transport Certificate
+ENCRYPTION_SERVER_CERTS=SERVER
+ENCRYPTION_ca_CERTS=CA
+ENCRYPTION_ra_CERTS=RA
+ENCRYPTION_kra_CERTS=KRA
+ENCRYPTION_LABEL_WARNING_LABEL=Before you make this change, make sure your CA signing certificate\nis mapped to the correct certificate. The operation has not been performed,\nyou need to click save again
+NOTIFYREQCOMPLETE_TITLE=Certificate Issued
+NOTIFYREQCOMPLETE_BORDER_EMAILINFO_LABEL=Email Information Settings
+NOTIFYREQCOMPLETE_DIALOG_BLANKFIELD_TITLE=Error
+NOTIFYREQCOMPLETE_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+NOTIFYREQCOMPLETE_CHECKBOX_ENABLE_LABEL=Enable Certificate Issued notification
+NOTIFYREQCOMPLETE_LABEL_FORMNAME_LABEL=Content template path:
+NOTIFYREQCOMPLETE_LABEL_SUBJECT_LABEL=Subject:
+NOTIFYREQCOMPLETE_LABEL_SENDER_LABEL=Sender\'s E-mail Address:
+NOTIFYREVCOMPLETE_TITLE=Certificate Revoked
+NOTIFYREVCOMPLETE_BORDER_EMAILINFO_LABEL=Email Information Settings
+NOTIFYREVCOMPLETE_DIALOG_BLANKFIELD_TITLE=Error
+NOTIFYREVCOMPLETE_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+NOTIFYREVCOMPLETE_CHECKBOX_ENABLE_LABEL=Enable Certificate Revoked notification
+NOTIFYREVCOMPLETE_LABEL_FORMNAME_LABEL=Content template path:
+NOTIFYREVCOMPLETE_LABEL_SUBJECT_LABEL=Subject:
+NOTIFYREVCOMPLETE_LABEL_SENDER_LABEL=Sender\'s E-mail Address:
+NOTIFYREQINQ_TITLE=Request In Queue
+NOTIFYREQINQ_BORDER_EMAILINFO_LABEL=Email Information Settings
+NOTIFYREQINQ_CHECKBOX_ENABLE_LABEL=Enable Request In Queue notification
+NOTIFYREQINQ_LABEL_FORMNAME_LABEL=Content Template path:
+NOTIFYREQINQ_LABEL_SUBJECT_LABEL=Subject:
+NOTIFYREQINQ_LABEL_SENDER_LABEL=Sender\'s E-Mail Address:
+NOTIFYREQINQ_LABEL_RECEIVER_LABEL=Recipient\'s E-Mail Address:
+NOTIFYREQINQ_DIALOG_BLANKFIELD_TITLE=Error
+NOTIFYREQINQ_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+JOBSGENERAL_TITLE=General Settings
+JOBSGENERAL_BORDER_FREQUENCY_LABEL=Frequency Setting
+JOBSGENERAL_CHECKBOX_ENABLE_LABEL=Enable Jobs Scheduler
+JOBSGENERAL_LABEL_FREQUENCY_LABEL=Check Frequency
+JOBSGENERAL_LABEL_MINUTES_LABEL=minutes
+JOBSGENERAL_DIALOG_BLANKFIELD_TITLE=Error
+JOBSGENERAL_DIALOG_BLANKFIELD_MESSAGE=All textfields must contain data; they may not be left blank!
+JOBSGENERAL_DIALOG_NEEDINTEGER_TITLE=Error
+JOBSGENERAL_DIALOG_NEEDINTEGER_MESSAGE=Frequency must be a positive integer
+JOBSIMPL_TITLE=Job Plugin Registration
+JOBSIMPL_BUTTON_REFRESH_LABEL=Refresh
+JOBSIMPL_BUTTON_REFRESH_TTIP=Refresh job plugin information
+JOBSIMPL_BUTTON_ADD_LABEL=Register
+JOBSIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+JOBSIMPL_BUTTON_DELETE_LABEL=Delete
+JOBSIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+JOBSIMPL_BUTTON_VIEW_LABEL=View
+JOBSIMPL_BUTTON_VIEW_TTIP=View job plugin details
+JOBSIMPL_BUTTON_HELP_LABEL=Help
+JOBSIMPL_BUTTON_HELP_TTIP=Online Help
+JOBSIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+JOBSIMPL_DIALOG_SERVERERROR_TITLE=Error
+JOBSIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this job plugin?
+JOBSIMPL_DIALOG_DELETE_TITLE=Warning
+JOBSREGISTERDIALOG_TITLE=Register Job Plugin Implementation
+JOBSREGISTERDIALOG_BUTTON_OK_LABEL=OK
+JOBSREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+JOBSREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+JOBSREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+JOBSREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+JOBSREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+JOBSREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+JOBSREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+JOBSRULE_TITLE=Job Instance
+JOBSRULE_BUTTON_REFRESH_LABEL=Refresh
+JOBSRULE_BUTTON_REFRESH_TTIP=Refresh Job instance information
+JOBSRULE_BUTTON_EDIT_LABEL=Edit/View
+JOBSRULE_BUTTON_EDIT_TTIP=Modify or view job instance configuration
+JOBSRULE_BUTTON_ADD_LABEL=Add
+JOBSRULE_BUTTON_ADD_TTIP=Add new job instance
+JOBSRULE_BUTTON_DELETE_LABEL=Delete
+JOBSRULE_BUTTON_DELETE_TTIP=Delete selected job instance
+JOBSRULE_BUTTON_HELP_LABEL=Help
+JOBSRULE_BUTTON_HELP_TTIP=Online Help
+JOBSRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+JOBSRULE_DIALOG_SERVERERROR_TITLE=Error
+JOBSRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this instance?
+JOBSRULE_DIALOG_DELETE_TITLE=Warning
+JOBSRULE_LABEL_ENABLED_LABEL=Enabled
+JOBSRULE_LABEL_DISABLED_LABEL=Disabled
+JOBSCONFIGDIALOG_TITLE=Job Instance Editor
+JOBSCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+JOBSCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+JOBSCONFIGDIALOG_BUTTON_OK_LABEL=OK
+JOBSCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+JOBSCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+JOBSCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+JOBSCONFIGDIALOG_LABEL_RULENAME_LABEL=Job Instance ID:
+JOBSCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this instance. No space allowed.
+JOBSCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Job Plugin ID:
+JOBSCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Job plugin implementation unique ID
+JOBSCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Job instance ID can not be blank!
+JOBSVIEWDIALOG_TITLE=View Job Instance Parameters
+JOBSVIEWDIALOG_BUTTON_HELP_LABEL=Help
+JOBSVIEWDIALOG_BUTTON_HELP_TTIP=Online Help
+JOBSVIEWDIALOG_BUTTON_OK_LABEL=OK
+JOBSVIEWDIALOG_BUTTON_OK_TTIP=Save and close this window
+JOBSVIEWDIALOG_BUTTON_CANCEL_LABEL=Cancel
+JOBSVIEWDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+JOBSVIEWDIALOG_LABEL_RULENAME_LABEL=Job Instance ID:
+JOBSVIEWDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this instance. No space allowed.
+JOBSVIEWDIALOG_LABEL_IMPLNAME_LABEL=Job Plugin ID:
+JOBSVIEWDIALOG_LABEL_IMPLNAME_TTIP=Job plugin implementation unique ID
+JOBSVIEWDIALOG_DIALOG_NORULENAME_MESSAGE=Job instance ID can not be blank!
+JOBSSELECTIONDIALOG_TITLE=Select Job Plugin Implementation
+JOBSSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+JOBSSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+JOBSSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+JOBSSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+JOBSSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+JOBSSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+SERVER_UNREACHABLE=The server is unreachable
+SERVERCONNECTION_NO_CLIENT_CERT=No client certificate is found
+SERVERCONNECTION_SERVER_CERT_DENIED=Peer's certificate is not trusted
+SERVERCONNECTION_SERVER_CERT_IMPORTED_FAILED=Failed to import server certificate
+SERVERCONNECTION_DIFFERENT_PWD=Password and password (again) are not the same
+SERVERCONNECTION_TOKEN_INIT_FAILED=Failed to initialize the internal key storage token
+LOGRULE_TITLE=Log Event Listener Management
+LOGRULE_BUTTON_ORDER_LABEL=Reorder
+LOGRULE_BUTTON_ORDER_TTIP=Change publisher ordering
+LOGRULE_BUTTON_REFRESH_LABEL=Refresh
+LOGRULE_BUTTON_REFRESH_TTIP=Refresh log event listener information
+LOGRULE_BUTTON_EDIT_LABEL=Edit/View
+LOGRULE_BUTTON_EDIT_TTIP=Modify log event listener configuration
+LOGRULE_BUTTON_ADD_LABEL=Add
+LOGRULE_BUTTON_ADD_TTIP=Add new log event listener
+LOGRULE_BUTTON_DELETE_LABEL=Delete
+LOGRULE_BUTTON_DELETE_TTIP=Delete selected log event listener
+LOGRULE_BUTTON_HELP_LABEL=Help
+LOGRULE_BUTTON_HELP_TTIP=Online Help
+LOGRULE_DIALOG_SERVERERROR_MESSAGE=Server Error
+LOGRULE_DIALOG_SERVERERROR_TITLE=Error
+LOGRULE_DIALOG_DELETE_MESSAGE=Do you want to delete this log event listener?
+LOGRULE_DIALOG_DELETE_TITLE=Warning
+LOGRULE_LABEL_ENABLED_LABEL=Enabled
+LOGRULE_LABEL_DISABLED_LABEL=Disabled
+CMSRESOURCEOBJECT_LOG_TITLE=Log
+CACERTS_TITLE=CA Certificates
+CACERTS_BUTTON_REFRESH_LABEL=Refresh
+CACERTS_BUTTON_ADD_LABEL=Add
+CACERTS_BUTTON_DELETE_LABEL=Delete
+CACERTS_BUTTON_VIEW_LABEL=View
+CACERTS_BUTTON_EDIT_LABEL=Edit
+CACERTS_BUTTON_HELP_LABEL=Help
+CACERTS_DIALOG_SERVERERROR_MESSAGE=Server Error
+CACERTS_DIALOG_SERVERERROR_TITLE=Error
+CACERTS_DIALOG_DELETE_MESSAGE=Do you want to delete this certificate?
+CACERTS_DIALOG_DELETE_TITLE=Warning
+CACERTS_DIALOG_TRUST_MESSAGE=This certificate chain is {0}, are you sure you want to {1} it?
+CACERTS_DIALOG_TRUST_TITLE=Warning
+USERCERTS_TITLE=Local Certificates
+USERCERTS_BUTTON_REFRESH_LABEL=Refresh
+USERCERTS_BUTTON_ADD_LABEL=Add/Renew
+USERCERTS_BUTTON_DELETE_LABEL=Delete
+USERCERTS_BUTTON_VIEW_LABEL=View
+USERCERTS_BUTTON_HELP_LABEL=Help
+USERCERTS_DIALOG_SERVERERROR_MESSAGE=Server Error
+USERCERTS_DIALOG_SERVERERROR_TITLE=Error
+USERCERTS_DIALOG_DELETE_MESSAGE=Do you want to delete this certificate?
+USERCERTS_DIALOG_DELETE_TITLE=Warning
+TKSKEYS_TITLE=TKS Keys
+TKSKEYS_BUTTON_REFRESH_LABEL=Refresh
+TKSKEYS_BUTTON_ADD_LABEL=Create Master Key
+TKSKEYS_BUTTON_DELETE_LABEL=Delete
+TKSKEYS_BUTTON_VIEW_LABEL=View
+TKSKEYS_BUTTON_HELP_LABEL=Help
+TKSKEYS_DIALOG_SERVERERROR_MESSAGE=Server Error
+TKSKEYS_DIALOG_SERVERERROR_TITLE=Error
+TKSKEYS_DIALOG_DELETE_MESSAGE=Do you want to delete this certificate?
+TKSKEYS_DIALOG_DELETE_TITLE=Warning
+GENERALLOG_TITLE=Debugging
+GENERALLOG_BORDER_DEBUG_LABEL=Debug Log Settings
+GENERALLOG_CHECKBOX_ENABLE_LABEL=Enable Debug Log
+GENERALLOG_CHECKBOX_ENABLE_TTIP=Check to enable
+GENERALLOG_LABEL_LEVEL_LABEL=Log Level:
+GENERALLOG_LABEL_LEVEL_TTIP=Specify Log Level
+GENERALLOG_LABEL_SHOWCALLER_LABEL=Show Caller:
+GENERALLOG_LABEL_SHOWCALLER_TTIP=Enable Show Caller
+GENERALLOG_DIALOG_BLANKFIELD_MESSAGE=Level cannot be blank
+GENERALLOG_DIALOG_BLANKFIELD_TITLE=Error
+GENERALLOG_DIALOG_NUMBERFORMAT_MESSAGE=Level must be a positive integer
+GENERALLOG_DIALOG_NUMBERFORMAT_TITLE=Error
+GENERALLOG_DIALOG_LEVELRANGE_MESSAGE=Level must a positive integer
+GENERALLOG_DIALOG_LEVELFIELD_TITLE=Error
+LOGIMPL_TITLE=Log Event Listener Plugin Registration
+LOGIMPL_BUTTON_REFRESH_LABEL=Refresh
+LOGIMPL_BUTTON_REFRESH_TTIP=Refresh log event listener plugin information
+LOGIMPL_BUTTON_ADD_LABEL=Register
+LOGIMPL_BUTTON_ADD_TTIP=Add new plugin implementation
+LOGIMPL_BUTTON_DELETE_LABEL=Delete
+LOGIMPL_BUTTON_DELETE_TTIP=Delete selected plugin
+LOGIMPL_BUTTON_VIEW_LABEL=View
+LOGIMPL_BUTTON_VIEW_TTIP=View log event listener plugin details
+LOGIMPL_BUTTON_HELP_LABEL=Help
+LOGIMPL_BUTTON_HELP_TTIP=Online Help
+LOGIMPL_DIALOG_SERVERERROR_MESSAGE=Server Error
+LOGIMPL_DIALOG_SERVERERROR_TITLE=Error
+LOGIMPL_DIALOG_DELETE_MESSAGE=Do you want to delete this log event listener plugin?
+LOGIMPL_DIALOG_DELETE_TITLE=Warning
+LOGREGISTERDIALOG_TITLE=Register Log Event Listener Plugin Implementation
+LOGREGISTERDIALOG_BUTTON_OK_LABEL=OK
+LOGREGISTERDIALOG_BUTTON_OK_TTIP=Register this implementation
+LOGREGISTERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+LOGREGISTERDIALOG_BUTTON_CANCEL_TTIP=close this window
+LOGREGISTERDIALOG_LABEL_NAME_LABEL=Plugin name:
+LOGREGISTERDIALOG_LABEL_NAME_TTIP=Unique implementation name
+LOGREGISTERDIALOG_LABEL_CLASS_LABEL=Class name:
+LOGREGISTERDIALOG_LABEL_CLASS_TTIP=Full java class name
+KEYCREATEDIALOG_TITLE=Create Master Key
+KEYCREATEDIALOG_BUTTON_OK_LABEL=OK
+KEYCREATEDIALOG_BUTTON_OK_TTIP=Register this implementation
+KEYCREATEDIALOG_BUTTON_CANCEL_LABEL=Cancel
+KEYCREATEDIALOG_BUTTON_CANCEL_TTIP=close this window
+KEYCREATEDIALOG_LABEL_NAME_LABEL=Key name:
+KEYCREATEDIALOG_LABEL_NAME_TTIP=Unique implementation name
+KEYCREATEDIALOG_LABEL_CLASS_LABEL=Class name:
+KEYCREATEDIALOG_LABEL_CLASS_TTIP=Full java class name
+LOGORDERDIALOG_TITLE=Reorder Log Event Listeners
+LOGORDERDIALOG_BUTTON_HELP_LABEL=Help
+LOGORDERDIALOG_BUTTON_HELP_TTIP=Online Help
+LOGORDERDIALOG_BUTTON_OK_LABEL=OK
+LOGORDERDIALOG_BUTTON_OK_TTIP=Save and close this window
+LOGORDERDIALOG_BUTTON_CANCEL_LABEL=Cancel
+LOGORDERDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+LOGORDERDIALOG_BUTTON_UP_LABEL=Up
+LOGORDERDIALOG_BUTTON_UP_TTIP=Move this log event listener up
+LOGORDERDIALOG_BUTTON_DOWN_LABEL=Down
+LOGORDERDIALOG_BUTTON_DOWN_TTIP=Move this log event listener down
+LOGSELECTIONDIALOG_TITLE=Select Log Event Listener Plugin Implementation
+LOGSELECTIONDIALOG_BUTTON_HELP_LABEL=Help
+LOGSELECTIONDIALOG_BUTTON_HELP_TTIP=Online Help
+LOGSELECTIONDIALOG_BUTTON_OK_LABEL=Next
+LOGSELECTIONDIALOG_BUTTON_OK_TTIP=Move to next step
+LOGSELECTIONDIALOG_BUTTON_CANCEL_LABEL=Cancel
+LOGSELECTIONDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+LOGCONFIGDIALOG_TITLE=Log Event Listener Editor
+LOGCONFIGDIALOG_BUTTON_HELP_LABEL=Help
+LOGCONFIGDIALOG_BUTTON_HELP_TTIP=Online Help
+LOGCONFIGDIALOG_BUTTON_OK_LABEL=OK
+LOGCONFIGDIALOG_BUTTON_OK_TTIP=Save and close this window
+LOGCONFIGDIALOG_BUTTON_CANCEL_LABEL=Cancel
+LOGCONFIGDIALOG_BUTTON_CANCEL_TTIP=cancel changes and close this window
+LOGCONFIGDIALOG_LABEL_RULENAME_LABEL=Log Event Listener ID:
+LOGCONFIGDIALOG_LABEL_RULENAME_TTIP=Unique identifier for this log event listener. No space allowed.
+LOGCONFIGDIALOG_LABEL_IMPLNAME_LABEL=Log Event Listener Plugin ID:
+LOGCONFIGDIALOG_LABEL_IMPLNAME_TTIP=Log Event Listener plugin implementation unique ID
+LOGCONFIGDIALOG_DIALOG_NORULENAME_MESSAGE=Log Event Listener ID can not be blank!
diff --git a/dogtag/console-ui/src/CMakeLists.txt b/dogtag/console-ui/src/CMakeLists.txt
new file mode 100644
index 000000000..bc8995a12
--- /dev/null
+++ b/dogtag/console-ui/src/CMakeLists.txt
@@ -0,0 +1,18 @@
+set(pki-console-theme_java Java)
+
+set(pki-console-theme_java_RCS
+    CMSAdminRS.properties
+    com/netscape/management/client/theme/theme.properties
+    com/netscape/management/client/theme/images/login.gif
+    com/netscape/management/client/theme/images/ConsoleBanner.gif
+    com/netscape/management/client/theme/images/logo16.gif
+    com/netscape/management/client/theme/images/logo32.gif
+    com/netscape/admin/certsrv/theme/certmgmt.gif
+)
+
+set(CMAKE_JAVA_TARGET_VERSION ${APPLICATION_VERSION})
+
+add_jar(pki-console-theme ${pki-console-theme_java_RCS})
+install_jar(pki-console-theme ${JAVA_JAR_INSTALL_DIR}/pki)
+set(PKI_CONSOLE_THEME_JAR ${pki-console-theme_JAR_FILE} CACHE INTERNAL "pki-console-theme jar file")
+
diff --git a/dogtag/console-ui/src/com/netscape/admin/certsrv/theme/certmgmt.gif b/dogtag/console-ui/src/com/netscape/admin/certsrv/theme/certmgmt.gif
new file mode 100644
index 000000000..e3ad6ab94
--- /dev/null
+++ b/dogtag/console-ui/src/com/netscape/admin/certsrv/theme/certmgmt.gif
diff --git a/dogtag/console-ui/src/com/netscape/management/client/theme/images/ConsoleBanner.gif b/dogtag/console-ui/src/com/netscape/management/client/theme/images/ConsoleBanner.gif
new file mode 100644
index 000000000..e3ad6ab94
--- /dev/null
+++ b/dogtag/console-ui/src/com/netscape/management/client/theme/images/ConsoleBanner.gif
diff --git a/dogtag/console-ui/src/com/netscape/management/client/theme/images/login.gif b/dogtag/console-ui/src/com/netscape/management/client/theme/images/login.gif
new file mode 100644
index 000000000..84e3b08b8
--- /dev/null
+++ b/dogtag/console-ui/src/com/netscape/management/client/theme/images/login.gif
diff --git a/dogtag/console-ui/src/com/netscape/management/client/theme/images/logo16.gif b/dogtag/console-ui/src/com/netscape/management/client/theme/images/logo16.gif
new file mode 100644
index 000000000..3ab1a1eb0
--- /dev/null
+++ b/dogtag/console-ui/src/com/netscape/management/client/theme/images/logo16.gif
diff --git a/dogtag/console-ui/src/com/netscape/management/client/theme/images/logo32.gif b/dogtag/console-ui/src/com/netscape/management/client/theme/images/logo32.gif
new file mode 100644
index 000000000..859200f0e
--- /dev/null
+++ b/dogtag/console-ui/src/com/netscape/management/client/theme/images/logo32.gif
diff --git a/dogtag/console-ui/src/com/netscape/management/client/theme/theme.properties b/dogtag/console-ui/src/com/netscape/management/client/theme/theme.properties
new file mode 100644
index 000000000..c1902c66a
--- /dev/null
+++ b/dogtag/console-ui/src/com/netscape/management/client/theme/theme.properties
@@ -0,0 +1,33 @@
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+console-title=Dogtag Management Console
+console-useragent=Dogtag-Management-Console
+console-prefsdir=.dogtag-idm-console
+login-title=Dogtag Management Console Login
+banner-console=Dogtag Management Console
+
+defaultAbout-dialogTitle=Dogtag Management Console
+defaultAbout-productLogo=com/netscape/management/client/theme/images/logo32.gif
+defaultAbout-productLicense=
+
+CertInstallTypePage-defaultServerName=Dogtag Server
+CertInstallTypePage-defaultSIE=Dogtag Server Instance
+
+menu-HelpDocHome=http://pki.fedoraproject.org
diff --git a/dogtag/kra-ui/CMakeLists.txt b/dogtag/kra-ui/CMakeLists.txt
new file mode 100644
index 000000000..0079e5286
--- /dev/null
+++ b/dogtag/kra-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(kra-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/kra-ui/LICENSE b/dogtag/kra-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/kra-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/kra-ui/build.xml b/dogtag/kra-ui/build.xml
new file mode 100644
index 000000000..7826cc485
--- /dev/null
+++ b/dogtag/kra-ui/build.xml
@@ -0,0 +1,273 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="kra-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="build,document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./shared"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./shared"
+                        mode="644"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/kra-ui/build_dogtag b/dogtag/kra-ui/build_dogtag
new file mode 100755
index 000000000..74e9bc860
--- /dev/null
+++ b/dogtag/kra-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-kra-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="kra-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/kra-ui/dogtag-pki-kra-ui.spec b/dogtag/kra-ui/dogtag-pki-kra-ui.spec
new file mode 100644
index 000000000..274d1ec76
--- /dev/null
+++ b/dogtag/kra-ui/dogtag-pki-kra-ui.spec
@@ -0,0 +1,61 @@
+Name:           dogtag-pki-kra-ui
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - Data Recovery Authority User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-kra-ui = %{version}-%{release}
+
+Obsoletes:      pki-kra-ui < %{version}-%{release}
+
+Conflicts:      redhat-pki-kra-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag Data Recovery Authority User Interface contains the graphical
+user interface for the Dogtag Data Recovery Manager.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="kra-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_datadir}/pki/
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
diff --git a/dogtag/kra-ui/shared/webapps/kra/404.html b/dogtag/kra-ui/shared/webapps/kra/404.html
new file mode 100755
index 000000000..2e7e59cdd
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>DRM 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/kra/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/kra/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/kra/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System DRM Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/500.html b/dogtag/kra-ui/shared/webapps/kra/500.html
new file mode 100755
index 000000000..224cec1c8
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>DRM 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/kra/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/kra/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/kra/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System DRM Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/GenUnexpectedError.template b/dogtag/kra-ui/shared/webapps/kra/GenUnexpectedError.template
new file mode 100644
index 000000000..a6ec193bc
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>DRM Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/kra/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenError.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenError.template
new file mode 100644
index 000000000..2ecb08cf5
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenError.template
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/kra/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+    document.write(result.fixed.errorDetails);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+	document.writeln('<P>');
+    document.write('Additional Information:');
+	document.writeln('<P>');
+    document.write('<BLOCKQUOTE><B><PRE>');
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].errorDescription != null) {
+			document.writeln(result.recordSet[i].errorDescription);
+		}
+	}
+	document.writeln('</UL>');
+	document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenPending.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenPending.template
new file mode 100644
index 000000000..62d4316b1
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Request Pending</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null) 
+	authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.writeln('<P>');
+	document.write('Your can check on the status of your request with ');
+	document.write('an authorized agent or local administrator ');
+	document.writeln('by referring to this request ID.'); 
+} else {
+    document.write('<B>not provided.</B> ');
+    document.write('<P>');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenRejected.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenRejected.template
new file mode 100644
index 000000000..d6c67f2c4
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenRejected.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Request Rejected</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null) {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+	document.writeln('No further details provided.');
+}
+else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].policyMessage != null) {
+			document.writeln(result.recordSet[i].policyMessage);
+		}
+	}
+	document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+	document.write('<B>not provided</B>.');
+	document.writeln('<P>');
+	document.write(
+		'Please consult your local administrator for further assistance.');
+} else {
+	document.write('<B>'+result.fixed.requestId+'</B>. ');
+	document.writeln('<P>');
+	document.write(
+		'You can contact an authorized agent or local administrator for ');
+	document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenSuccess.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenSuccess.template
new file mode 100644
index 000000000..dc3a9775f
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenSuccess.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Generic Request Success</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null) 
+	authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenSvcPending.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenSvcPending.template
new file mode 100644
index 000000000..66a524912
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+	document.write(result.fixed.remoteAuthorityName);
+else
+	document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.write('<P>');
+	document.write('Your can check on status of your request with an '+
+				   'authorized agent or local administrator by referring '+
+				   'to this request ID.');
+} else {
+    document.write('not provided. ');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenUnauthorized.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenUnauthorized.template
new file mode 100644
index 000000000..fc137d06b
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenUnauthorized.template
@@ -0,0 +1,42 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Generic Unauthorized</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/GenUnexpectedError.template b/dogtag/kra-ui/shared/webapps/kra/agent/GenUnexpectedError.template
new file mode 100644
index 000000000..0af3aa15d
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>DRM Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/kra/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/cms-funcs.js b/dogtag/kra-ui/shared/webapps/kra/agent/cms-funcs.js
new file mode 100644
index 000000000..c8ffd51c7
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/cms-funcs.js
@@ -0,0 +1,538 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+
+function checkClientTime()
+{
+   var speed;
+   var server_date = new Date(serverdate); 
+   var client_date = new Date();
+   var zone = client_date.getTimezoneOffset(); 
+   var timediff = 0;
+
+   var serverutc = server_date.getTime();
+   var clientutc = client_date.getTime();
+
+   var offset = clientutc - serverutc;
+   if (offset >0) { 
+      speed = 'fast'; 
+      } else { 
+	  speed = 'slow'; 
+   } 
+   timediff = Math.round(Math.abs(offset/1000/60)); 
+
+    if (timediff > 10) { 
+       msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed  +
+             '\n\nYou may encounter problems using your certificate\n' +
+			 'as your clock is set incorrectly.\n\n' +
+			 'According to the server, the time is:\n  ' + server_date +
+			 '\n\nPlease correct your clock before proceeding with enrollment'+
+             '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+			 'If you change your timezone, you may need to restart your browser\n'+
+             'before continuing.';
+			 alert(msg);
+			 return false;
+       }
+	return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.E != null) {
+	    if (E.value != '') {
+		if (doubleQuotes(E.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    E.value = '';
+		    E.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+	    }
+	}
+	if (form.CN!= null) {
+	    if (CN.value != '') {
+		if (doubleQuotes(CN.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    CN.value = '';
+		    CN.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+	    }
+        }
+	if (form.UID1 != null) {
+	    if (UID1.value != '') {
+		if (doubleQuotes(UID1.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    UID1.value = '';
+		    UID1.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+	    }
+        }
+	if (form.OU != null) {
+	    if (OU.value != '') {
+		if (doubleQuotes(OU.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    OU.value = '';
+		    OU.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+	    }  
+        }
+	if (form.O != null) {
+	    if (O.value != '') {
+		if (doubleQuotes(O.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    O.value = '';
+		    O.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+	    }  
+	}
+	if (form.L != null) {
+	    if (L.value != '') {
+		if (doubleQuotes(L.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    L.value = '';
+		    L.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+	    }
+	}
+	if (form.ST != null) {
+	    if (ST.value != '') {
+		if (doubleQuotes(ST.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    ST.value = '';
+		    ST.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+	    }
+	}
+	if (form.C != null) {
+	    if (C.value != '') {
+		if (doubleQuotes(C.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    C.value = '';
+		    C.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.OU.value == '') && (form.O.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.CN.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+	// DEBUG 
+	//alert(form.subject);
+
+    with (form) {
+		if (email != null) {
+	   		if (E.value == "" && email.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (CN.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+	return true;
+    }
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day ) {
+        alert(fieldName + " is invalid");
+	return null;
+     }
+     else 
+     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (asPattern) { 
+   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+   }
+   else if (value != "")
+   	list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+    with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+    	makeComponent(result,"E",E.value,asPattern);
+    	makeComponent(result,"CN",CN.value,asPattern);
+    	makeComponent(result,"UID",UID.value,asPattern);
+    	makeComponent(result,"OU",OU.value,asPattern);
+    	makeComponent(result,"O",O.value,asPattern);
+   	makeComponent(result,"L",L.value,asPattern);
+    	makeComponent(result,"ST",ST.value,asPattern);
+	makeComponent(result,"C",C.value,asPattern);
+    }
+    if (result.length == 0)
+    	return asPattern ? "0 == 0" : "0 == 1";
+    else 
+        return "subject" + ( asPattern ? " ~= " : " == ") +
+    				escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/funcs.js b/dogtag/kra-ui/shared/webapps/kra/agent/funcs.js
new file mode 100644
index 000000000..daef83d17
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/funcs.js
@@ -0,0 +1,686 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.eMail != null) {
+	    if (eMail.value != '') {
+		if (doubleQuotes(eMail.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    eMail.value = '';
+		    eMail.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(eMail.value);
+	    }
+	}
+	if (form.commonName != null) {
+	    if (commonName.value != '') {
+		if (doubleQuotes(commonName.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    commonName.value = '';
+		    commonName.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(commonName.value);
+	    }
+        }
+	if (form.userID != null) {
+	    if (userID.value != '') {
+		if (doubleQuotes(userID.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    userID.value = '';
+		    userID.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(userID.value);
+	    }
+        }
+	if (form.orgUnit != null) {
+	    if (orgUnit.value != '') {
+		if (doubleQuotes(orgUnit.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    orgUnit.value = '';
+		    orgUnit.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(orgUnit.value);
+	    }  
+        }
+	if (form.org != null) {
+	    if (org.value != '') {
+		if (doubleQuotes(org.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    org.value = '';
+		    org.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(org.value);
+	    }  
+	}
+	if (form.locality != null) {
+	    if (locality.value != '') {
+		if (doubleQuotes(locality.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    locality.value = '';
+		    locality.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(locality.value);
+	    }
+	}
+	if (form.state != null) {
+	    if (state.value != '') {
+		if (doubleQuotes(state.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    state.value = '';
+		    state.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(state.value);
+	    }
+	}
+	if (form.country != null) {
+	    if (country.value != '') {
+		if (doubleQuotes(country.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    country.value = '';
+		    country.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(country.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.orgUnit.value == '') && (form.org.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.commonName.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+
+    with (form) {
+	if (isEmailCert != null) {
+	   if (eMail.value == "" && isEmailCert.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (commonName.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+        if (csrRequestorName.value == "") {
+            csrRequestorName.value = commonName.value;
+        }
+        if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "") {
+            alert("You must supply a contact phone number or e-mail address.");
+            return false;
+        }
+        return true;
+    }
+}
+
+function isNegative(string) {
+  if (string.charAt(0) == '-')
+     return true;
+  else
+     return false;
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function isDecimalNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length &&
+        legalDigits.indexOf(string.charAt(i)) != -1) {
+        i++;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function isHexNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789abcdefABCDEF";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length - 2 &&
+        string.charAt(i) == '0' &&
+        (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+        legalDigits.indexOf(string.charAt(i+2)) != -1) {
+        i += 3;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function trim(string) {
+    var i, k, newString;
+
+    for (i = 0; i < string.length; i++) {
+        if (string.charAt(i) != ' ' )
+            break;
+    }
+    for (k = string.length - 1; k > i; k--) {
+        if (string.charAt(k) != ' ' )
+            break;
+    }
+    k++;
+
+    if (k > i)
+        newString = string.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day || year == 0) {
+        alert(fieldName + " is invalid");
+        return null;
+     }
+     else 
+     	return date.getTime();
+//     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' || c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+//   if (asPattern) { 
+//   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+//   }
+//   else if (value != "")
+   if (value != "") {
+      list[last] = tag+"="+escapeValueRfc1779(value);
+//   } else if (!asPattern) {
+//      list[last] = tag+"=*";
+   }
+//   alert("asPattern = " + asPattern);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponent(result,"E",eMail.value,asPattern);
+		makeComponent(result,"CN",commonName.value,asPattern);
+		makeComponent(result,"UID",userID.value,asPattern);
+		makeComponent(result,"OU",orgUnit.value,asPattern);
+		makeComponent(result,"O",org.value,asPattern);
+		makeComponent(result,"L",locality.value,asPattern);
+		makeComponent(result,"ST",state.value,asPattern);
+		makeComponent(result,"C",country.value,asPattern);
+	}
+    if (result.length == 0)
+//    	return asPattern ? "0 == 0" : "0 == 1";
+    	return "(x509Cert.subject=*)";
+    else  {
+        return "(x509Cert.subject" + (asPattern ? "~=" : "=") + escapeValue(nsjoin(result,",")) + ")";
+        }
+// escapeValue(result.join(', '));
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (value != "") {
+	if (asPattern) {
+		list[last] = "(x509Cert.subject=*"+tag+"=*"+
+			escapeValueRfc1779(value)+"*)";
+	} else {
+		// exact match (either the end, or appended with ",")
+		list[last] = "(|(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+",*)"
+			+"(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+"))";
+	}
+   }
+}
+
+function computeNameFilter(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponentFilter(result,"E",eMail.value,asPattern);
+		makeComponentFilter(result,"CN",commonName.value,asPattern);
+		makeComponentFilter(result,"UID",userID.value,asPattern);
+		makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+		makeComponentFilter(result,"O",org.value,asPattern);
+		makeComponentFilter(result,"L",locality.value,asPattern);
+		makeComponentFilter(result,"ST",state.value,asPattern);
+		makeComponentFilter(result,"C",country.value,asPattern);
+	}
+	if (result.length == 0) {
+		return "(x509Cert.subject=*)";
+	} else  {
+		if (asPattern) {
+        		return "(|" + nsjoin(result,"") + ")";
+		} else {
+        		return "(&" + nsjoin(result,"") + ")";
+		}
+	}
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+function isHex(string)
+{
+      if (string.charAt(0) == '0' &&
+      (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+        return true;
+      } else {
+        return false;
+      }
+}
+
+function writeError(errorDetails)
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (errorDetails != null) {
+                document.write(errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+              "further information.");
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+  val = "";
+  for (i=0; i<array.length; i++) {
+    val = val + array[i];
+    if (i < (array.length-1)) val = val+str;
+    }
+  return val;
+}
+//-->
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/dgLeftTab.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/dgLeftTab.gif
new file mode 100644
index 000000000..35a76c859
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/dgLeftTab.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/dgRightTab.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/dgRightTab.gif
new file mode 100644
index 000000000..a519bc759
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/dgRightTab.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/favicon.ico b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/favicon.ico
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/goto-tall.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/goto-tall.gif
new file mode 100644
index 000000000..6eea3ef5c
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/goto-tall.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/gray90.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/gray90.gif
new file mode 100644
index 000000000..c6f811102
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/gray90.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/hr.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/hr.gif
new file mode 100644
index 000000000..14f8acf92
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/hr.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/lgLeftTab.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/lgLeftTab.gif
new file mode 100644
index 000000000..a78fbc89d
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/lgLeftTab.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/lgRightTab.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/lgRightTab.gif
new file mode 100644
index 000000000..71852402d
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/lgRightTab.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/logo_header.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/logo_header.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/graphics/spacer.gif b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/spacer.gif
new file mode 100644
index 000000000..13acffe53
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/graphics/spacer.gif
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/header.template b/dogtag/kra-ui/shared/webapps/kra/agent/header.template
new file mode 100644
index 000000000..0de93919a
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/header.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>Header</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body onResize=location.reload() bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/kra/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td><img src="/kra/agent/graphics/spacer.gif" alt="" width="12" height="21"></td>
+<SCRIPT type="text/javascript">
+	for (var i = 0; i < result.recordSet.length; ++i) {
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/kra/agent/graphics/lgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#cccccc" nowrap>');
+		} else {
+          		document.write('<td><img src="/kra/agent/graphics/dgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#999999" nowrap>');
+		}
+		document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                if (result.recordSet[i].type == "CertificateAuthority") {
+			type = "Certificate Manager";
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			type = "Data Recovery Manager";
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			type = "Online Certificate Status Manager";
+		} else if (result.recordSet[i].type == "RegistrationAuthority") {
+			type = "Registration Manager";
+		}
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<b>' + type + '<\/b>');
+		} else {
+          		document.write('<a href="../' + 
+				result.recordSet[i].id + 
+				'/index.html" target="_top">' + 
+				type + '<\/a>');
+		}
+		document.write('<\/font><\/td>');
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/kra/agent/graphics/lgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		} else {
+          		document.write('<td><img src="/kra/agent/graphics/dgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		}
+	}
+</SCRIPT>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/helpfun.js b/dogtag/kra-ui/shared/webapps/kra/agent/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) { 
+
+     var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500"); 
+
+     HelpWin.location = helptopic;
+     HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+     window.status = helpline;
+
+     return true;
+
+}
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/index.html b/dogtag/kra-ui/shared/webapps/kra/agent/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/index.template b/dogtag/kra-ui/shared/webapps/kra/agent/index.template
new file mode 100644
index 000000000..2a6c6b972
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/index.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>DRM Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/kra/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	var displayServices = 'true';
+	for (var i = 0; i < result.recordSet.length; ++i) {
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].id + '/index.html');
+		if (result.recordSet[i].type == "RegistrationAuthority") {
+			document.write('">Registration Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "CertificateAuthority") {
+			document.write('">Certificate Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			displayServices = 'false';
+			document.write('">Online Certificate Status Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to check certificate status.');
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			displayServices = 'false';
+			document.write('">Data Recovery Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process key requests, and recover keys.');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+document.write('<tr valign="TOP">'); 
+document.write('<td>&nbsp;</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+if (displayServices== 'true')
+{	
+	document.write('<tr valign="TOP">');
+	document.write('<TD><IMG src="/graphics/goto-tall.gif" width="10" height="15"></TD>');
+	document.write('<TD><FONT face="PrimaSans BT, Verdana, sans-serif">');
+	document.write('<A href="ports">Services Summary</A></FONT></TD>');
+	document.write('</tr>');
+}
+document.write('<TR valign="TOP">');
+document.write('<TD> </TD>');
+document.write('<TD> </TD>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+</SCRIPT>
+
+</table>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/GrantRecovery.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/GrantRecovery.html
new file mode 100644
index 000000000..225bbdb30
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/GrantRecovery.html
@@ -0,0 +1,46 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Authorize Recovery (for Recovery Agents)</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js">
+</SCRIPT>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Authorize Recovery (for Recovery Agents)<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to approve a key recovery.
+</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="examineRecovery" METHOD=POST>
+<INPUT TYPE="HIDDEN" NAME="op" VALUE="examineRecovery">
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td  valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery authorization reference number:<br></font>
+    </td>
+    <td><INPUT TYPE="TEXT" NAME="recoveryID" SIZE=10 MAXLENGTH=99"></td>
+  </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%">
+  <TR>
+    <TD align="right" bgcolor="#e5e5e5">
+      <INPUT TYPE="submit" VALUE="Examine" width="72">&nbsp;
+      <!-- <INPUT TYPE="button" VALUE="Help" width="72"
+	    onClick="help('/manual/agt_gide/kraagt.htm#1022642')"> -->
+    </TD>
+  </TR>
+</TABLE>
+</FORM>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/ListRequests.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/ListRequests.html
new file mode 100644
index 000000000..11c1b5ef8
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/ListRequests.html
@@ -0,0 +1,96 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>List Key Service Requests</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../funcs.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<script LANGUAGE="JavaScript">
+<!--
+function doSubmit(form)
+{
+    if (form.lastEntryOnPage.value != "") {
+        if (isDecimalNumber(form.lastEntryOnPage.value) ||
+            isHexNumber(form.lastEntryOnPage.value)) {
+            form.lastEntryOnPage.value = trim(form.lastEntryOnPage.value);
+        } else {
+            alert("You must specify a hexadecimal or decimal number " +
+                  "for the starting request identifier.");
+            return;
+        }
+    }
+    form.submit();
+}
+//-->
+</script>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">List Requests<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to show a list of key service requests.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="queryReq" METHOD=POST>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td valign="top" align="right">
+       <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Request type:</font>
+    </td>
+    <td valign="top">
+      <SELECT NAME="reqType">
+      <OPTION SELECTED VALUE="enrollment">Show archival requests</OPTION>
+      <OPTION VALUE="recovery">Show recovery requests</OPTION>
+      <OPTION VALUE="netkeyKeygen">Show token key requests</OPTION>
+      <OPTION VALUE="showAll">Show all requests</OPTION>
+      </SELECT>
+    </td>
+  </tr>
+  <tr>
+    <td valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Request status:</font>
+    </td>
+    <td valign="top">
+      <SELECT NAME="reqState">
+      <OPTION SELECTED VALUE="showCompleted">Show completed requests</OPTION>
+      <OPTION VALUE="showPending">Show pending requests</OPTION>
+      <OPTION VALUE="showCancelled">Show canceled requests</OPTION>
+      <OPTION VALUE="showRejected">Show rejected requests</OPTION>
+      <OPTION VALUE="showAll">Show all requests</OPTION>
+      </SELECT>
+    </td>
+  </tr>
+  <tr>
+    <td  valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Starting request identifier:<br>(optional)</font>
+    </td>
+    <td><INPUT TYPE="TEXT" NAME="lastEntryOnPage" SIZE=10 MAXLENGTH=99></td>
+  </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%" BACKGROUND="/graphics/gray90.gif">
+  <TR>
+    <TD align="right" bgcolor="#e5e5e5">
+      <INPUT TYPE="button" VALUE="Find" width="72" onClick="doSubmit(this.form);">&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">first</font>&nbsp;
+      <INPUT TYPE="hidden" NAME="direction" VALUE="first">
+      <INPUT TYPE="TEXT" NAME="maxCount" SIZE=7 MAXLENGTH=99 VALUE="20">
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif">records</font>&nbsp;&nbsp;&nbsp;
+      <!-- <INPUT TYPE="button" VALUE="Help" width="72"
+	    onClick="help('http://www.redhat.com/docs/manuals/cert-system/8.0/agent/html/DRM_Recovering_Encrypted_Data.html#DRM_Recovering_Encrypted_Data-List_Requests')"> -->
+    </TD>
+  </TR>
+</TABLE>
+ 
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/SrchKey.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/SrchKey.html
new file mode 100644
index 000000000..685405465
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/SrchKey.html
@@ -0,0 +1,323 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.5 [en]C-NSCP  (WinNT; I) [Netscape]">
+   <title>Search for Keys</title>
+</head>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function publicKeyCritInUse()
+{
+    return document.publicKeyCritForm.inUse.checked;
+}
+function publicKeyCrit()
+{
+    if (document.publicKeyCritForm.publicKeyData.value.length == 0) {
+        alert("No public key specified");
+        return null;
+    }
+    return "publicKey=x509cert#"+
+        escapeValue(document.publicKeyCritForm.publicKeyData.value);
+}
+function ownerNameCritInUse()
+{
+    return document.ownerNameCritForm.inUse.checked;
+}
+function ownerNameCrit()
+{
+    return "keyOwnerName=" + document.ownerNameCritForm.ownerName.value;
+}
+function serialNumberRangeCritInUse()
+{
+	return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+	if (isHex(document.serialNumberRangeCritForm.serialFrom.value)) {
+	  canonicalFrom = parseInt(stripPrefix(document.serialNumberRangeCritForm.serialFrom.value),16);
+	} else {
+	  canonicalFrom = document.serialNumberRangeCritForm.serialFrom.value;
+        }
+	crit[next++] = "keySerialNumber >= " + canonicalFrom;
+    }
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+	if (isHex(document.serialNumberRangeCritForm.serialTo.value)) {
+	  canonicalTo = parseInt(stripPrefix(document.serialNumberRangeCritForm.serialTo.value),16);
+	} else {
+	  canonicalTo = document.serialNumberRangeCritForm.serialTo.value;
+        }
+   	crit[next++] = "keySerialNumber <= " +canonicalTo;
+    }
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+	document.serialNumberRangeCritForm.serialTo.value != "") {
+	if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+	    	alert("The low end of the range is larger than the high end.");
+		return null;
+	}
+    }
+
+	if (next == 0) {
+		return "keySerialNumber=*";
+	} else if (next == 1) {
+		return crit[0];
+	} else if (next == 2) {
+		return "&(" + crit[0] + ")(" + crit[1] + ")";
+	} 
+    // return crit.join("&");
+}
+function archivedByCritInUse()
+{
+    return document.archivedByCritForm.inUse.checked;
+}
+
+function archivedByCrit()
+{
+    if (document.archivedByCritForm.archivedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+        return null;
+    }
+    return "keyArchivedBy = "+ 
+		document.archivedByCritForm.archivedBy.value;
+}
+
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    if (serialNumberRangeCritInUse()) {
+	if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+	    return;
+    }	
+    if (ownerNameCritInUse()) {
+    	if ((andFilter[critCount++] = ownerNameCrit()) == null)
+	   return;
+    }
+    if (publicKeyCritInUse()) {
+    	if ((andFilter[critCount++] = publicKeyCrit()) == null)
+	   return;
+    }
+    if (archivedByCritInUse()) {
+    	if ((andFilter[critCount++] = archivedByCrit()) == null)
+	   return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+	alert("You must choose at least one section on this form.");
+	return;
+    } else if (critCount == 1) {
+    		form.queryFilter.value = "(" + andFilter[0] + ")";
+	} else if (critCount == 2) {
+    		form.queryFilter.value = "(&(" + andFilter[0] + ")(" + 
+			andFilter[1] + "))";
+	} else if (critCount == 3) {
+    		form.queryFilter.value = "(&(" + andFilter[0] + ")(" + 
+			andFilter[1] + ")(" + andFilter[2] + "))";
+	} else if (critCount == 4) {
+    		form.queryFilter.value = "(&(" + andFilter[0] + ")(" + 
+			andFilter[1] + ")(" + andFilter[2] + ")(" +
+			andFilter[3] + "))";
+	}
+
+    // form.queryFilter.value = andFilter.join("&");
+
+    form.op.value = "srchKey";
+
+    keyQuery = "srchKey?op=" + form.op.value + 
+                "&maxResults=" + form.maxResults.value +
+                "&maxCount=" + form.maxCount.value +
+                "&queryFilter=" + 
+			       produceHTTPEscapedString(form.queryFilter.value);
+
+    // Create two frames
+    window.location=keyQuery;
+}
+//-->
+</script>
+<body bgcolor="#FFFFFF">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Search for Keys
+</font>
+<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Use this form
+to search for archived keys according to the criteria you specify. 
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+Each section lets you specify a key property. Select a property, then
+fill in any needed details in that section.
+You can combine search criteria to further narrow the search.
+<p>
+In the list of keys found by the search, you can click a button to display
+details about individual keys.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name</font></b>
+<form name="ownerNameCritForm">
+<input type="CHECKBOX" name="inUse">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show keys
+belonging to a particular owner</font>
+<blockquote>
+<table>
+<tr>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name:</font>
+</td>
+<td>
+<input type="TEXT" name="ownerName" size=36>
+</td>
+</tr>
+</table>
+</blockquote>
+</form>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Key Identifiers</font></b>
+<form name="serialNumberRangeCritForm">
+<input type="CHECKBOX" name="inUse"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show
+keys that fall within a particular range of key identifiers</font>
+<blockquote>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Enter
+a range of key identifiers in hexadecimal form (starting with 0x, as they appear in key displays) or in decimal form.</font>
+<p>
+<table>
+<tr>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Lowest
+key identifier:</font>
+</td>
+<td>
+<input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99">
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Highest
+key identifier:</font>
+</td>
+<td>
+<input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99">
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)
+</font>
+</td>
+</tr>
+</table>
+</blockquote>
+</form>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Certificate</font></b>
+<form name="publicKeyCritForm">
+<input type="CHECKBOX" name="inUse"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show
+the key that corresponds to the following certificate</font>
+<blockquote>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Copy the certificate, then paste it into this text area.</font>
+<p>
+<textarea name="publicKeyData" rows=10 cols=64></textarea></form>
+</blockquote>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Archiver</font></b>
+<form name="archivedByCritForm">
+<input type="CHECKBOX" name="inUse"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show
+keys that have been archived by a particular server</font>
+<blockquote>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Enter
+the user ID of the Certificate Manager or Registration Manager that submitted the archival request to the Data Recovery Manager.</font>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+User ID:
+</font>
+<input TYPE="text" NAME="archivedBy" SIZE=10>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Note: Archiver information is available only when the Certificate Manager or Registration Manager is remote from the Data Recovery Manager.
+</font>
+<p>
+</blockquote>
+</form>
+
+<br><form name="queryForm" action="srchKey" method=POST>
+<input type="HIDDEN" name="op" value="">
+<input type="HIDDEN" name="maxCount" VALUE="5">
+<input type="HIDDEN" name="queryFilter" VALUE="">
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Maximum results:</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Time limit (in seconds):</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="timeLimit" SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+</table>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%">
+<TR>
+<TD align="right" bgcolor="#eeeeee">
+<input type="button" value="Show Key" onClick='doSubmit(queryForm)'>
+<!-- <input type="button" value=Help
+onClick="help('/manual/agt_gide/kraagt.htm#1019227')"> -->
+</TD>
+</TR>
+</TABLE>
+</form>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/SrchRecoverKey.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/SrchRecoverKey.html
new file mode 100644
index 000000000..f4de8ca1f
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/SrchRecoverKey.html
@@ -0,0 +1,328 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+   <meta name="GENERATOR" content="Mozilla/4.5 [en]C-NSCP  (WinNT; I) [Netscape]">
+   <title>Recover Keys (for Administrators)</title>
+</head>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function publicKeyCritInUse()
+{
+    return document.publicKeyCritForm.inUse.checked;
+}
+function publicKeyCrit()
+{
+    if (document.publicKeyCritForm.publicKeyData.value.length == 0) {
+        alert("No public key specified");
+        return null;
+    }
+    return "publicKey=x509cert#"+
+        escapeValue(document.publicKeyCritForm.publicKeyData.value);
+}
+function ownerNameCritInUse()
+{
+    return document.ownerNameCritForm.inUse.checked;
+}
+function ownerNameCrit()
+{
+    return "keyOwnerName=" + document.ownerNameCritForm.ownerName.value;
+}
+function serialNumberRangeCritInUse()
+{
+	return document.serialNumberRangeCritForm.inUse.checked;
+}
+
+function serialNumberRangeCrit()
+{
+    var crit = new Array;
+    var next = 0;
+
+    var canonicalFrom = "", canonicalTo = "";
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "") {
+        if (isHex(document.serialNumberRangeCritForm.serialFrom.value)) {
+          canonicalFrom = parseInt(stripPrefix(document.serialNumberRangeCritForm.serialFrom.value),16);
+        } else {
+          canonicalFrom = document.serialNumberRangeCritForm.serialFrom.value;
+        }
+        crit[next++] = "keySerialNumber >= " + canonicalFrom;
+    }
+    if (document.serialNumberRangeCritForm.serialTo.value != "") {
+        if (isHex(document.serialNumberRangeCritForm.serialTo.value)) {
+          canonicalTo = parseInt(stripPrefix(document.serialNumberRangeCritForm.serialTo.value),16);
+        } else {
+          canonicalTo = document.serialNumberRangeCritForm.serialTo.value;
+        }
+        crit[next++] = "keySerialNumber <= " +canonicalTo;
+    }
+
+    if (document.serialNumberRangeCritForm.serialFrom.value != "" &&
+	document.serialNumberRangeCritForm.serialTo.value != "") {
+	if (parseInt(canonicalFrom) > parseInt(canonicalTo)) {
+	    	alert("The low end of the range is larger than the high end.");
+		return null;
+	}
+    }
+
+	if (next == 0) {
+		return "keySerialNumber=*";
+	} else if (next == 1) {
+		return crit[0];
+	} else if (next == 2) {
+		return "&(" + crit[0] + ")(" + crit[1] + ")";
+	} 
+    // return crit.join("&");
+}
+function archivedByCritInUse()
+{
+    return document.archivedByCritForm.inUse.checked;
+}
+
+function archivedByCrit()
+{
+    if (document.archivedByCritForm.archivedBy.value.length == 0) {
+        alert("User id in 'issued by' filter is empty");
+        return null;
+    }
+    return "keyArchivedBy = "+ 
+		document.archivedByCritForm.archivedBy.value;
+}
+
+function doSubmit(form)
+{
+    var andFilter = new Array;
+    var critCount = 0;
+
+    if (serialNumberRangeCritInUse()) {
+	if ((andFilter[critCount++] = serialNumberRangeCrit()) == null)
+	    return;
+    }	
+    if (ownerNameCritInUse()) {
+    	if ((andFilter[critCount++] = ownerNameCrit()) == null)
+	   return;
+    }
+    if (publicKeyCritInUse()) {
+    	if ((andFilter[critCount++] = publicKeyCrit()) == null)
+	   return;
+	form.publicKeyData.value = document.publicKeyCritForm.publicKeyData.value;
+    }
+    if (archivedByCritInUse()) {
+    	if ((andFilter[critCount++] = archivedByCrit()) == null)
+	   return;
+    }
+
+    // At least one section must be selected
+    if (critCount == 0) {
+	alert("You must choose at least one section on this form.");
+	return;
+    } else if (critCount == 1) {
+    		form.queryFilter.value = "(" + andFilter[0] + ")";
+	} else if (critCount == 2) {
+    		form.queryFilter.value = "(&(" + andFilter[0] + ")(" + 
+			andFilter[1] + "))";
+	} else if (critCount == 3) {
+    		form.queryFilter.value = "(&(" + andFilter[0] + ")(" + 
+			andFilter[1] + ")(" + andFilter[2] + "))";
+	} else if (critCount == 4) {
+    		form.queryFilter.value = "(&(" + andFilter[0] + ")(" + 
+			andFilter[1] + ")(" + andFilter[2] + ")(" +
+			andFilter[3] + "))";
+	}
+
+    // form.queryFilter.value = andFilter.join("&");
+
+    form.op.value = "srchKeyForRecovery";
+
+    keyQuery = "srchKeyForRecovery?op=" + form.op.value + 
+                "&maxResults=" + form.maxResults.value +
+                "&maxCount=" + form.maxCount.value +
+                "&queryFilter=" + 
+			       produceHTTPEscapedString(form.queryFilter.value);
+   if (form.publicKeyData.value != "") {
+       keyQuery = keyQuery + "&publicKeyData="+
+               produceHTTPEscapedString(form.publicKeyData.value);
+   }
+
+    // Create two frames
+    window.location=keyQuery;
+}
+//-->
+</script>
+<body bgcolor="#FFFFFF">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">
+Recover Keys (for Administrators)</font>
+<br><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Use this form
+to search for archived keys according to the criteria you specify. 
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+Each section
+lets you specify a key property. Select a property, then fill in any needed details in that section. You can combine search criteria to further narrow the search.
+<p>
+In the list of keys found by the search, you can click a button to recover individual keys.
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name</font></b>
+<form name="ownerNameCritForm">
+<input type="CHECKBOX" name="inUse">
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show
+keys belonging to a particular owner</font>
+<blockquote>
+<table>
+<tr>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name:</font>
+</td>
+<td>
+<input type="TEXT" name="ownerName" size=36>
+</td>
+</tr>
+</table>
+</blockquote>
+</form>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Key Identifiers</font></b>
+<form name="serialNumberRangeCritForm">
+<input type="CHECKBOX" name="inUse"><font face="PrimaSans BT, Verdana, sans-serif"><font size=-1>Show
+keys that fall within a particular range of key identifiers</font></font>
+<blockquote>
+<font face="PrimaSans BT, Verdana, sans-serif"><font size=-1>Enter
+a range of key identifiers in hexadecimal form (starting with 0x, as they appear in key displays) or in decimal form.</font></font>
+<p>
+<table>
+<tr>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Lowest
+key identifier:</font>
+</td>
+<td>
+<input TYPE="TEXT" NAME="serialFrom" SIZE=10 MAXLENGTH=99">
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no lower limit)
+</font>
+</td>
+</tr>
+<tr>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Highest
+key identifier:</font>
+</td>
+<td>
+<input TYPE="TEXT" NAME="serialTo" SIZE=10 MAXLENGTH=99">
+</td>
+<td>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+(leave blank for no upper limit)
+</font>
+</td>
+</tr>
+</table>
+</blockquote>
+</form>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Certificate</font></b>
+<form name="publicKeyCritForm">
+<input type="CHECKBOX" name="inUse"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show
+the key that corresponds to the following certificate</font>
+<blockquote>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Copy the certificate, then paste it into this text area.</font>
+<p>
+<textarea name="publicKeyData" rows=10 cols=64></textarea></form>
+</blockquote>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<b><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Archiver</font></b>
+<form name="archivedByCritForm">
+<input type="CHECKBOX" name="inUse"><font size=-1 face="PrimaSans BT, Verdana, sans-serif">Show
+keys that have been archived by</font> a particular server
+<blockquote>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Enter the user ID of the Certificate or Registration Manager that submitted the archival request to the Data Recovery Manager.
+</font>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+User ID:
+</font>
+<input TYPE="text" NAME="archivedBy" SIZE=10>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+Note: Archiver information is available only when the Certificate Manager or Registration Manager is remote from the Data Recovery Manager.
+</font>
+<p>
+</blockquote>
+</form>
+
+<br><form name="queryForm" action="srchKeyForRecovery" method=POST>
+<input type="HIDDEN" name="op" value="">
+<input type="HIDDEN" name="maxCount" VALUE="5">
+<input type="HIDDEN" name="queryFilter" VALUE="">
+<input type="HIDDEN" name="publicKeyData" VALUE="">
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif"><b>Limits</b></font>
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Maximum results:</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="maxResults" VALUE=10 SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+  <tr>
+    <td align="right">
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">&nbsp;&nbsp;&nbsp;&nbsp;
+      Time limit (in seconds):</font>
+    </td>
+    <td>
+      <INPUT TYPE="TEXT" NAME="timeLimit" SIZE=5 MAXLENGTH=10>
+    </td>
+  </tr>
+</table>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%">
+<TR>
+<TD align="right" bgcolor="#eeeeee">
+<input type="button" value="Show Key" onClick='doSubmit(queryForm)'>
+<!-- <input type="button" value=Help
+onClick="help('/manual/agt_gide/kraagt.htm#1019227')"> -->
+</TD>
+</TR>
+</TABLE>
+</form>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/blank.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/blank.html
new file mode 100644
index 000000000..d2c04a676
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/blank.html
@@ -0,0 +1,10 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC">
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/confirmRecover.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/confirmRecover.html
new file mode 100644
index 000000000..94df8b7f7
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/confirmRecover.html
@@ -0,0 +1,6 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<TITLE>Recover Key Confirm</TITLE>
+<HEAD>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/confirmRecoverBySerial.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/confirmRecoverBySerial.template
new file mode 100644
index 000000000..88a8d5c84
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/confirmRecoverBySerial.template
@@ -0,0 +1,70 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+<TITLE>Recovering Key</TITLE>
+
+<HEAD>
+<BODY bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<SCRIPT LANGUAGE="JavaScript">
+function renderCredentialBoxes(m)
+{
+	var str = "";
+
+	for(var i = 0; i < m; ++i) {
+		str = str + "Agent ID#" + i + 
+			":<INPUT TYPE=text NAME=\"uid" + i + 
+			"\" VALUE=\"\">" + "Password #" + i + 
+			":<INPUT TYPE=password NAME=\"pwd" + i + 
+			"\" VALUE=\"\" AutoComplete=off >\n";
+	}
+	return str;
+}
+
+function renderRecoverButton(serialNumber, noOfAgents)
+{
+    return "<FORM METHOD=post "+
+	// "onSubmit=\"return recoverKey("+serialNumber+");\" "+
+	"ACTION=\""+ "/agent/kra/recoverBySerial" +"\">\n"+
+	renderCredentialBoxes(noOfAgents) + 
+	"<INPUT TYPE=hidden NAME=\"op\" VALUE=\"recoverBySerial\">\n"+
+	"<INPUT TYPE=hidden NAME=\"serialNumber\" VALUE=\""+
+		serialNumber +"\">\n"+
+	"<h2><b>PKCS#12 Delivery:</b></h2>"+
+	"<p>"+
+	"<p><pre>"+
+	"PKCS#12 Password:<INPUT TYPE=password NAME=\"p12Password\" VALUE=\"\" AutoComplete=off >\n"+
+	"Receipient Email:<INPUT TYPE=text NAME=\"p12Delivery\" VALUE=\"\">\n"+
+	"</pre><p>"+
+	"<INPUT TYPE=hidden NAME=\"commit\" VALUE=\"yes\">"+
+	"<INPUT TYPE=submit VALUE=\"Recover\">"+
+	"</FORM>\n";
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.write("<h2><b>Warning:</b></h2>");
+	document.write("<p><pre>");
+	document.write("Microsoft's Internet Explorer does not support " +
+		"no-cache feature.");
+	document.write("There is a security risk where Administrator " + 
+		"can use back button to steal the recovery agents' passwords.");
+	document.write("</pre>");
+	document.write("<h2><b>Key Content:</b></h2>");
+	document.write("<p><pre>");
+	document.write(result.header.publicKey);
+	document.write("</pre><p>");
+	document.write("<h2><b>Recovery Agent Credentials:</b></h2>");
+	document.write("<p><pre>");
+	document.write(renderRecoverButton(result.header.serialNumber, 
+		result.header.noOfRequiredAgents));
+	document.write("</pre><p>");
+}
+</SCRIPT>
+<p>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerial.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerial.template
new file mode 100644
index 000000000..a88599ede
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerial.template
@@ -0,0 +1,114 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+<CMS_TEMPLATE>
+<title>Display Key</title>
+<head>
+</head>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.writeln(
+        '<font face="PrimaSans BT, Verdana, sans-serif"><font size=+1>'+
+        'Key ' +
+        '<a href="' + '/kra/agent/kra/displayBySerial' + 
+	'?op=displayBySerial&serialNumber=' + result.header.serialNumber + '"' +
+        'onMouseOver=" return helpstatus(\'Click to redisplay this ' +
+        'request \')" onMouseOut="return helpstatus(\'\')">' +
+        renderHexNumber(result.header.serialNumber,8) +
+        '</a></font></font>');
+	document.writeln('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+
+	document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+	document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+	document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+	document.writeln('Key</font></td></tr>');
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">State:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.state + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Created on:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(result.header.archivedOn) + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Updated on:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(result.header.archivedOn) + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Archiver:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.archivedBy + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Public key:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.publicKey + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Owner name:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.ownerName + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key algorithm:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.keyAlgorithm + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key length:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.keyLength + '</font></td>');
+	document.writeln('</tr>');
+
+
+	document.write("</table>");
+	document.writeln('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+}
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerial2.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerial2.template
new file mode 100644
index 000000000..332d205c2
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerial2.template
@@ -0,0 +1,132 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display Certificate</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<CMS_TEMPLATE>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+
+    return sign + '0x' + '0' + absValue;
+}
+//-->
+</SCRIPT>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">Certificate
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+document.write('&nbsp;' + '0x0'+result.header.serialNumber);
+if (navigator.appName == 'Netscape' &&
+    navMajorVersion() > 3 &&
+	typeof(crypto.version) != "undefined") {
+	document.write(
+		'<input type=hidden name=cmmfResponse value=true>');
+}
+
+//-->
+</SCRIPT>
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="art/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate contents</font></td></tr></table>
+
+<pre>
+<SCRIPT LANGUAGE="JavaScript">
+document.write(result.header.certPrettyPrint);
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Certificate fingerprints</font></td></tr></table>
+
+<pre>
+<SCRIPT LANGUAGE="JavaScript">
+document.write(result.header.certFingerprint);
+</SCRIPT>
+</pre>
+
+<p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Installing this certificate in a server</font></td></tr></table>
+
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+The following format can be used to install this certificate into a server.
+<p>
+Base 64 encoded certificate
+</font>
+<p><pre>
+-----BEGIN CERTIFICATE-----
+<SCRIPT LANGUAUGE="JavaScript">
+document.write(result.header.certChainBase64);
+</SCRIPT>
+-----END CERTIFICATE-----
+</pre>
+
+<br><p>
+<table border="0" cellspacing="2" cellpadding="2" width="100%">
+<tr align="left" bgcolor="#e5e5e5"><td align="left">
+<font face="PrimaSans BT, Verdana, sans-serif" size="-1">
+Downloading this certificate</font></td></tr></table>
+<p>
+<font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+To download the certificate into your system, click the following button.
+</font>
+<p>
+
+<SCRIPT LANGUAGE="JavaScript">
+document.write("<center>");
+var loc = '/agent/kra/getBySerial?serialNumber='+ result.header.serialNumber;
+if (navigator.appName == "Netscape") {
+	loc = loc + '&importCert=true';
+	if (navMajorVersion() > 3 && typeof(crypto.version) != "undefined") {
+		loc = loc + '&cmmfResponse=true';
+	}
+}
+document.write('<form>\n'+
+			   '<INPUT TYPE=\"button\" VALUE=\"Download This Certificate\"'+
+			   ' onClick=\"location.href=\''+ loc + '\'\">\n'+
+			   '</form>\n');
+
+document.write("</center>");
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerialForRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerialForRecovery.template
new file mode 100644
index 000000000..717d1d7d6
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/displayBySerialForRecovery.template
@@ -0,0 +1,232 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+<CMS_TEMPLATE>
+<title>Display Key</title>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function PKCS12Password()
+{
+    if (document.forms[0].initAsyncRecovery.checked) {
+       document.forms[0].p12Password.disabled= true; 
+       document.forms[0].p12PasswordAgain.disabled= true; 
+       document.forms[0].nickname.disabled= true; 
+    } else {
+       document.forms[0].p12Password.disabled= false; 
+       document.forms[0].p12PasswordAgain.disabled= false; 
+       document.forms[0].nickname.disabled= false; 
+    }
+}
+</SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+function renderCredentialBoxes(m)
+{
+        var str = "";
+
+        for(var i = 0; i < m; ++i) {
+                str = str + 
+			"<tr>" +
+			"<td align=right><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">" +
+			"Agent ID #" + i + ":" +
+			"</font></td>" +
+			"<td align=left><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">" +
+                        "<input type=text name=\"uid" + i +
+                        "\" value=\"\">" + 
+			"</font></td>" +
+			"</tr>" +
+			"<tr>" +
+			"<td align=right><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">" +
+			"Password #" + i + ":" +
+			"</font></td>" +
+			"<td align=left><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">" +
+                        "<input type=password name=\"pwd" + i +
+                        "\" value=\"\" AutoComplete=off >" +
+			"</font></td>" +
+			"</tr>";
+        }
+        return str;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.writeln(
+        '<font face="PrimaSans BT, Verdana, sans-serif"><font size=+1>'+
+        'Key ' +
+        '<a href="' + '/kra/agent/kra/displayBySerial?' + 
+	'op=displayBySerial&serialNumber=' + result.header.serialNumber + '"' +
+        'onMouseOver=" return helpstatus(\'Click to redisplay this ' +
+        'request \')" onMouseOut="return helpstatus(\'\')">' +
+        renderHexNumber(result.header.serialNumber,8) +
+        '</a></font></font>');
+
+        document.writeln('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+
+    	document.write('<form method=post ' +
+          'action="' + '/kra/agent/kra/recoverBySerial' + '">\n');
+	document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Key</font></td></tr>');
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">State:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.state + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Created on:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(result.header.archivedOn) + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Updated on:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(result.header.archivedOn) + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Archiver:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.archivedBy + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Public key:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.publicKey + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Owner name:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.ownerName + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key algorithm:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.keyAlgorithm + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key length:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.keyLength + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Async Recovery:</font></td>');
+        // initiate an asynchronous recovery or not
+	document.writeln('<td>');
+        document.write('<input type="checkbox" CHECKED onClick="PKCS12Password()" name="initAsyncRecovery" value="ON">');
+	document.writeln('</td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password disabled name="p12Password" value="" AutoComplete=off ></font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password again:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password disabled name="p12PasswordAgain" value="" AutoComplete=off ></font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Nickname (Optional):</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=text disabled name="nickname" value=""></font></td>');
+	document.writeln('</tr>');
+
+	// certificate
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Certificate:</font></td>');
+	if (result.header.publicKeyData != null) {
+		document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><textarea name=cert rows=10 cols=56>' + result.header.publicKeyData + '</textarea></font></td>');
+	} else {
+		document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><textarea name=cert rows=10 cols=56></textarea></font></td>');
+	}
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.writeln('</tr>');
+
+	// use distributed-recovery mode or not
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+	if (result.header.keySplitting == 'true') { 
+	  document.write('<input type="checkbox" CHECKED name="localAgents" Value="yes">');
+	} else {
+	  document.write('<input type="hidden" name="localAgents" Value="yes">');
+	}
+	document.write('</font></td>');
+	document.writeln('</tr>');
+
+	// recovery ID
+/* recoery ID does not apply to async case
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery authorization reference number:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.recoveryID + '</font></td>');
+	document.writeln('</tr>');
+        document.writeln('<input type=hidden name="op" value="recoverBySerial">');
+*/
+
+	if (result.header.keySplitting == 'true') { 
+          document.write(renderCredentialBoxes(result.header.noOfRequiredAgents));
+        }
+
+	document.writeln('<input type=hidden name="recoveryID" VALUE="' +
+                result.header.recoveryID + '">\n');
+	document.writeln('<input type=hidden name="serialNumber" VALUE="' +
+                result.header.serialNumber + '">\n');
+	document.write('</table>');
+        document.writeln('<table cellpadding="6" cellspacing="0" border="0" width="100%">');
+        document.writeln('<tr>');
+        document.writeln('<td align="right" bgcolor="#e5e5e5">');
+        document.writeln('<input type=submit value="Recover">');
+        // document.writeln("<input type=button value=\"Help\" onClick=\"help('/manual/agt_gide/kraagt.htm#KeyRecoveryForm')\">");
+        document.writeln('</td>');
+        document.writeln('</tr>');
+        document.writeln('</table>');
+        document.writeln('</form>');
+}
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/examineRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/examineRecovery.template
new file mode 100644
index 000000000..240f7e9e4
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/examineRecovery.template
@@ -0,0 +1,109 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>Examine Recovery</title>
+<head>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.writeln(
+        '<font face="PrimaSans BT, Verdana, sans-serif"><font size=+1>'+
+        'Recovery Operation ' + result.header.recoveryID +
+        '</font></font>');
+
+	document.writeln('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+       document.write('<form method=post ' +
+          'action="' + '/kra/agent/kra/grantRecovery' + '">\n');
+
+	document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+	document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+	document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+	document.writeln('Key</font></td></tr>');
+
+	document.writeln('<tr>');
+	document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key Identifier:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.serialNumber + '</font></td>');
+	document.writeln('</tr>');
+	document.writeln('<tr>');
+	document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Owner Name:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.ownerName + '</font></td>');
+	document.writeln('</tr>');
+	document.writeln('<tr>');
+	document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key Algorithm:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.keyAlgorithm + '</font></td>');
+	document.writeln('</tr>');
+	document.writeln('<tr>');
+	document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Public Key:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.publicKey + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+        if (result.header.keySplitting == 'true') {
+          document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Agent Identifier:</font></td>');
+          document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=text name="agentID" value=""></font></td>');
+          document.writeln('</tr>');                                                      document.writeln('<tr>');                                                       document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Agent Password:</font></td>');
+          document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="agentPWD" value="" AutoComplete=off ></font></td>');
+          document.writeln('</tr>');                                              
+          document.writeln('<tr>');                                               
+        }
+	document.writeln('</tr>');
+
+	document.writeln('<input type=hidden name="op" value="grantRecovery">');
+	document.writeln('<input type=hidden name="recoveryID" VALUE="' +
+                result.header.recoveryID + '">\n');
+	document.write('</table>');
+
+	document.writeln('<table cellpadding="6" cellspacing="0" border="0" width="100%">');
+	document.writeln('<tr>');
+	document.writeln('<td align="right" bgcolor="#e5e5e5">');
+	document.writeln('<input type=submit value="Grant">');
+	// document.writeln("<input type=button value=\"Help\" onClick=\"help('/manual/agt_gide/kraagt.htm#1022642')\">");
+	document.writeln('</td>');
+	document.writeln('</tr>');
+	document.writeln('</table>');
+	document.writeln('</form>');
+}
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/finishAsyncRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/finishAsyncRecovery.template
new file mode 100644
index 000000000..0d2caf676
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/finishAsyncRecovery.template
@@ -0,0 +1,101 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Key Recovery Result</title>
+</head>
+<body bgcolor="white">
+<CMS_TEMPLATE>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function displayApprovalRecord(agentNumber, agentName)
+{
+    document.writeln("Agent" + agentNumber + " (" + agentName + 
+        ") has approved the request.");    
+}
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+    sign = "-";
+    number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+    absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Key Recovery Status</font>');
+    document.write('<center><hr width="100%"></center>');
+
+
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery Authorization Reference Number:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.recoveryID + '</font></td>');
+        document.writeln('</tr>');
+
+        document.writeln('<tr>');
+        document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key Identifier:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(result.header.serialNumber,8) + '</font></td>');
+        document.writeln('</tr>');
+        document.write('</table>');
+
+    document.write("<pre>");
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('The request has been submitted.');
+    document.writeln(result.header.noOfRequiredAgents + 
+        ' recovery agents are required for authorization.' );
+    document.writeln('<p>');
+    for(var i = 0; i < result.recordSet.length; ++i ) {
+        displayApprovalRecord(i+1, result.recordSet[i].agentName);
+    }
+    if (result.recordSet.length < result.header.noOfRequiredAgents) {
+        document.writeln('Waiting for the remaining approvals ...'); 
+    } else if (result.header.status != "complete") {
+        document.writeln('<p>');    
+        document.writeln('The key is being recovered ...');
+    }
+    document.write('</font>');
+    document.write("</pre>");
+
+    document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.status == "complete") {
+        document.writeln("<p>");
+        document.writeln("The request is completed.");
+        document.writeln("<p>");
+    
+        document.writeln(
+            'If the key is not saved, you will need to go through the ' +
+            'recovery process again. ' +
+            'Click ' +
+            '<a href="/kra/agent/kra/getAsyncPk12?reqID=' +
+            result.header.requestID + '"' +
+            'onMouseOver=" return helpstatus(\'Click to get key in PKCS12 ' +
+            '\')" onMouseOut="return helpstatus(\'\')">' +
+            "here" +
+            '</a>' + ' to save the recovered key in PKCS12 format.'
+);
+    }
+    document.write('</font>');
+}
+
+//-->
+</script>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/finishRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/finishRecovery.template
new file mode 100644
index 000000000..e73a26237
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/finishRecovery.template
@@ -0,0 +1,101 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Key Recovery Result</title>
+</head>
+<body bgcolor="white">
+<CMS_TEMPLATE>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function displayApprovalRecord(agentNumber, agentName)
+{
+    document.writeln("Agent" + agentNumber + " (" + agentName + 
+        ") has approved the request.");    
+}
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+    sign = "-";
+    number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+    absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Key Recovery Status</font>');
+    document.write('<center><hr width="100%"></center>');
+
+
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery Authorization Reference Number:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.recoveryID + '</font></td>');
+        document.writeln('</tr>');
+
+        document.writeln('<tr>');
+        document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key Identifier:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(result.header.serialNumber,8) + '</font></td>');
+        document.writeln('</tr>');
+        document.write('</table>');
+
+    document.write("<pre>");
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('The request has been submitted.');
+    document.writeln(result.header.noOfRequiredAgents + 
+        ' recovery agents are required for authorization.' );
+    document.writeln('<p>');
+    for(var i = 0; i < result.recordSet.length; ++i ) {
+        displayApprovalRecord(i+1, result.recordSet[i].agentName);
+    }
+    if (result.recordSet.length < result.header.noOfRequiredAgents) {
+        document.writeln('Waiting for the remaining approvals ...'); 
+    } else if (result.header.status != "complete") {
+        document.writeln('<p>');    
+        document.writeln('The key is being recovered ...');
+    }
+    document.write('</font>');
+    document.write("</pre>");
+
+    document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.status == "complete") {
+        document.writeln("<p>");
+        document.writeln("The request is completed.");
+        document.writeln("<p>");
+    
+        document.writeln(
+            'If the key is not saved, you will need to go through the ' +
+            'recovery process again. ' +
+            'Click ' +
+            '<a href="/kra/agent/kra/getPk12?recoveryID=' +
+            result.header.recoveryID + '"' +
+            'onMouseOver=" return helpstatus(\'Click to get key in PKCS12 ' +
+            '\')" onMouseOut="return helpstatus(\'\')">' +
+            "here" +
+            '</a>' + ' to save the recovered key in PKCS12 format.'
+);
+    }
+    document.write('</font>');
+}
+
+//-->
+</script>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameGrant.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameGrant.html
new file mode 100644
index 000000000..14b3ced02
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameGrant.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuGrant.html" NORESIZE scrolling="NO" frameborder="NO" marginwidth="0" marginheight="0" name="left">
+  
+  <frame src="grantRecovery.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="content">
+
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameRecover.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameRecover.html
new file mode 100644
index 000000000..60cd76f41
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameRecover.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuRecover.html" NORESIZE scrolling="NO" frameborder="NO" marginwidth="0" marginheight="0" name="left">
+  
+  <frame src="srchRecoverKey.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="content">
+
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameRequest.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameRequest.html
new file mode 100644
index 000000000..ae544e34b
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameRequest.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuRequest.html" NORESIZE scrolling="NO" frameborder="NO" marginwidth="0" marginheight="0" name="left">
+  
+  <frame src="listRequests.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="content">
+
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameSearch.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameSearch.html
new file mode 100644
index 000000000..a48fee2e6
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameSearch.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuSearch.html" NORESIZE scrolling="NO" frameborder="NO" marginwidth="0" marginheight="0" name="left">
+  
+  <frame src="srchKey.html" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="content">
+
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameStats.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameStats.html
new file mode 100644
index 000000000..57a24de47
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/frameStats.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO"> 
+  <frame src="menuStats.html" NORESIZE scrolling="NO" frameborder="NO" marginwidth="0" marginheight="0" name="left">
+  
+  <frame src="/getStats" marginwidth="16" marginheight="16" frameborder="NO" NORESIZE name="content">
+
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/getApprovalStatus.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/getApprovalStatus.template
new file mode 100644
index 000000000..5a6a1114a
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/getApprovalStatus.template
@@ -0,0 +1,102 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<META HTTP-EQUIV="Refresh" CONTENT="5">
+<title>Key Recovery Result</title>
+</head>
+<body bgcolor="white">
+<CMS_TEMPLATE>
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function displayApprovalRecord(agentNumber, agentName)
+{
+    document.writeln("Agent" + agentNumber + " (" + agentName + 
+        ") has approved the request.");    
+}
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+    sign = "-";
+    number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+    absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Key Recovery Status</font>');
+    document.write('<center><hr width="100%"></center>');
+
+
+        document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+        document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery Authorization Reference Number:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.recoveryID + '</font></td>');
+        document.writeln('</tr>');
+
+        document.writeln('<tr>');
+        document.write('<td><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key Identifier:</font> <font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(result.header.serialNumber,8) + '</font></td>');
+        document.writeln('</tr>');
+        document.write('</table>');
+
+    document.write("<pre>");
+    document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('The request has been submitted.');
+    document.writeln(result.header.noOfRequiredAgents + 
+        ' recovery agents are required for authorization.' );
+    document.writeln('<p>');
+    for(var i = 0; i < result.recordSet.length; ++i ) {
+        displayApprovalRecord(i+1, result.recordSet[i].agentName);
+    }
+    if (result.recordSet.length < result.header.noOfRequiredAgents) {
+        document.writeln('Waiting for the remaining approvals ...'); 
+    } else if (result.header.status != "complete") {
+        document.writeln('<p>');    
+        document.writeln('The key is being recovered ...');
+    }
+    document.write('</font>');
+    document.write("</pre>");
+
+    document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.status == "complete") {
+        document.writeln("<p>");
+        document.writeln("The request is completed.");
+        document.writeln("<p>");
+    
+        document.writeln(
+            'If the key is not saved, you will need to go through the ' +
+            'recovery process again. ' +
+            'Click ' +
+            '<a href="/kra/agent/kra/getPk12?recoveryID=' +
+            result.header.recoveryID + '"' +
+            'onMouseOver=" return helpstatus(\'Click to get key in PKCS12 ' +
+            '\')" onMouseOut="return helpstatus(\'\')">' +
+            "here" +
+            '</a>' + ' to save the recovered key in PKCS12 format.'
+);
+    }
+    document.write('</font>');
+}
+
+//-->
+</script>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/getStats.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/getStats.template
new file mode 100644
index 000000000..cfd2f3193
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/getStats.template
@@ -0,0 +1,124 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Statistics
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('<table border="0" cellspacing="0" cellpadding="0" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Detailed Information (Start Time <b>' + header.startTime + '</b>, Current Time: <b>' + header.curTime + '</b>)</font></td><td align=right><a href="getStats?op=clear">Clear Statistics</a></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr>');
+    document.writeln('<td width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Action</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b># of operations</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Time Taken (in msec)</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Min</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Max</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Std Dev</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Avg</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Percentage</b></font></td>');
+    document.writeln('</tr>');
+    for (var i = 0; i <=  recordCount; i++) {
+      if (result.recordSet[i].name.charAt(0) == '-') {
+        document.writeln('<tr><td>');
+      } else {
+        document.writeln('<tr bgcolor="#cccccc"><td>');
+      }
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].name + '</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].noOfOp+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].timeTaken+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].min+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].max+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].stddev == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].stddev+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].avg))/100);
+      }
+      document.writeln('</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].percentage))/100 + '%');
+      }
+      document.writeln('</font></td>');
+      document.writeln('</tr>');
+    }
+    document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/grantAsyncRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/grantAsyncRecovery.template
new file mode 100644
index 000000000..c76e61ac4
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/grantAsyncRecovery.template
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<head><title>Key Recovery Grant Result</title></head>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Key Recovery Result</font>');
+	document.write('<center><hr width="100%"></center>');
+	document.write("<p>");
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Asynchronous Key recovery request' + 
+'<a href="/kra/agent/kra/processReq?op=processReq&seqNum=' +
+            result.header.requestID+'"> ' + result.header.requestID + '</a>' +
+		' has been granted by ' + result.header.agentID);
+	document.write('</font>');
+}
+
+//-->
+</script>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/grantRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/grantRecovery.template
new file mode 100644
index 000000000..906da8338
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/grantRecovery.template
@@ -0,0 +1,44 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<head><title>Key Recovery Result</title></head>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Key Recovery Result</font>');
+	document.write('<center><hr width="100%"></center>');
+	document.write("<p>");
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Recovery of key with key identifier ' + 
+		toHex(result.header.serialNumber) + 
+		' has been granted by ' + result.header.agentID);
+	document.write('</font>');
+}
+
+//-->
+</script>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/index.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/index.html
new file mode 100644
index 000000000..3ca0f8959
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/index.html
@@ -0,0 +1,18 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>DRM Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/kra/agent/graphics/favicon.ico" />
+</head>
+
+<frameset rows="105,1*" frameborder="NO" border="0"> 
+  <frame src="/kra/agent/header?selected=kra" name="top" NORESIZE scrolling="NO" frameborder="NO" marginwidth="0" marginheight="0"> 
+
+  <frame src="frameRequest.html" scrolling="NO" name="middle" NORESIZE frameborder="NO" marginwidth="0" marginheight="0"> 
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+
+</body></noframes>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuCheck.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuCheck.html
new file mode 100644
index 000000000..0787f104c
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuCheck.html
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+      <table border="0" cellspacing="4" cellpadding="4" width="100%">
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRequest.html" target="middle"><b>List Requests</b></a></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameSearch.html" target="middle"><b>Search for Keys</b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRecover.html" target="middle"><b>Recover Keys</b></font></td>
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameGrant.html" target="middle"><b>Authorize Recovery</b></font></td>
+        </tr>
+      </table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuGrant.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuGrant.html
new file mode 100644
index 000000000..594dfaf06
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuGrant.html
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+      <table border="0" cellspacing="4" cellpadding="4" width="100%">
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRequest.html" target="middle"><b>List Requests</b></a></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameSearch.html" target="middle"><b>Search for Keys</b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRecover.html" target="middle"><b>Recover Keys</b></font></td>
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+          <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameGrant.html" target="middle"><b><font color=black>Authorize Recovery</font></b></font></td>
+        </tr>
+      </table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuRecover.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuRecover.html
new file mode 100644
index 000000000..1439917d4
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuRecover.html
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+      <table border="0" cellspacing="4" cellpadding="4" width="100%">
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRequest.html" target="middle"><b>List Requests</b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameSearch.html" target="middle"><b>Search for Keys</b></a></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRecover.html" target="middle"><b><font color=black>Recover Keys</font></b></a></font></td>
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameGrant.html" target="middle"><b>Authorize Recovery</b></a></font></td>
+        </tr>
+      </table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuRequest.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuRequest.html
new file mode 100644
index 000000000..69a5300a6
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuRequest.html
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+      <table border="0" cellspacing="4" cellpadding="4" width="100%">
+        <tr> 
+          <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRequest.html" target="middle"><b><font color=black>List Requests</font></b></a></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameSearch.html" target="middle"><b>Search for Keys</b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRecover.html" target="middle"><b>Recover Keys</b></font></td>
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameGrant.html" target="middle"><b>Authorize Recovery</b></font></td>
+        </tr>
+      </table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuSearch.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuSearch.html
new file mode 100644
index 000000000..e3f23d53f
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuSearch.html
@@ -0,0 +1,33 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+      <table border="0" cellspacing="4" cellpadding="4" width="100%">
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRequest.html" target="middle"><b>List Requests</b></a></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameSearch.html" target="middle"><b><font color=black>Search for Keys</font></b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRecover.html" target="middle"><b>Recover Keys</b></font></td>
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameGrant.html" target="middle"><b>Authorize Recovery</b></font></td>
+        </tr>
+      </table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuStats.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuStats.html
new file mode 100644
index 000000000..2d132b185
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/menuStats.html
@@ -0,0 +1,37 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+      <table border="0" cellspacing="4" cellpadding="4" width="100%">
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRequest.html" target="middle"><b>List Requests</b></a></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameSearch.html" target="middle"><b>Search for Keys</b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameRecover.html" target="middle"><b>Recover Keys</b></font></td>
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+        </tr>
+        <tr> 
+          <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameGrant.html" target="middle"><b>Authorize Recovery</b></font></td>
+        </tr>
+        <tr> 
+          <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+		    <a href="frameStats.html" target="middle"><b><font color="black">Statistics</font></b></font></td>
+        </tr>
+      </table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/monitor.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/monitor.template
new file mode 100644
index 000000000..27fa7f84a
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/monitor.template
@@ -0,0 +1,184 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD><TITLE>Monitor</TITLE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+</HEAD>
+<CMS_TEMPLATE>
+<BODY bgcolor="white">
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Monitor
+</font>
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<SCRIPT LANGUAUGE="JavaScript">
+if (result.header.error != null) {
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+    document.writeln('CS monitor encountered the following error:'+result.header.error);
+    document.writeln('</font>');
+} else if (result.header.issuerName != null &&
+           result.header.startDate != null &&
+           result.header.interval != null &&
+           result.header.numberOfIntervals != null &&
+           result.header.totalNumberOfRequests != null &&
+           result.header.totalNumberOfCertificates != null) {
+    var timeRange = result.header.interval * result.header.numberOfIntervals;
+
+    document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+
+    document.write('The following authority: '+result.header.issuerName+
+                   ' during <b>'+timeRange+' seconds</b>, starting from '+
+                   result.header.startDate+', processed <b>'+
+                   result.header.totalNumberOfRequests+' requests</b>');
+    if (result.header.totalNumberOfCertificates > 0)
+        document.write(' and generated <b>'+result.header.totalNumberOfCertificates+
+                       ' certificates</b>');
+    document.writeln('.<br>&nbsp;');
+    document.writeln('</font>');
+
+    if ((typeof(result.recordSet) != "undefined") && (result.recordSet.length > 0)) {
+        var addCerts = 0;
+        if (result.recordSet[0].numberOfCertificates != null)
+            addCerts = 1;
+        
+        document.writeln('<table BORDER=1 CELLSPACING=0 CELLPADDING=4 align="center">');
+        document.writeln('<tr>');
+        document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Interval number</font></td>');
+        document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('Number of requests</font></td>');
+        if (addCerts == 1) {
+            document.writeln('<td align="center" BGCOLOR="#e5e5e5">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Number of certificates</font></td>');
+        }
+        document.writeln('</tr>');
+
+        var maxCerts = 0;
+        var maxReqs = 0;
+        for (var i = 0; i < result.recordSet.length; i++) {
+            document.writeln('<tr>');
+            document.writeln('<td align="center">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+(i+1)+' </font></td>');
+            document.writeln('<td align="center">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            if (result.recordSet[i].numberOfRequests != null &&
+                result.recordSet[i].numberOfRequests > 0 &&
+                result.recordSet[i].firstRequest != null) {
+                document.write('<a href="queryReq?seqNumFrom='+result.recordSet[i].firstRequest+
+                               '&reqType=showAll&reqState=showAll&maxCount='+
+                               result.recordSet[i].numberOfRequests+
+                               '&totalRecordCount='+result.recordSet[i].numberOfRequests+'">'+
+                               result.recordSet[i].numberOfRequests+'</a>');
+            } else if (result.recordSet[i].numberOfRequests != null) {
+                document.write(' '+result.recordSet[i].numberOfRequests);
+            } else {
+                document.write(' 0');
+            }
+            document.writeln('</font></td>');
+            if (result.recordSet[i].numberOfRequests > maxReqs)
+                maxReqs = result.recordSet[i].numberOfRequests;
+            if (addCerts == 1) {
+                document.writeln('<td align="center">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                if (result.recordSet[i].numberOfCertificates != null &&
+                    result.recordSet[i].numberOfCertificates > 0 &&
+                    result.recordSet[i].startTime != null &&
+                    result.recordSet[i].endTime != null) {
+                    document.write('<a href="srchCerts?queryCertFilter=(%26(requestCreateTime%3e%3d'+
+                                   result.recordSet[i].startTime+
+                                   ')(requestCreateTime%3c%3d'+
+                                   result.recordSet[i].endTime+'))&maxResults='+
+                                   (result.recordSet[i].numberOfCertificates+1)+'">'+
+                                   result.recordSet[i].numberOfCertificates+'</a>');
+                    if (result.recordSet[i].numberOfCertificates > maxCerts)
+                        maxCerts = result.recordSet[i].numberOfCertificates;
+                } else if (result.recordSet[i].numberOfCertificates != null) {
+                    document.write(' '+result.recordSet[i].numberOfCertificates);
+                } else {
+                    document.write(' 0');
+                }
+                document.writeln('</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        if (result.header.totalNumberOfRequests != null) {
+            document.writeln('<tr>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Total</font></td>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+result.header.totalNumberOfRequests+' </font></td>');
+            if (addCerts == 1) {
+                document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                if (result.header.totalNumberOfCertificates != null) {
+                    document.write(' '+result.header.totalNumberOfCertificates);
+                } else {
+                    document.write('0');
+                }
+                document.writeln('</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        if (result.recordSet.length > 0) {
+            document.writeln('<tr>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Average</font></td>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+result.header.totalNumberOfRequests+' / '+timeRange+'s = '+
+                             (result.header.totalNumberOfRequests/timeRange)+'</font></td>');
+            if (addCerts == 1) {
+                document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.write(' '+result.header.totalNumberOfCertificates+' / '+timeRange+'s = '+
+                             (result.header.totalNumberOfCertificates/timeRange)+'</font></td>');
+            }
+            document.writeln('</tr>');
+
+            document.writeln('<tr>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln('Max</font></td>');
+            document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+            document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+            document.writeln(' '+maxReqs+' / '+result.header.interval+'s = '+
+                             (maxReqs/result.header.interval)+'</font></td>');
+            if (addCerts == 1) {
+                document.writeln('<td align="center" BGCOLOR="#eeeeee">');
+                document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+                document.write(' '+maxCerts+' / '+result.header.interval+'s = '+
+                             (maxCerts/result.header.interval)+'</font></td>');
+            }
+            document.writeln('</tr>');
+        }
+        document.writeln('</table><br>');
+
+        document.writeln('<DIV ALIGN="CENTER">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">');
+        document.writeln('This table presents authority activity in the time range of '+
+                         timeRange+' seconds divided into '+result.header.numberOfIntervals+
+                         ' intervals ('+result.header.interval+' seconds each).');
+        document.writeln('</font>');
+        document.writeln('</DIV>');
+    }
+} else {
+    document.writeln('Error');
+}
+
+
+</SCRIPT>
+
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/processReq.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/processReq.template
new file mode 100644
index 000000000..a5292102d
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/processReq.template
@@ -0,0 +1,281 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head> 
+   <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+</head>  
+<CMS_TEMPLATE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+function passwdValidate()
+{
+
+    if (document.forms[0].p12Password.value != document.forms[0].p12PasswordAgain.value) {
+        alert("Passwords do not match");
+        return false;
+    }
+    return true;
+}
+
+// 
+// This form is a template that gets a preamble defining the contents
+// of the request form as a JavaScript object called 'result.header'.
+// whose properties are filled in by the server.
+// 
+document.writeln('<body vlink="0000ff" alink="ff0000" link="0000ff" bgcolor="white">');
+document.writeln(
+	'<font face="PrimaSans BT, Verdana, sans-serif"><font size=+1>'+
+	'Request ' +
+	'<a href="/kra/agent/kra/processReq?op=processReq&seqNum=' + 
+	result.header.seqNum + '"' + 
+	'onMouseOver=" return helpstatus(\'Click to redisplay this ' +
+	'request \')" onMouseOut="return helpstatus(\'\')">' +
+	result.header.seqNum + 
+	'</a></font></font>');
+document.writeln('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD></TD></TR></TABLE>');
+
+
+document.writeln('<form action="/kra/agent/kra/getAsyncPk12" method=post onSubmit="return passwdValidate()">');
+document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">'
+);
+document.writeln('Request</font></td></tr>');
+document.writeln('<tr>');
+document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Status:</font></td>');
+document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.status + '</font></td>');
+document.writeln('</tr>');
+
+// Note these values are filtered for safety by the server.
+if (result.header.requestorName != null ||
+    result.header.requestorEmail != null ||
+    result.header.requestorPhone != null) {
+     document.writeln('<p><b> Requestor\'s Contact Information:</b><br>');
+     document.writeln('<blockquote>');
+     if (result.header.requestorName != null) {
+        document.writeln('<b> Name: </b>',
+			 result.header.requestorName,
+	                 '<br>');
+     }
+     if (result.header.requestorEmail != null) {
+        document.writeln('<b> E-mail: </b>',
+			 result.header.requestorEmail,
+	                 '<br>');
+     }
+     if (result.header.requestorPhone != null) {
+        document.writeln('<b> Phone: </b>',
+			 result.header.requestorPhone,
+	                 '<br>');
+     }
+     document.writeln('</blockquote>');
+}
+
+// request type
+document.writeln('<tr>');
+document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Type:</font></td>');
+document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.requestType + '</font></td>');
+document.writeln('</tr>');
+
+// createdOn
+document.writeln('<tr>');
+document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Created on:</font></td>');
+document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(result.header.createdOn) + '</font></td>');
+document.writeln('</tr>');
+
+// updateBy
+document.writeln('<tr>');
+document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Updated by:</font></td>');
+document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.updatedBy + '</font></td>');
+document.writeln('</tr>');
+
+// updatedOn
+document.writeln('<tr>');
+document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Updated on:</font></td>');
+document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(result.header.updatedOn) + '</font></td>');
+document.writeln('</tr>');
+
+document.writeln('<INPUT TYPE="HIDDEN" NAME="seqNum" VALUE="' +
+                 result.header.seqNum + '">');
+
+if (result.header.requestorName != null) {
+	document.writeln('<INPUT TYPE="HIDDEN" NAME="requestorName" VALUE="' +
+			result.header.requestorName + '">');
+}
+if (result.header.requestorEmail != null) {
+	document.writeln('<INPUT TYPE="HIDDEN" NAME="requestorEmail" VALUE="' +
+			result.header.requestorEmail + '">');
+}
+if (result.header.requestorPhone != null) {
+	document.writeln('<INPUT TYPE="HIDDEN" NAME="requestorPhone" VALUE="' +
+			result.header.requestorPhone + '">');
+}
+
+
+// Note: requestorComments are safely filtered by server
+if (result.header.requestorComments != null) {
+	document.writeln('<b> Comments Made When The Request Was Filed:</b><br>');
+	document.writeln('<blockquote>', result.header.requestorComments,
+		     '</blockquote>');
+	document.writeln('<b> Additional Comments:</b><br>');
+	document.writeln('<blockquote>');
+	document.writeln('<INPUT TYPE="TEXT" NAME="moreComments" SIZE=72 VALUE="">');
+	document.writeln('</blockquote>');
+}
+
+if (result.header.requestType == "enrollment") {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Archival Information</font></td></tr>');
+
+	// Archival-specific UI
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Public key:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.publicKey + '</font></td>');
+	document.writeln('</tr>');
+
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Owner name:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.ownerName + '</font></td>');
+	document.writeln('</tr>');
+
+	// key serial number
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key identifier:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.serialNumber + '</font></td>');
+	document.writeln('</tr>');
+
+} else if (result.header.requestType == "recovery") {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Recovery Information</font></td></tr>');
+
+	// Recovery-specific UI
+	// key serial number
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Key identifier:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + result.header.serialNumber + '</font></td>');
+	document.writeln('</tr>');
+
+	// Recovery agents who have approved the recovery request
+        var initAgent="";
+        var approveAgents="";
+        if (result.header.approvingAgents.indexOf(",")== -1) {
+            initAgent = result.header.approvingAgents;
+        } else {
+            initAgent = result.header.approvingAgents.substring(0,
+                result.header.approvingAgents.indexOf(","));
+            approveAgents = result.header.approvingAgents.substring(
+                      result.header.approvingAgents.indexOf(",")+1);
+        }
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery Initiating Agent:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + initAgent+ '</font></td>');
+	document.writeln('</tr>');
+	document.writeln('<tr>');
+	document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Recovery Approving Agents:</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + approveAgents
+                 + '</font></td>');
+	document.writeln('</tr>');
+}
+
+
+if (result.header.status != "complete") {
+        document.writeln('<tr><td valign="top" align="left" colspan="3" bgcolor="#e5e5e5">');
+        document.writeln('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+        document.writeln('Action</font></td></tr>');
+    if (result.header.requestType == "recovery") {
+      if (result.header.status == "pending") {
+document.writeln('<tr>');
+document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">Asynchronous Key Recovery:</font></td>');
+        document.writeln('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="/kra/agent/kra/grantAsyncRecovery?op=grantRecovery&reqID=' +
+            result.header.seqNum + '">' + ' Grant</a></font></td>');
+document.writeln('</tr>');
+
+      } else if (result.header.status == "approved") {
+        var initAgent = result.header.approvingAgents.substring(0,
+             result.header.approvingAgents.indexOf(","));
+
+        // get PKCS#12 password
+        document.writeln('<tr>');
+        document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password:</font></td>');
+        document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="p12Password" value="" AutoComplete=off ></font></td>');
+        document.writeln('</tr>');
+
+        document.writeln('<tr>');
+        document.write('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">PKCS #12 Password again:</font></td>');
+        document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=password name="p12PasswordAgain" value="" AutoComplete=off ></font></td>');
+        document.writeln('</tr>');
+
+        document.writeln('<tr>');
+        document.writeln('<input type=hidden name="op" VALUE="getAsyncPk12">');
+        document.writeln('<input type=hidden name="reqID" VALUE="' +
+                result.header.seqNum + '">\n');
+        document.writeln('<td align=right><font size="-1" face="PrimaSans BT, Verdana, sans-serif">(only allowed for initiating agent,' + initAgent+')</font></td>');
+        document.writeln('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><input type=submit value="Retrieve PKCS#12"></font></td>');
+        document.writeln('</tr>');
+      }
+    } else {
+	if (result.header.assignedTo != null) {
+	   document.write('<b> Assigned To: </b>',result.header.assignedTo);
+	} else {
+	   document.write('<b> Unassigned </b>');
+	}
+	if (result.header.assignedTo == null) {
+	  document.write('<a href="/kra/agent/kra/processReq?op=processReq&doAssign=yes&seqNum=' +
+                     result.header.seqNum + '"' + 
+                     'onMouseOver=" return helpstatus(\'Click to assign the ' +
+                     'request to yourself\')" ' +
+                     'onMouseOut="return helpstatus(\'\')">', 
+                     ' Assign To Me','</a>');
+	} else if (result.header.assignedTo != result.header.callerName) {
+		document.write('<a href="/' +
+                     '/kra/agent/kra/processReq?op=processReq&doAssign=yes&overrideAssignment=yes&seqNum=' + result.header.seqNum + '">',
+                 ' Re-assign To Me', '</a>');
+	}    
+    }
+}
+
+document.writeln('</table>');
+document.writeln('</form>');
+document.writeln('</body>');
+
+//-->
+</SCRIPT>
+
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryKey.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryKey.template
new file mode 100644
index 000000000..0bea5f140
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryKey.template
@@ -0,0 +1,208 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<title>Key Query Result</title>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function recoverKey(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to recover key # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+function renderDetailsButton(serialNumber)
+{
+	return '<form method=post '+
+		'action="'+ 
+		'/kra/agent/kra/displayBySerial' +'">\n'+
+		'<input type=hidden name="op" value="displayBySerial">\n'+
+		'<input type=hidden name="serialNumber" value="'+
+		serialNumber +
+		'">\n'+
+		'<input type=submit value="Details"></form>\n';
+}
+
+function renderRecoverButton(serialNumber)
+{
+	return '<form method=post ' +
+		'ACTION="'+ 
+		'/kra/agent/kra/confirmRecoverSerial' + '">\n'+
+		'<input type=hidden name="op" value="confirmRecoverBySerial">\n'+
+		'<input type=hidden name="serialNumber" VALUE="' +
+		serialNumber + 
+		'">\n' +
+		'<input type=hidden name="commit" value="yes">' +
+		'<input type=hidden name="updateCRL" value="yes">' +
+		'<input type=submit value="Recover">' +
+		'</form>\n';
+}
+
+function displayKeyRecord(rec)
+{
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Key identifier</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Filed</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Updated</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Archiver</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	// document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="' + '/kra/agent/kra/displayBySerial?' + 'op=displayBySerial&serialNumber=' + rec.serialNumber + '">' + renderHexNumber(rec.serialNumber,8) + '</a></font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(rec.serialNumber,8) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.state + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.archivedBy + '</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td>');
+	document.write('</td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Algorithm</font></td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	document.write('<td>');
+	document.write(renderDetailsButton(rec.serialNumber));
+	document.write('</td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimasSans BT, Verdana, sans-serif">' +
+		renderOidName(rec.keyAlgorithm) + (rec.keyLength != null ? 
+		" with "+ rec.keyLength + "-bit key" : "")+ '</font></td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' +
+		rec.ownerName + '</font></td>');
+	document.write('</tr>');
+}
+
+function renderHidden(name,value)
+{
+	return '<INPUT TYPE="hidden" NAME="' + name + '" VALUE="">\n';
+}
+
+function doNext(form)
+{
+	form.action =  '/kra/agent/kra/'+result.header.op;
+	form.op.value = result.header.op;
+	form.queryFilter.value = result.header.queryFilter;
+	form.querySentinel.value = result.header.querySentinel;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+		'<div align=center> \n'+
+		'<form name ="nextForm" method=POST ' + 
+		'onSubmit="doNext(nextForm);" '+
+		'action="">\n'+
+		renderHidden("op")+
+		renderHidden("queryFilter")+
+		renderHidden("querySentinel")+
+		renderHidden("totalRecordCount"));
+	document.write(
+		'<input type=submit value=" Next "> '+
+		'<input type=text size=2 maxlength=99 name=maxCount value="'+
+		result.fixed.maxCount+
+                '"><font size="1" face="PrimasSans BT, Verdana, sans-serif"> record(s)</font>\n'+
+		'</FORM></DIV>\n');
+}
+
+if (result.header.errorDetails != null) {
+	writeError(result.header.errorDetails);
+} else if (result.header.totalRecordCount == 0) {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<div align=left><b><font face="PrimaSans BT, Verdana, sans-serif" size="+1">No Matching Key Found</font></b></div>\n');
+} else {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>');
+	document.write('Authority: ' +
+(result.header.archiverName != null ? result.header.archiverName : "UNKNOWN"));
+	document.write('</font><br>\n');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Total Number of Records Found : ' + 
+		result.header.totalRecordCount);
+	document.write('</font>\n');
+	document.write('<p>');
+
+	document.write('<table cellpadding=6 cellspacing=4 border=0 width=100%>');
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayKeyRecord(result.recordSet[i]);
+	}
+	document.write('</table>');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+
+	if (result.header.querySentinel != null) {
+		displayNextForm();
+	}
+}
+
+//-->
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryKeyForRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryKeyForRecovery.template
new file mode 100644
index 000000000..09e873377
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryKeyForRecovery.template
@@ -0,0 +1,220 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+<title>Key Query Result</title>
+<body bgcolor="white">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function recoverKey(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to recover key # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+function renderDetailsButton(serialNumber,publicKeyData)
+{
+	if (publicKeyData != null) {
+		return '<form method=post '+
+			'action="'+ 
+			'/kra/agent/kra/displayBySerialForRecovery' +'">\n'+
+			'<input type=hidden name="op" value="displayBySerialForRecovery">\n'+
+			'<input type=hidden name="serialNumber" value="'+
+			serialNumber +
+			'">\n'+
+			'<input type=hidden name="publicKeyData" value="'+
+			publicKeyData +
+			'">\n'+
+			'<input type=submit value="Recover"></form>\n';
+	} else {
+		return '<form method=post '+
+			'action="'+ 
+			'/kra/agent/kra/displayBySerialForRecovery' +'">\n'+
+			'<input type=hidden name="op" value="displayBySerialForRecovery">\n'+
+			'<input type=hidden name="serialNumber" value="'+
+			serialNumber +
+			'">\n'+
+			'<input type=submit value="Recover"></form>\n';
+	}
+}
+
+function renderRecoverButton(serialNumber)
+{
+	return '<form method=post ' +
+		'ACTION="'+ 
+		'/kra/agent/kra/confirmRecoverBySerialForRecovery' + '">\n'+
+		'<input type=hidden name="op" value="confirmRecoverBySerialForRecovery">\n'+
+		'<input type=hidden name="serialNumber" VALUE="' +
+		serialNumber + 
+		'">\n' +
+		'<input type=hidden name="commit" value="yes">' +
+		'<input type=hidden name="updateCRL" value="yes">' +
+		'<input type=submit value="Recover">' +
+		'</form>\n';
+}
+
+function displayKeyRecord(rec)
+{
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Key identifier<font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Filed</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Updated</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Archiver</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	// document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="' + '/kra/agent/kra/displayBySerialForRecovery?' + 'op=displayBySerialForRecovery&serialNumber=' + rec.serialNumber + '">' + renderHexNumber(rec.serialNumber,8) + '</a></font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(rec.serialNumber,8) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.state + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.archivedBy + '</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td>');
+	document.write('</td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Algorithm</font></td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	document.write('<td>');
+	document.write(renderDetailsButton(rec.serialNumber,result.header.publicKeyData));
+	document.write('</td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimasSans BT, Verdana, sans-serif">' +
+		renderOidName(rec.keyAlgorithm) + (rec.keyLength != null ? 
+		" with "+ rec.keyLength + "-bit key" : "")+ '</font></td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' +
+		rec.ownerName + '</font></td>');
+	document.write('</tr>');
+}
+
+function renderHidden(name,value)
+{
+	return '<INPUT TYPE="hidden" NAME="' + name + '" VALUE="">\n';
+}
+
+function doNext(form)
+{
+	form.action =  '/kra/agent/kra/'+result.header.op;
+	form.op.value = result.header.op;
+	form.queryFilter.value = result.header.queryFilter;
+	form.querySentinel.value = result.header.querySentinel;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+		'<div align=center> \n'+
+		'<form name ="nextForm" method=POST ' + 
+		'onSubmit="doNext(nextForm);" '+
+		'action="">\n'+
+		renderHidden("op")+
+		renderHidden("queryFilter")+
+		renderHidden("querySentinel")+
+		renderHidden("totalRecordCount"));
+	document.write(
+		'<input type=submit value=" Next "> '+
+		'<input type=text size=2 maxlength=99 name=maxCount value="'+
+		result.fixed.maxCount+
+                '"><font size="1" face="PrimasSans BT, Verdana, sans-serif"> record(s)</font>\n'+
+		'</FORM></DIV>\n');
+}
+
+if (result.header.errorDetails != null) {
+	writeError(result.header.errorDetails);
+} else if (result.header.totalRecordCount == 0) {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<div align=left><b><font face="PrimaSans BT, Verdana, sans-serif" size="+1">No Matching Key Found</font></b></div>\n');
+} else {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>');
+	document.write('Authority: ' +
+(result.header.archiverName != null ? result.header.archiverName : "UNKNOWN"));
+	document.write('</font><br>\n');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Total Number of Records Found : ' + 
+		result.header.totalRecordCount);
+	document.write('</font>\n');
+	document.write('<p>');
+
+	document.write('<table cellpadding=6 cellspacing=4 border=0 width=100%>');
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayKeyRecord(result.recordSet[i]);
+	}
+	document.write('</table>');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+
+	if (result.header.querySentinel != null) {
+		displayNextForm();
+	}
+}
+
+//-->
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryReq.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryReq.template
new file mode 100644
index 000000000..47db884fa
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/queryReq.template
@@ -0,0 +1,385 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Request Queue</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 300px;
+  top: 50px;
+  width: 400px;
+  padding: 3px;
+  border: solid;
+  border-width: 2px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+
+
+table#t td {
+  font-size: 0.8em;
+  padding: 0px;
+  margin: 0px;
+}
+
+.h {
+  background-color: #eeeeee;
+  font-color: #606060;
+  font-weight: bold;
+}
+
+</STYLE>
+</head>
+
+<body bgcolor="#FFFFFF" link="#000000" vlink="#000000" alink="#000000">
+<font size=+1 face="PrimaSans BT, Verdana, sans-serif">Request Queue</font>
+<br>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<CMS_TEMPLATE>
+
+<SCRIPT LANGUAGE="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+        sign = "-";
+        number = -number;
+    }
+
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+        absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+        num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var year = dateTmp.getYear();
+    if (year < 100) {
+        year += 1900;
+    } else {
+        year %= 100;
+        year += 2000;
+    }
+    return (dateTmp.getMonth()+1)+"/"+dateTmp.getDate()+"/"+year+" ;"+
+            (dateTmp.getHours()<10?" ;":"")+
+            dateTmp.getHours()+":"+(dateTmp.getMinutes()<10?"0":"")+
+            dateTmp.getMinutes()+":"+(dateTmp.getSeconds()<10?"0":"")+
+            dateTmp.getSeconds();
+}
+
+function stateCodeToColor(code)
+{
+    if (code == "waiting")
+        return "darkgreen";
+    else if (code == "cancelled" || code == "rejected")
+        return "red";
+    else if (code == "complete")
+        return "black";
+    else 
+        return "magenta";
+}
+
+function addSpaces(str)
+{
+    var outStr = "";
+    var i0 = 0;
+    var i1 = 0;
+
+    while (i1 < str.length) {
+        i1 = str.indexOf(',', i0);
+        if (i1 > -1) {
+            i1++;
+            outStr += str.substring(i0, i1);
+            outStr += " ";
+            i0 = i1;
+        } else {
+            outStr += str.substring(i0, str.length);
+            i1 = str.length;
+        }
+    }
+
+    return outStr;
+}
+
+function renderDetailsButton(serialNumber)
+{
+        return '<form method=post '+
+                'action="'+
+                '/kra/agent/kra/processReq' +'">\n'+
+                '<input type=hidden name="seqNum" value="'+
+                serialNumber +
+                '">\n'+
+                '<input type=submit value="Details"></form>\n';
+}
+
+function setNode(table,desc,content,style)
+{
+  var row = table.insertRow(-1);
+  if (style)  {
+    row.className = style;
+  }
+  var cell1 = row.insertCell(-1);
+  var desc_text = document.createTextNode(desc);
+  cell1.appendChild(desc_text); 
+  var cell2 = row.insertCell(-1);
+  var content_text = document.createTextNode(content);
+  cell2.appendChild(content_text);
+}
+
+function mouseover(element,event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var index= element.getAttribute("index");
+  if (index == null) { return false; }
+  var req = recordSet[index];
+
+  element.parentNode.parentNode.parentNode.style.backgroundColor = "#EEEEFF";
+
+  var v;
+  var e = document.getElementById("reqMetaDatadiv");
+
+  var t = document.getElementById("t");
+
+  // delete all the rows in the table
+  var i=0;
+  while (i < t.rows.length) {
+    t.deleteRow(0);
+  }
+
+  setNode(t,"Request details for request #", req.seqNum,"h");
+  setNode(t,"Request Type:",req.requestType);
+  setNode(t,"Submitted On:", renderDateFromSecs(req.createdOn));
+  setNode(t,"Updated On:", renderDateFromSecs(req.updatedOn));
+  setNode(t,"Updated By:", req.updatedBy);
+ assumedheight = 180;
+  e.style.left = x+30; // x-offset of floating div
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  e.style.top = y+ offset +document.body.scrollTop;
+
+  // unhide the window
+  e.style.display ="block";
+
+
+}
+
+function mouseout(element)
+{
+//	window.setTimeout("hide",1);
+  var index= element.getAttribute("index");
+     element.parentNode.parentNode.parentNode.style.backgroundColor = "#FFFFFF";
+
+        hide();
+}
+
+function hide()
+{
+	document.getElementById("reqMetaDatadiv").style.display ="none";
+}
+
+function displayRequest(i, req)
+{
+    // request table items
+
+    // request number
+    document.write("<tr><td align=right>"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">"+
+        "<a index='"+i+"' href='/kra/agent/kra/processReq?seqNum=" + req.seqNum + 
+	"' onmouseover='mouseover(this,event);' "+
+           "onmouseout='mouseout(this);'>"+
+		req.seqNum +"</a></font></td>\n");
+
+    //State
+    document.write("<td>"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\" color=\""+
+        stateCodeToColor(req.status) +"\">"+req.status);
+    if (req.status == "complete" && req.Result != null && req.Result != "1") {
+        document.write("d with error");
+    }
+    document.write("</font></td>\n");
+
+    // Assigned to
+    document.write("<td><font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\""+
+                   (req.assignedTo == null? " color=\"magenta\"": "")+ ">\n"+
+                   ((req.status != "pending")? "":
+                       (req.assignedTo == null? "unassigned":req.assignedTo))+
+                   "</font></td>");
+
+    //Subject
+    if (req.subject != null) {
+        document.write("<TD colspan=2>\n"+
+            "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+            addSpaces(req.subject) + "</font></td></tr>\n");
+    } else {
+        document.write("<TD></TD><TD></TD></tr>\n");
+    }
+
+//    document.write("</table>\n");
+}
+
+function displayRequestList()
+{
+    document.write("<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+    if (result.header.error != null) {
+        document.write(result.header.error + "</font>\n");
+    } else if (result.recordSet.length == 0) {
+        document.write("No Matching Request Records Found</font>\n");
+    } else {
+        document.write("Total Number of Records Found : " +
+            result.header.totalRecordCount + "</font></br>\n");
+//            result.header.totalRecordCount + "</font></br>&nbsp;\n");
+
+	document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=6 WIDTH='100%'>\n"+
+		"<tr align=center><td>\n");
+	displayNextForm();
+
+        document.write(
+            "<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+            "<tr><td width=10%>&nbsp;</td>"+
+                "<td width=10%>&nbsp;</td>"+
+                "<td width=20%>&nbsp;</td>"+
+                "<td width=60%>&nbsp;</td>"+
+                "</tr>\n");
+
+    document.write(
+//        "<table border=\"0\" width=\"100%\" cellspacing=\"2\" cellpadding=\"2\">\n"+
+//        "<tr><td width=5%>&nbsp;</td><td width=25%>&nbsp;</td><td width=25%>&nbsp;</td>\n"+
+//        "<td width=25%>&nbsp;</td><td width=20%>&nbsp;</td></tr>\n"+
+        "<TR BGCOLOR=\"#E5E5E5\">\n"+
+        "<TD align=right width=10%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "#</font></TD>\n"+
+        "<TD width=10%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "Status</font></TD>\n"+
+        "<TD width=20%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "Assigned to</font></TD>\n"+
+        "<TD width=60%>\n"+
+        "<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n"+
+        "Key Owner</font></TD></TR>\n"
+    );
+
+	    for(var i = 0; i < result.recordSet.length; ++i ) {
+		    displayRequest(i, result.recordSet[i]);
+	    }
+	    document.write("</table>");
+	    displayNextForm();
+}
+}
+
+
+function renderHidden(name,value)
+{
+	return 	"<INPUT TYPE='hidden' NAME='"+ name +"' VALUE=''>\n";
+}
+
+
+function doNext(element)
+{
+	var form = element.form;
+        form.action = "queryReq";
+	form.op.value = result.header.op;
+
+	form.direction.value = element.name;
+	form.firstEntryOnPage.value = result.header.firstEntryOnPage;
+	form.lastEntryOnPage.value = result.header.lastEntryOnPage;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+
+	form.submit();
+}
+
+
+function displayNextForm(seqNum)
+{
+var seqNum=parseInt(result.recordSet[result.recordSet.length-1].seqNum) + 1;
+//alert("in displayNextForm seqNum="+seqNum);
+	document.write(
+//"<div align=center> \n"+
+"<FORM NAME='nextForm' METHOD='POST' ACTION=''>\n"+ renderHidden("op"));
+
+var disabledDown = ((result.fixed.maxCount > result.header.currentRecordCount) ||
+                   (result.header.currentRecordCount == result.header.totalRecordCount)) ?
+                   "disabled='true'" : "";
+var disabledUp = (result.header.firstEntryOnPage != null &&
+                  result.header.firstEntryOnPage <= 1) ? "disabled='true'" : "";
+
+document.write(
+"<button NAME='begin' onClick='doNext(this)' VALUE='|<<' width='72'>|&lt;&lt;</button>\n"+
+"<button "+disabledUp+" NAME='previous' onClick='doNext(this)' VALUE='<' width='72'>&lt;</button>\n"+
+"<INPUT TYPE='hidden' NAME='totalRecordCount' VALUE='"+
+result.header.totalRecordCount+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='op' VALUE='"+ "queryReq"+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='querySentinelDown' VALUE='"+
+  result.header.querySentinelDown+ "'>\n"+
+"<INPUT TYPE='hidden' NAME='querySentinelUp' VALUE='"+
+  result.header.querySentinelUp+ "'>\n"+
+
+"<INPUT TYPE='hidden' NAME='firstEntryOnPage' VALUE='"+ 
+  result.header.querySentinelUp +"'>\n"+
+"<INPUT TYPE='hidden' NAME='lastEntryOnPage' VALUE='"+ 
+  result.header.querySentinelDown +"'>\n"+
+"<INPUT TYPE='hidden' NAME='direction' VALUE='"+
+  result.header.direction+ "'>\n");
+
+    if (result.fixed.reqType != null)
+        document.write("<INPUT TYPE='hidden' NAME='reqType' VALUE='" + result.fixed.reqType + "'>\n");
+
+    if (result.fixed.reqState != null)
+        document.write("<INPUT TYPE='hidden' NAME='reqState' VALUE='" + result.fixed.reqState + "'>\n");
+
+    document.write("<INPUT TYPE=\"hidden\" NAME=\"totalRecordCount\" VALUE=\"" + 
+        result.header.totalRecordCount + "\">\n");
+
+    document.write("<INPUT style='padding-left: 2px;' TYPE=text SIZE=16 NAME=maxCount VALUE='"+
+result.fixed.maxCount+ "'>\n"+
+"<button "+disabledDown+" NAME='next' onClick='doNext(this)' VALUE='>' width='72'>&gt;</button>\n"+
+"<button NAME='end' onClick='doNext(this)' VALUE='>>|' width='72'>&gt;&gt;|</button>\n"+
+"</FORM>\n");
+}
+
+
+displayRequestList();
+
+//-->
+</SCRIPT>
+<div id="reqMetaDatadiv" class="floating">
+<table id="t" width="100%">
+<tr><td><td/></tr>
+</table>
+</div>
+
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/recoverBySerial.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/recoverBySerial.template
new file mode 100644
index 000000000..a1209f32b
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/recoverBySerial.template
@@ -0,0 +1,76 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Key Recovery Result</title>
+</head>
+<body bgcolor="white">
+
+<CMS_TEMPLATE>
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+if (result.header.errorDetails != null) {
+        writeError(result.header.errorDetails);
+} else {
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Key Recovery Status</font>');
+	document.write('<center><hr width="100%"></center>');
+	document.write("<p>");
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Recovery request for Key with key identifier ' + 
+		toHex(result.header.serialNumber) + 
+		' has been submitted.\n' +
+		'Waiting for recovery agents\' approval...');
+
+        if (result.header.recoveryID == null) {
+            document.writeln('<p>');
+            document.writeln(result.header.noOfRequiredAgents +
+                ' recovery agents are required for authorization.' );
+            document.writeln('<p>');
+
+            document.writeln('This is an asynchronous key recovery request.  You might want to notify authorized key recovery agents to grant this request by going to request' +
+            '<a href="/kra/agent/kra/processReq?op=processReq&seqNum=' +
+            result.header.requestID+'"> ' + result.header.requestID +'</a>.')
+	    document.write('</font>');
+        }else {
+	    document.write('</font>');
+	    window.location = result.fixed.scheme + "://" + result.fixed.host +
+	 		":" + result.fixed.port + "/kra/agent/kra/getApprovalStatus?recoveryID=" +
+	 		result.header.recoveryID;	
+
+	    if (result.header.status == "complete") {
+		document.writeln(
+			'<font face="PrimaSans BT, Verdana, sans-serif"><font size=+1>'+
+			'Click ' +
+			'<a href="/kra/agent/kra/getPk12?recoveryID=' + 
+			result.header.recoveryID + '"' + 
+			'onMouseOver=" return helpstatus(\'Click to get key in PKCS12 ' +
+			'\')" onMouseOut="return helpstatus(\'\')">' +
+			"here" + 
+			'</a>' + ' to get the recovered key in PKCS12 format.</font></font>');
+	    }
+        }
+
+}
+
+//-->
+</script>
+</BODY>
+</HTML>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/srchKey.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/srchKey.template
new file mode 100644
index 000000000..a06999996
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/srchKey.template
@@ -0,0 +1,213 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<title>Key Query Result</title>
+<body bgcolor="white">
+
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function recoverKey(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to recover key # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+function renderDetailsButton(serialNumber)
+{
+	return '<form method=post '+
+		'action="'+ 
+		'/kra/agent/kra/displayBySerial' +'">\n'+
+		'<input type=hidden name="op" value="displayBySerial">\n'+
+		'<input type=hidden name="serialNumber" value="'+
+		serialNumber +
+		'">\n'+
+		'<input type=submit value="Details"></form>\n';
+}
+
+function renderRecoverButton(serialNumber)
+{
+	return '<form method=post ' +
+		'ACTION="'+ 
+		'/kra/agent/kra/confirmRecoverSerial' + '">\n'+
+		'<input type=hidden name="op" value="confirmRecoverBySerial">\n'+
+		'<input type=hidden name="serialNumber" VALUE="' +
+		serialNumber + 
+		'">\n' +
+		'<input type=hidden name="commit" value="yes">' +
+		'<input type=hidden name="updateCRL" value="yes">' +
+		'<input type=submit value="Recover">' +
+		'</form>\n';
+}
+
+function displayKeyRecord(rec)
+{
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Key identifier</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Filed</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Updated</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Archiver</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	// document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="' + '/kra/agent/kra/displayBySerial?' + 'op=displayBySerial&serialNumber=' + rec.serialNumber + '">' + renderHexNumber(rec.serialNumber,8) + '</a></font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(rec.serialNumber,8) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.state + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.archivedBy + '</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td>');
+	document.write('</td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Algorithm</font></td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	document.write('<td>');
+	document.write(renderDetailsButton(rec.serialNumber));
+	document.write('</td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimasSans BT, Verdana, sans-serif">' +
+		renderOidName(rec.keyAlgorithm) + (rec.keyLength != null ? 
+		" with "+ rec.keyLength + "-bit key" : "")+ '</font></td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' +
+		rec.ownerName + '</font></td>');
+	document.write('</tr>');
+}
+
+function renderHidden(name,value)
+{
+	return '<INPUT TYPE="hidden" NAME="' + name + '" VALUE="">\n';
+}
+
+function doNext(form)
+{
+	form.action =  '/kra/agent/kra/'+result.header.op;
+	form.op.value = result.header.op;
+	form.queryFilter.value = result.header.queryFilter;
+	form.querySentinel.value = result.header.querySentinel;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+		'<div align=center> \n'+
+		'<form name ="nextForm" method=POST ' + 
+		'onSubmit="doNext(nextForm);" '+
+		'action="">\n'+
+		renderHidden("op")+
+		renderHidden("queryFilter")+
+		renderHidden("querySentinel")+
+		renderHidden("totalRecordCount"));
+	document.write(
+		'<input type=submit value=" Next "> '+
+		'<input type=text size=2 maxlength=99 name=maxCount value="'+
+		result.fixed.maxCount+
+                '"><font size="1" face="PrimasSans BT, Verdana, sans-serif"> record(s)</font>\n'+
+		'</FORM></DIV>\n');
+}
+
+if (result.header.errorDetails != null) {
+	writeError(result.header.errorDetails);
+} else if (result.header.totalRecordCount == 0) {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<div align=left><b><font face="PrimaSans BT, Verdana, sans-serif" size="+1">No Matching Key Found</font></b></div>\n');
+} else {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>');
+	document.write('Authority: ' +
+(result.header.archiverName != null ? result.header.archiverName : "UNKNOWN"));
+	document.write('</font><br>\n');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Total Number of Records Found : ' + 
+		result.header.totalRecordCount);
+	document.write('</font>\n');
+
+   if (result.header.totalRecordCount == result.header.maxSize) {
+        document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"(Maximum size reached)"+
+"</font>\n"
+        );
+    }
+	document.write('<p>');
+
+	document.write('<table cellpadding=6 cellspacing=4 border=0 width=100%>');
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayKeyRecord(result.recordSet[i]);
+	}
+	document.write('</table>');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+
+}
+
+//-->
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/srchKeyForRecovery.template b/dogtag/kra-ui/shared/webapps/kra/agent/kra/srchKeyForRecovery.template
new file mode 100644
index 000000000..4c5387c32
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/srchKeyForRecovery.template
@@ -0,0 +1,227 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<title>Key Query Result</title>
+<body bgcolor="white">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<script language="JavaScript" src="../funcs.js"></script>
+<script language="JavaScript" src="../helpfun.js"></script>
+<script language="JavaScript">
+//<!--
+
+function toHex(number)
+{
+    var absValue = "", sign = "";
+    var digits = "0123456789abcdef";
+    if (number < 0) {
+	sign = "-";
+	number = -number;
+    }
+    
+    for(; number >= 16 ; number = Math.floor(number/16)) {
+	absValue = digits.charAt(number % 16) + absValue;
+    }
+    absValue = digits.charAt(number % 16) + absValue;
+    return sign + absValue;
+}
+
+function recoverKey(serialNumber)
+{ 
+	return confirm("WARNING!! You are about to do an irreversible operation.\nDo you really want to recover key # "+ 
+		renderHexNumber(serialNumber,8)+ " ?");
+}
+
+function renderOidName(oid)
+{
+	if (oid == "1.2.840.113549.1.1.1") 
+	   return "PKCS #1 RSA";
+	else if (oid == "1.2.840.113549.1.1.4")
+	   return "PKCS #1 MD5 With RSA";
+	else 
+	   return "OID."+oid;
+}
+
+function renderHexNumber(number,width)
+{
+    var num = toHex(number);
+    while (num.length < width)
+	num = "0"+num;
+    return "0x"+num;
+}
+
+function renderDateFromSecs(secs)
+{
+    if (secs == null) return "";
+    var today = new Date();
+    var dateTmp = new Date();
+    dateTmp.setTime(secs * 1000);
+    var dateStr = dateTmp.toLocaleString();
+    return dateStr;
+}
+
+function renderDetailsButton(serialNumber,publicKeyData)
+{
+	if (publicKeyData != null) {
+		return '<form method=post '+
+			'action="'+ 
+			'/kra/agent/kra/displayBySerialForRecovery' +'">\n'+
+			'<input type=hidden name="op" value="displayBySerialForRecovery">\n'+
+			'<input type=hidden name="serialNumber" value="'+
+			serialNumber +
+			'">\n'+
+			'<input type=hidden name="publicKeyData" value="'+
+			publicKeyData +
+			'">\n'+
+			'<input type=submit value="Recover"></form>\n';
+	} else {
+		return '<form method=post '+
+			'action="'+ 
+			'/kra/agent/kra/displayBySerialForRecovery' +'">\n'+
+			'<input type=hidden name="op" value="displayBySerialForRecovery">\n'+
+			'<input type=hidden name="serialNumber" value="'+
+			serialNumber +
+			'">\n'+
+			'<input type=submit value="Recover"></form>\n';
+	}
+}
+
+function renderRecoverButton(serialNumber)
+{
+	return '<form method=post ' +
+		'ACTION="'+ 
+		'/kra/agent/kra/confirmRecoverBySerialForRecovery' + '">\n'+
+		'<input type=hidden name="op" value="confirmRecoverBySerialForRecovery">\n'+
+		'<input type=hidden name="serialNumber" VALUE="' +
+		serialNumber + 
+		'">\n' +
+		'<input type=hidden name="commit" value="yes">' +
+		'<input type=hidden name="updateCRL" value="yes">' +
+		'<input type=submit value="Recover">' +
+		'</form>\n';
+}
+
+function displayKeyRecord(rec)
+{
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Key identifier<font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">State</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Filed</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Updated</font></td>');
+	document.write('<td align=left>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Archiver</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	// document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="' + '/kra/agent/kra/displayBySerialForRecovery?' + 'op=displayBySerialForRecovery&serialNumber=' + rec.serialNumber + '">' + renderHexNumber(rec.serialNumber,8) + '</a></font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderHexNumber(rec.serialNumber,8) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.state + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + renderDateFromSecs(rec.archivedOn) + '</font></td>');
+	document.write('<td align=left><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' + rec.archivedBy + '</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr bgcolor=#e5e5e5>');
+	document.write('<td>');
+	document.write('</td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Algorithm</font></td>');
+	document.write('<td align=left colspan=2>' +
+		'<font size=-1 face="PrimaSans BT, Verdana, sans-serif">Owner Name</font></td>');
+	document.write('</tr>');
+
+	document.write('<tr>');
+	document.write('<td>');
+	document.write(renderDetailsButton(rec.serialNumber,result.header.publicKeyData));
+	document.write('</td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimasSans BT, Verdana, sans-serif">' +
+		renderOidName(rec.keyAlgorithm) + (rec.keyLength != null ? 
+		" with "+ rec.keyLength + "-bit key" : "")+ '</font></td>');
+	document.write('<td align=left colspan=2><font size="-1" face="PrimaSans BT, Verdana, sans-serif">' +
+		rec.ownerName + '</font></td>');
+	document.write('</tr>');
+}
+
+function renderHidden(name,value)
+{
+	return '<INPUT TYPE="hidden" NAME="' + name + '" VALUE="">\n';
+}
+
+function doNext(form)
+{
+	form.action =  '/kra/agent/kra/'+result.header.op;
+	form.op.value = result.header.op;
+	form.queryFilter.value = result.header.queryFilter;
+	form.querySentinel.value = result.header.querySentinel;
+	form.totalRecordCount.value = result.header.totalRecordCount;
+	form.submit();
+}
+
+function displayNextForm()
+{
+	document.write(
+		'<div align=center> \n'+
+		'<form name ="nextForm" method=POST ' + 
+		'onSubmit="doNext(nextForm);" '+
+		'action="">\n'+
+		renderHidden("op")+
+		renderHidden("queryFilter")+
+		renderHidden("querySentinel")+
+		renderHidden("totalRecordCount"));
+	document.write(
+		'<input type=submit value=" Next "> '+
+		'<input type=text size=2 maxlength=99 name=maxCount value="'+
+		result.fixed.maxCount+
+                '"><font size="1" face="PrimasSans BT, Verdana, sans-serif"> record(s)</font>\n'+
+		'</FORM></DIV>\n');
+}
+
+if (result.header.errorDetails != null) {
+	writeError(result.header.errorDetails);
+} else if (result.header.totalRecordCount == 0) {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<div align=left><b><font face="PrimaSans BT, Verdana, sans-serif" size="+1">No Matching Key Found</font></b></div>\n');
+} else {
+        document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>Search Results</font>\n');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=+1>');
+	document.write('Authority: ' +
+(result.header.archiverName != null ? result.header.archiverName : "UNKNOWN"));
+	document.write('</font><br>\n');
+	document.write('<font face="PrimaSans BT, Verdana, sans-serif" size=-1>');
+	document.write('Total Number of Records Found : ' + 
+		result.header.totalRecordCount);
+	document.write('</font>\n');
+
+   if (result.header.totalRecordCount == result.header.maxSize) {
+        document.write(
+"<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n"+
+"(Maximum size reached)"+
+"</font>\n"
+        );
+    }
+
+	document.write('<p>');
+
+	document.write('<table cellpadding=6 cellspacing=4 border=0 width=100%>');
+
+	for(var i = 0; i < result.recordSet.length; ++i ) {
+		displayKeyRecord(result.recordSet[i]);
+	}
+	document.write('</table>');
+        document.write('<TABLE BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/graphics/hr.gif"><TR><TD>&nbsp;</TD></TR></TABLE>');
+
+}
+
+//-->
+</script>
+</body>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/agent/kra/top.html b/dogtag/kra-ui/shared/webapps/kra/agent/kra/top.html
new file mode 100644
index 000000000..5e7a2a40e
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/agent/kra/top.html
@@ -0,0 +1,48 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#666699">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td>
+            <table border="0" cellspacing="12" cellpadding="0" width="100%">
+              <tr> 
+                <td><font size="-1" face="PrimaSans BT, Verdana, sans-serif" color="white">Dogtag<font color="#999999" size="-2">&reg;</font><b><br>
+                  Certificate System</b></font><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b></b></font></td>
+                <td></td>
+                <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Privileged User Services</font> </td>
+              </tr>
+            </table>
+          </td>
+        </tr>
+      </table>
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td><img src="/graphics/spacer.gif" width="12" height="21"></td>
+          <td><img src="/graphics/dgLeftTab.gif" width="13" height="21"></td>
+          <td bgcolor="#999999" nowrap><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="../kra/index.html" target="_top">Certificate 
+            Service</a><b></b></font></td>
+          <td><img src="/graphics/dgRightTab.gif" width="16" height="21"></td>
+          <td><img src="/graphics/dgLeftTab.gif" width="13" height="21"></td>
+          <td bgcolor="#999999" nowrap><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><a href="../kra/index.html" target="_top">Registration 
+            Service </a></font></td>
+          <td><img src="/graphics/dgRightTab.gif" width="16" height="21"></td>
+          <td><img src="/graphics/lgLeftTab.gif" width="13" height="21"></td>
+          <td bgcolor="#cccccc" nowrap><font size="-1" face="PrimaSans BT, Verdana, sans-serif"><b>Key 
+            Service </b></font></td>
+          <td><img src="/graphics/lgRightTab.gif" width="16" height="21"></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</body>
+</html>
+
diff --git a/dogtag/kra-ui/shared/webapps/kra/index.html b/dogtag/kra-ui/shared/webapps/kra/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/kra-ui/shared/webapps/kra/services.template b/dogtag/kra-ui/shared/webapps/kra/services.template
new file mode 100644
index 000000000..e28887b70
--- /dev/null
+++ b/dogtag/kra-ui/shared/webapps/kra/services.template
@@ -0,0 +1,106 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>DRM Services</title>
+    <link rel="shortcut icon" href="img/favicon.ico" />
+    <link rel="stylesheet" href="css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System DRM Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+for (var i=0; i<result.recordSet.length; ++i) {
+    document.write('<tr valign="TOP">');
+    document.write('<td>');
+    document.write('<td>');
+    document.write('<font size=4 face="PrimaSans BT, Verdana, sans-serif">');
+    document.write('<li><a href="');
+    document.write(result.recordSet[i].prefix + "://" +
+      result.recordSet[i].host + ":" + result.recordSet[i].port + "/"+
+      result.recordSet[i].uri);
+    if (result.recordSet[i].type == "admin") {
+        document.write('">Admin Services</a></font>');
+    } else if (result.recordSet[i].type == "agent") {
+        document.write('">Agent Services</a></font>');
+    } else if (result.recordSet[i].type == "ee") {
+        document.write('">SSL End Users Services</a></font>');
+    }
+
+    document.write('</font></td></tr>');
+}
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</center>
+<div id="footer">
+</div>
+</body>
+</html>
diff --git a/dogtag/ocsp-ui/CMakeLists.txt b/dogtag/ocsp-ui/CMakeLists.txt
new file mode 100644
index 000000000..5a40de3d5
--- /dev/null
+++ b/dogtag/ocsp-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(ocsp-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/ocsp-ui/LICENSE b/dogtag/ocsp-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/ocsp-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/ocsp-ui/build.xml b/dogtag/ocsp-ui/build.xml
new file mode 100644
index 000000000..babdbcae6
--- /dev/null
+++ b/dogtag/ocsp-ui/build.xml
@@ -0,0 +1,273 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="ocsp-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./shared"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./shared"
+                        mode="644"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/ocsp-ui/build_dogtag b/dogtag/ocsp-ui/build_dogtag
new file mode 100755
index 000000000..27066ed2b
--- /dev/null
+++ b/dogtag/ocsp-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-ocsp-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="ocsp-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec b/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec
new file mode 100644
index 000000000..5ea461007
--- /dev/null
+++ b/dogtag/ocsp-ui/dogtag-pki-ocsp-ui.spec
@@ -0,0 +1,62 @@
+Name:           dogtag-pki-ocsp-ui
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - Online Certificate Status Protocol User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-ocsp-ui = %{version}-%{release}
+
+Obsoletes:      pki-ocsp-ui < %{version}-%{release}
+
+Conflicts:      redhat-pki-ocsp-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag Online Certificate Status Protocol User Interface contains the
+graphical user interface for the
+Dogtag Online Certificate Status Protocol Manager.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="ocsp-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_datadir}/pki/
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/404.html b/dogtag/ocsp-ui/shared/webapps/ocsp/404.html
new file mode 100755
index 000000000..a337de323
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>OCSP 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ocsp/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ocsp/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ocsp/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System OCSP Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/500.html b/dogtag/ocsp-ui/shared/webapps/ocsp/500.html
new file mode 100755
index 000000000..1e7fbb43a
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>OCSP 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ocsp/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ocsp/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ocsp/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System OCSP Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/GenUnexpectedError.template b/dogtag/ocsp-ui/shared/webapps/ocsp/GenUnexpectedError.template
new file mode 100644
index 000000000..b78424626
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ocsp/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenError.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenError.template
new file mode 100644
index 000000000..c2b45826e
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenError.template
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ocsp/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+    document.write(result.fixed.errorDetails);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+	document.writeln('<P>');
+    document.write('Additional Information:');
+	document.writeln('<P>');
+    document.write('<BLOCKQUOTE><B><PRE>');
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].errorDescription != null) {
+			document.writeln(result.recordSet[i].errorDescription);
+		}
+	}
+	document.writeln('</UL>');
+	document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenPending.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenPending.template
new file mode 100644
index 000000000..9264d1bd0
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Request Pending</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null) 
+	authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.writeln('<P>');
+	document.write('Your can check on the status of your request with ');
+	document.write('an authorized agent or local administrator ');
+	document.writeln('by referring to this request ID.'); 
+} else {
+    document.write('<B>not provided.</B> ');
+    document.write('<P>');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenRejected.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenRejected.template
new file mode 100644
index 000000000..5e5155541
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenRejected.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Request Rejected</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null) {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+	document.writeln('No further details provided.');
+}
+else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].policyMessage != null) {
+			document.writeln(result.recordSet[i].policyMessage);
+		}
+	}
+	document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+	document.write('<B>not provided</B>.');
+	document.writeln('<P>');
+	document.write(
+		'Please consult your local administrator for further assistance.');
+} else {
+	document.write('<B>'+result.fixed.requestId+'</B>. ');
+	document.writeln('<P>');
+	document.write(
+		'You can contact an authorized agent or local administrator for ');
+	document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenSuccess.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenSuccess.template
new file mode 100644
index 000000000..9d9022b2b
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenSuccess.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Generic Request Success</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null) 
+	authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenSvcPending.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenSvcPending.template
new file mode 100644
index 000000000..248f3e592
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+	document.write(result.fixed.remoteAuthorityName);
+else
+	document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.write('<P>');
+	document.write('Your can check on status of your request with an '+
+				   'authorized agent or local administrator by referring '+
+				   'to this request ID.');
+} else {
+    document.write('not provided. ');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenUnauthorized.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenUnauthorized.template
new file mode 100644
index 000000000..af2aede06
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenUnauthorized.template
@@ -0,0 +1,42 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Generic Unauthorized</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenUnexpectedError.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenUnexpectedError.template
new file mode 100644
index 000000000..d68d10a19
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>OCSP Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/ocsp/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/cms-funcs.js b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/cms-funcs.js
new file mode 100644
index 000000000..473fb1795
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/cms-funcs.js
@@ -0,0 +1,539 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+//<!--
+
+
+function checkClientTime()
+{
+   var speed;
+   var server_date = new Date(serverdate); 
+   var client_date = new Date();
+   var zone = client_date.getTimezoneOffset(); 
+   var timediff = 0;
+
+   var serverutc = server_date.getTime();
+   var clientutc = client_date.getTime();
+
+   var offset = clientutc - serverutc;
+   if (offset >0) { 
+      speed = 'fast'; 
+      } else { 
+	  speed = 'slow'; 
+   } 
+   timediff = Math.round(Math.abs(offset/1000/60)); 
+
+    if (timediff > 10) { 
+       msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed  +
+             '\n\nYou may encounter problems using your certificate\n' +
+			 'as your clock is set incorrectly.\n\n' +
+			 'According to the server, the time is:\n  ' + server_date +
+			 '\n\nPlease correct your clock before proceeding with enrollment'+
+             '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+			 'If you change your timezone, you may need to restart your browser\n'+
+             'before continuing.';
+			 alert(msg);
+			 return false;
+       }
+	return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.E != null) {
+	    if (E.value != '') {
+		if (doubleQuotes(E.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    E.value = '';
+		    E.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+	    }
+	}
+	if (form.CN!= null) {
+	    if (CN.value != '') {
+		if (doubleQuotes(CN.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    CN.value = '';
+		    CN.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+	    }
+        }
+	if (form.UID1 != null) {
+	    if (UID1.value != '') {
+		if (doubleQuotes(UID1.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    UID1.value = '';
+		    UID1.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+	    }
+        }
+	if (form.OU != null) {
+	    if (OU.value != '') {
+		if (doubleQuotes(OU.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    OU.value = '';
+		    OU.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+	    }  
+        }
+	if (form.O != null) {
+	    if (O.value != '') {
+		if (doubleQuotes(O.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    O.value = '';
+		    O.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+	    }  
+	}
+	if (form.L != null) {
+	    if (L.value != '') {
+		if (doubleQuotes(L.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    L.value = '';
+		    L.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+	    }
+	}
+	if (form.ST != null) {
+	    if (ST.value != '') {
+		if (doubleQuotes(ST.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    ST.value = '';
+		    ST.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+	    }
+	}
+	if (form.C != null) {
+	    if (C.value != '') {
+		if (doubleQuotes(C.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    C.value = '';
+		    C.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.OU.value == '') && (form.O.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.CN.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+	// DEBUG 
+	//alert(form.subject);
+
+    with (form) {
+		if (email != null) {
+	   		if (E.value == "" && email.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (CN.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+	return true;
+    }
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day ) {
+        alert(fieldName + " is invalid");
+	return null;
+     }
+     else 
+     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (asPattern) { 
+   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+   }
+   else if (value != "")
+   	list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+    with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+    	makeComponent(result,"E",E.value,asPattern);
+    	makeComponent(result,"CN",CN.value,asPattern);
+    	makeComponent(result,"UID",UID.value,asPattern);
+    	makeComponent(result,"OU",OU.value,asPattern);
+    	makeComponent(result,"O",O.value,asPattern);
+   	makeComponent(result,"L",L.value,asPattern);
+    	makeComponent(result,"ST",ST.value,asPattern);
+	makeComponent(result,"C",C.value,asPattern);
+    }
+    if (result.length == 0)
+    	return asPattern ? "0 == 0" : "0 == 1";
+    else 
+        return "subject" + ( asPattern ? " ~= " : " == ") +
+    				escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/funcs.js b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/funcs.js
new file mode 100644
index 000000000..daef83d17
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/funcs.js
@@ -0,0 +1,686 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.eMail != null) {
+	    if (eMail.value != '') {
+		if (doubleQuotes(eMail.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    eMail.value = '';
+		    eMail.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(eMail.value);
+	    }
+	}
+	if (form.commonName != null) {
+	    if (commonName.value != '') {
+		if (doubleQuotes(commonName.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    commonName.value = '';
+		    commonName.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(commonName.value);
+	    }
+        }
+	if (form.userID != null) {
+	    if (userID.value != '') {
+		if (doubleQuotes(userID.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    userID.value = '';
+		    userID.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(userID.value);
+	    }
+        }
+	if (form.orgUnit != null) {
+	    if (orgUnit.value != '') {
+		if (doubleQuotes(orgUnit.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    orgUnit.value = '';
+		    orgUnit.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(orgUnit.value);
+	    }  
+        }
+	if (form.org != null) {
+	    if (org.value != '') {
+		if (doubleQuotes(org.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    org.value = '';
+		    org.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(org.value);
+	    }  
+	}
+	if (form.locality != null) {
+	    if (locality.value != '') {
+		if (doubleQuotes(locality.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    locality.value = '';
+		    locality.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(locality.value);
+	    }
+	}
+	if (form.state != null) {
+	    if (state.value != '') {
+		if (doubleQuotes(state.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    state.value = '';
+		    state.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(state.value);
+	    }
+	}
+	if (form.country != null) {
+	    if (country.value != '') {
+		if (doubleQuotes(country.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    country.value = '';
+		    country.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(country.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.orgUnit.value == '') && (form.org.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.commonName.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+
+    with (form) {
+	if (isEmailCert != null) {
+	   if (eMail.value == "" && isEmailCert.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (commonName.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+        if (csrRequestorName.value == "") {
+            csrRequestorName.value = commonName.value;
+        }
+        if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "") {
+            alert("You must supply a contact phone number or e-mail address.");
+            return false;
+        }
+        return true;
+    }
+}
+
+function isNegative(string) {
+  if (string.charAt(0) == '-')
+     return true;
+  else
+     return false;
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function isDecimalNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length &&
+        legalDigits.indexOf(string.charAt(i)) != -1) {
+        i++;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function isHexNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789abcdefABCDEF";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length - 2 &&
+        string.charAt(i) == '0' &&
+        (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+        legalDigits.indexOf(string.charAt(i+2)) != -1) {
+        i += 3;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function trim(string) {
+    var i, k, newString;
+
+    for (i = 0; i < string.length; i++) {
+        if (string.charAt(i) != ' ' )
+            break;
+    }
+    for (k = string.length - 1; k > i; k--) {
+        if (string.charAt(k) != ' ' )
+            break;
+    }
+    k++;
+
+    if (k > i)
+        newString = string.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day || year == 0) {
+        alert(fieldName + " is invalid");
+        return null;
+     }
+     else 
+     	return date.getTime();
+//     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' || c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+//   if (asPattern) { 
+//   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+//   }
+//   else if (value != "")
+   if (value != "") {
+      list[last] = tag+"="+escapeValueRfc1779(value);
+//   } else if (!asPattern) {
+//      list[last] = tag+"=*";
+   }
+//   alert("asPattern = " + asPattern);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponent(result,"E",eMail.value,asPattern);
+		makeComponent(result,"CN",commonName.value,asPattern);
+		makeComponent(result,"UID",userID.value,asPattern);
+		makeComponent(result,"OU",orgUnit.value,asPattern);
+		makeComponent(result,"O",org.value,asPattern);
+		makeComponent(result,"L",locality.value,asPattern);
+		makeComponent(result,"ST",state.value,asPattern);
+		makeComponent(result,"C",country.value,asPattern);
+	}
+    if (result.length == 0)
+//    	return asPattern ? "0 == 0" : "0 == 1";
+    	return "(x509Cert.subject=*)";
+    else  {
+        return "(x509Cert.subject" + (asPattern ? "~=" : "=") + escapeValue(nsjoin(result,",")) + ")";
+        }
+// escapeValue(result.join(', '));
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (value != "") {
+	if (asPattern) {
+		list[last] = "(x509Cert.subject=*"+tag+"=*"+
+			escapeValueRfc1779(value)+"*)";
+	} else {
+		// exact match (either the end, or appended with ",")
+		list[last] = "(|(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+",*)"
+			+"(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+"))";
+	}
+   }
+}
+
+function computeNameFilter(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponentFilter(result,"E",eMail.value,asPattern);
+		makeComponentFilter(result,"CN",commonName.value,asPattern);
+		makeComponentFilter(result,"UID",userID.value,asPattern);
+		makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+		makeComponentFilter(result,"O",org.value,asPattern);
+		makeComponentFilter(result,"L",locality.value,asPattern);
+		makeComponentFilter(result,"ST",state.value,asPattern);
+		makeComponentFilter(result,"C",country.value,asPattern);
+	}
+	if (result.length == 0) {
+		return "(x509Cert.subject=*)";
+	} else  {
+		if (asPattern) {
+        		return "(|" + nsjoin(result,"") + ")";
+		} else {
+        		return "(&" + nsjoin(result,"") + ")";
+		}
+	}
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+function isHex(string)
+{
+      if (string.charAt(0) == '0' &&
+      (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+        return true;
+      } else {
+        return false;
+      }
+}
+
+function writeError(errorDetails)
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (errorDetails != null) {
+                document.write(errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+              "further information.");
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+  val = "";
+  for (i=0; i<array.length; i++) {
+    val = val + array[i];
+    if (i < (array.length-1)) val = val+str;
+    }
+  return val;
+}
+//-->
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/dgLeftTab.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/dgLeftTab.gif
new file mode 100644
index 000000000..35a76c859
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/dgLeftTab.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/dgRightTab.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/dgRightTab.gif
new file mode 100644
index 000000000..a519bc759
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/dgRightTab.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/favicon.ico b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/favicon.ico
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/goto-tall.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/goto-tall.gif
new file mode 100644
index 000000000..6eea3ef5c
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/goto-tall.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/gray90.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/gray90.gif
new file mode 100644
index 000000000..c6f811102
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/gray90.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/hr.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/hr.gif
new file mode 100644
index 000000000..14f8acf92
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/hr.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/lgLeftTab.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/lgLeftTab.gif
new file mode 100644
index 000000000..a78fbc89d
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/lgLeftTab.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/lgRightTab.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/lgRightTab.gif
new file mode 100644
index 000000000..71852402d
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/lgRightTab.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/logo_header.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/logo_header.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/spacer.gif b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/spacer.gif
new file mode 100644
index 000000000..13acffe53
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/graphics/spacer.gif
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/header.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/header.template
new file mode 100644
index 000000000..4697e78f7
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/header.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>Header</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body onResize=location.reload() bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/ocsp/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td><img src="/ocsp/agent/graphics/spacer.gif" alt="" width="12" height="21"></td>
+<SCRIPT type="text/javascript">
+	for (var i = 0; i < result.recordSet.length; ++i) {
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/ocsp/agent/graphics/lgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#cccccc" nowrap>');
+		} else {
+          		document.write('<td><img src="/ocsp/agent/graphics/dgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#999999" nowrap>');
+		}
+		document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                if (result.recordSet[i].type == "CertificateAuthority") {
+			type = "Certificate Manager";
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			type = "Data Recovery Manager";
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			type = "Online Certificate Status Manager";
+		} else if (result.recordSet[i].type == "RegistrationAuthority") {
+			type = "Registration Manager";
+		}
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<b>' + type + '<\/b>');
+		} else {
+          		document.write('<a href="../' + 
+				result.recordSet[i].id + 
+				'/index.html" target="_top">' + 
+				type + '<\/a>');
+		}
+		document.write('<\/font><\/td>');
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/ocsp/agent/graphics/lgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		} else {
+          		document.write('<td><img src="/ocsp/agent/graphics/dgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		}
+	}
+</SCRIPT>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/helpfun.js b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/helpfun.js
new file mode 100644
index 000000000..14a80bb95
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/helpfun.js
@@ -0,0 +1,35 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+function help(helptopic) { 
+
+     var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500"); 
+
+     HelpWin.location = helptopic;
+     HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+     window.status = helpline;
+
+     return true;
+
+}
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/index.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/index.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/index.template
new file mode 100644
index 000000000..79f6f592e
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/index.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>OCSP Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/ocsp/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	var displayServices = 'true';
+	for (var i = 0; i < result.recordSet.length; ++i) {
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].id + '/index.html');
+		if (result.recordSet[i].type == "RegistrationAuthority") {
+			document.write('">Registration Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "CertificateAuthority") {
+			document.write('">Certificate Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			displayServices = 'false';
+			document.write('">Online Certificate Status Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to check certificate status.');
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			displayServices = 'false';
+			document.write('">Data Recovery Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process key requests, and recover keys.');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+document.write('<tr valign="TOP">'); 
+document.write('<td>&nbsp;</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+if (displayServices== 'true')
+{	
+	document.write('<tr valign="TOP">');
+	document.write('<TD><IMG src="/graphics/goto-tall.gif" width="10" height="15"></TD>');
+	document.write('<TD><FONT face="PrimaSans BT, Verdana, sans-serif">');
+	document.write('<A href="ports">Services Summary</A></FONT></TD>');
+	document.write('</tr>');
+}
+document.write('<TR valign="TOP">');
+document.write('<TD> </TD>');
+document.write('<TD> </TD>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+</SCRIPT>
+
+</table>
+</body>
+</html>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/AddCA.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/AddCA.html
new file mode 100644
index 000000000..79fe51529
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/AddCA.html
@@ -0,0 +1,69 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Add Certificate Authority</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Add Certificate Authority<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to add the certificate chain of a Certificate Authority whose CRL will be accepted by this OCSP Authority.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="/ocsp/agent/ocsp/addCA" METHOD=POST>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td valign="top">
+       <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Base 64 encoded certificate (including header and footer):</font>
+    </td>
+  </tr>
+  <tr> 
+    <td valign="top">
+      <textarea cols="50" rows="20" name="cert"></textarea>
+    </td>
+  </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%" BACKGROUND="/graphics/gray90.gif">
+  <TR>
+    <TD align="right" bgcolor="#e5e5e5">
+      <INPUT TYPE="submit" VALUE="Add" width="72">
+      <!-- &nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif"></font>&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif"></font>&nbsp;&nbsp;&nbsp;
+        <INPUT TYPE="button" VALUE="Help" width="72"
+	    onClick="help('/manual/agent_guide/ocspagt.htm#Identifying a CA to Online Certificate Status Manager')"> -->
+    </TD>
+  </TR>
+</TABLE>
+ 
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/AddCRL.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/AddCRL.html
new file mode 100644
index 000000000..98f4b0771
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/AddCRL.html
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Add Certificate Revocation List</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Add Certificate Revocation List<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to add the certificate revocation list of a Certificate Authority.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="/ocsp/agent/ocsp/addCRL" METHOD=POST>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td valign="top">
+       <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Base 64 encoded Certificate revocation list (including header and footer):</font>
+    </td>
+  </tr>
+  <tr> 
+    <td valign="top">
+      <textarea cols="50" rows="20" name="crl"></textarea>
+    </td>
+  </tr>
+  <tr>
+    <td valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif"></font>
+    </td>
+    <td valign="top">
+    </td>
+  </tr>
+  <tr>
+    <td  valign="top" align="right">
+      <font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br></font>
+    </td>
+    <td></td>
+  </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%" BACKGROUND="/graphics/gray90.gif">
+  <TR>
+    <TD align="right" bgcolor="#e5e5e5">
+      <INPUT TYPE="submit" VALUE="Add" width="72">
+      <!--&nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif"></font>&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif"></font>&nbsp;&nbsp;&nbsp;
+        <INPUT TYPE="button" VALUE="Help" width="72"
+	    onClick="help('/manual/agent_guide/ocspagt.htm#Adding a CRL to Online Certificate Status Manager')"> -->
+    </TD>
+  </TR>
+</TABLE>
+ 
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/CheckCert.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/CheckCert.html
new file mode 100644
index 000000000..6e614c87f
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/CheckCert.html
@@ -0,0 +1,69 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<HEAD>
+<TITLE>Check Certificate Status</TITLE>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+</HEAD>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<font size="+1" face="PrimaSans BT, Verdana, sans-serif">Check Certificate Status<br></font>
+<font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+Use this form to confirm the status of a certificate.</font>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<FORM ACTION="/ocsp/agent/ocsp/checkCert" METHOD=POST>
+
+<table border="0" cellspacing="2" cellpadding="2">
+  <tr> 
+    <td valign="top">
+       <font size="-1" face="PrimaSans BT, Verdana, sans-serif">Base 64 encoded certificate:</font>
+    </td>
+  </tr>
+  <tr> 
+    <td valign="top">
+      <textarea cols="50" rows="20" name="cert"></textarea>
+    </td>
+  </tr>
+</table>
+
+<p>
+<br>
+<TABLE cellpadding="6" cellspacing="0" border="0" width="100%" BACKGROUND="/graphics/gray90.gif">
+  <TR>
+    <TD align="right" bgcolor="#e5e5e5">
+      <INPUT TYPE="submit" VALUE="Check" width="72">
+      <!-- &nbsp;&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif"></font>&nbsp;
+        <font size=-1 face="PrimaSans BT, Verdana, sans-serif"></font>&nbsp;&nbsp;&nbsp;
+        <INPUT TYPE="button" VALUE="Help" width="72"
+	    onClick="help('/manual/agent_guide/ocspagt.htm#Checking the Revocation Status of a Certificate')"> -->
+    </TD>
+  </TR>
+</TABLE>
+ 
+</FORM>
+</BODY>
+
+</HTML>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/addCA.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/addCA.template
new file mode 100644
index 000000000..5d71adca8
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/addCA.template
@@ -0,0 +1,59 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Adding Certificate Authority</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Adding Certificate Authority
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('Certificate authority is added');
+    if (result.header.error != null) {
+        document.write('\nAdditional information:\n    ');
+        document.writeln(result.header.error);
+    }
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/addCRL.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/addCRL.template
new file mode 100644
index 000000000..12f4ce1d3
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/addCRL.template
@@ -0,0 +1,59 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Adding Certificate Revocation List</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Adding Certificate Revocation List
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('Certificate revocation list is added');
+    if (result.header.error != null) {
+        document.write('\nAdditional information:\n    ');
+        document.writeln(result.header.error);
+    }
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/checkCert.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/checkCert.template
new file mode 100644
index 000000000..d00e15c31
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/checkCert.template
@@ -0,0 +1,79 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Check Certificate Status</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Online Certificate Status
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate status summary</font></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr><td align="left" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Status: ' + result.header.status + '</font></td>');
+    document.writeln('</tr>');
+    document.writeln('<tr><td align="left" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Serial Number: ' + result.header.serialno + '</font></td>');
+    document.writeln('</tr>');
+    document.writeln('<tr><td align="left" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Issuer DN: ' + result.header.issuerDN + '</font></td>');
+    document.writeln('</tr>');
+    document.writeln('<tr><td align="left" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Subject DN: ' + result.header.subjectDN + '</font></td>');
+    document.writeln('</tr>');
+
+    document.writeln('</table>');
+    document.writeln('</td></tr></table>');
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameAddCA.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameAddCA.html
new file mode 100644
index 000000000..afb888caf
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameAddCA.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuAddCA.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="addCA.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameAddCRL.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameAddCRL.html
new file mode 100644
index 000000000..28be03545
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameAddCRL.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuAddCRL.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="addCRL.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameCheckCert.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameCheckCert.html
new file mode 100644
index 000000000..21335c8a0
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameCheckCert.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuCheckCert.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="CheckCert.html" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameListCA.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameListCA.html
new file mode 100644
index 000000000..90530fd42
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameListCA.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuListCA.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="/ocsp/agent/ocsp/listCAs" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameOCSP.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameOCSP.html
new file mode 100644
index 000000000..00fad0f36
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameOCSP.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuOCSP.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="/ocsp/agent/ocsp/getOCSPInfo" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameStats.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameStats.html
new file mode 100644
index 000000000..8efa27a78
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/frameStats.html
@@ -0,0 +1,32 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<frameset cols="140,1*" border="0" frameborder="NO">
+  <frame src="menuStats.html" scrolling="NO" noresize frameborder="NO" name="left">
+  <frame src="/getStats" marginwidth="16" marginheight="16" frameborder="NO" noresize name="content">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/getOCSPInfo.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/getOCSPInfo.template
new file mode 100644
index 000000000..8b739b45d
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/getOCSPInfo.template
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+OCSP Service
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Detailed Information (Since Startup)</font></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('OCSP Responses:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.numReq+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Total Signed Response Data (in bytes):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.totalData+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Processing Time (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln((result.header.totalSec-result.header.totalSignSec)+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Signing Time (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.totalSignSec+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Total Time (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.totalSec+'</font></td></tr>');
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Signing Time Per Response (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.numReq == '0') {
+      document.writeln(result.header.numReq+'</font></td></tr>');
+    } else {
+      document.writeln((result.header.totalSignSec/result.header.numReq)+'</font></td></tr>');
+    }
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Total Time Per Response (in ms):</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    if (result.header.numReq == '0') {
+      document.writeln(result.header.numReq+'</font></td></tr>');
+    } else {
+      document.writeln((result.header.totalSec/result.header.numReq)+'</font></td></tr>');
+    }
+    document.writeln('<tr><td align="right" width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('Responses Per Second:</font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln(result.header.ReqSec+'</font></td></tr>');
+    document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/getStats.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/getStats.template
new file mode 100644
index 000000000..a08a6fe60
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/getStats.template
@@ -0,0 +1,141 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Statistics
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('<table border="0" cellspacing="0" cellpadding="0" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Detailed Information (Start Time <b>' + header.startTime + '</b>, Current Time: <b>' + header.curTime + '</b>)</font></td><td align=right><a href="getStats?op=clear">Clear Statistics</a></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr>');
+    document.writeln('<td width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Action</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b># of operations</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Time Taken (in msec)</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Min</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Max</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Std Dev</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Avg</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Percentage</b></font></td>');
+    document.writeln('</tr>');
+    for (var i = 0; i <=  recordCount; i++) {
+      if (result.recordSet[i].name.charAt(0) == '-') {
+        document.writeln('<tr><td>');
+      } else {
+        document.writeln('<tr bgcolor="#cccccc"><td>');
+      }
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].name + '</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].noOfOp+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].timeTaken+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].min+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].max+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].stddev == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].stddev+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].avg))/100);
+      }
+      document.writeln('</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].percentage))/100 + '%');
+      }
+      document.writeln('</font></td>');
+      document.writeln('</tr>');
+    }
+    document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/index.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/index.html
new file mode 100644
index 000000000..cd4ea326a
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/index.html
@@ -0,0 +1,33 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>OCSP Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="shortcut icon" href="/ocsp/agent/graphics/favicon.ico" />
+</head>
+
+<frameset rows="105,1*" frameborder="NO" border="0" cols="*"> 
+  <frame src="/ocsp/agent/header?selected=ocsp" name="top" frameborder="NO" noresize scrolling="NO" marginwidth="0" marginheight="0">
+  <frame src="frameListCA.html" scrolling="NO" noresize frameborder="NO" marginwidth="0" marginheight="0" name="middle">
+</frameset>
+<noframes><body bgcolor="#FFFFFF">
+</body></noframes>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/listCAs.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/listCAs.template
new file mode 100644
index 000000000..6fbf5fd73
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/listCAs.template
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>List Certificate Authorities</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+List Certificate Authorities
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Server Status</font></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr>');
+    document.writeln('<td align="left" width="5%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('&bull;&nbsp;Number of pending updates:' + header.stateCount);
+    document.writeln('</font></td>');
+    document.writeln('</tr>');
+
+    document.writeln('</table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Certificate Authorities</font></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+
+      for(var i = 0; i < result.recordSet.length; ++i ) {
+	    document.writeln('<tr>');
+	    document.writeln('<td align="left"><b>');
+	    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+	    document.writeln(result.recordSet[i].Id);
+	    document.writeln('</font></b></td>');
+	    document.writeln('</tr>');
+	    document.writeln('<tr>');
+	    document.writeln('<td align="left" width="5%">');
+	    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+	    document.writeln('&bull;&nbsp;CRL Number:' + result.recordSet[i].CRLNumber);
+	    document.writeln('</font></td>');
+	    document.writeln('</tr>');
+	    document.writeln('<tr>');
+	    document.writeln('<td align="left" width="5%">');
+	    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+	    document.writeln('&bull;&nbsp;This Update:' + result.recordSet[i].ThisUpdate);
+	    document.writeln('</font></td>');
+	    document.writeln('</tr>');
+	    document.writeln('<tr>');
+	    document.writeln('<td align="left" width="5%">');
+	    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('&bull;&nbsp;Next Update:' + result.recordSet[i].NextUpdate);
+	    document.writeln('</font></td>');
+	    document.writeln('</tr>');
+	    document.writeln('<tr>');
+	    document.writeln('<td align="left" width="5%">');
+	    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('&bull;&nbsp;Number of Revoked Certificates:' + result.recordSet[i].NumRevoked);
+	    document.writeln('</font></td>');
+	    document.writeln('</tr>');
+	    document.writeln('<tr>');
+	    document.writeln('<td align="left" width="5%">');
+	    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('&bull;&nbsp;Requests Served Since Startup:' + result.recordSet[i].ReqCount);
+	    document.writeln('</font></td>');
+	    document.writeln('</tr>');
+	    document.writeln('<tr>');
+       	    document.writeln('<td align="left" width="5%"><b>');
+            document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+            document.writeln('&bull;&nbsp; Remove this CA from the list -');
+            document.writeln('</font></b></td>');
+            document.writeln('</tr>');
+            document.writeln('<tr>');
+            document.writeln('<td align ="left" width="5%">');
+            document.writeln('<button  onClick="removeCertificateAuthority( ' + i  + ')" VALUE="removeca">Remove CA </button>');
+            document.writeln('</td>');
+            document.writeln('</tr>');
+            document.writeln('<tr><td><br></td></tr>');
+      }
+    document.writeln('</table>');
+    document.writeln('</td></tr></table>');
+
+    function removeCertificateAuthority(caIndex)
+    {
+        var id = result.recordSet[caIndex].Id;
+        var url = null;
+        var sure = true;
+
+        if(id)
+           url = "/ocsp/agent/ocsp/removeCA?caID="+id;
+
+        if(url) {
+           if(caIndex == 0)
+              sure = confirm("Are you sure you want to remove the initial CA?\n" + id);
+           if(sure) 
+              document.location=url;    
+        }
+    }
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuAddCA.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuAddCA.html
new file mode 100644
index 000000000..6b4419f78
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuAddCA.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListCA.html" target="middle"><b>List Certificate Authorities</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCA.html" target="middle"><b><font color=black>Add Certificate Authority</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCRL.html" target="middle"><b>Add Certificate Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCheckCert.html" target="middle"><b>Check Certificate Status</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuAddCRL.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuAddCRL.html
new file mode 100644
index 000000000..7da3025e3
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuAddCRL.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListCA.html" target="middle"><b>List Certificate Authorities</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCA.html" target="middle"><b>Add Certificate Authority</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCRL.html" target="middle"><b><font color=black>Add Certificate Revocation List</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCheckCert.html" target="middle"><b>Check Certificate Status</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuCheckCert.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuCheckCert.html
new file mode 100644
index 000000000..2e4773a28
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuCheckCert.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListCA.html" target="middle"><b>List Certificate Authorities</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCA.html" target="middle"><b>Add Certificate Authority</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCRL.html" target="middle"><b>Add Certificate Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCheckCert.html" target="middle"><b><font color=black>Check Certificate Status</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuListCA.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuListCA.html
new file mode 100644
index 000000000..ac99b752a
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuListCA.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="/ocsp/agent/ocsp/listCAs" target="content"><b><font color=black>List Certificate Authorities</font></b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCA.html" target="middle"><b>Add Certificate Authority</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCRL.html" target="middle"><b>Add Certificate Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCheckCert.html" target="middle"><b>Check Certificate Status</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuOCSP.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuOCSP.html
new file mode 100644
index 000000000..b019fe81f
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuOCSP.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListCA.html" target="middle"><b>List Certificate Authorities</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCA.html" target="middle"><b>Add Certificate Authority</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCRL.html" target="middle"><b>Add Certificate Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCheckCert.html" target="middle"><b>Check Certificate Status</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b><font color=black>OCSP Service</font></b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuStats.html b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuStats.html
new file mode 100644
index 000000000..f86dd059e
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/menuStats.html
@@ -0,0 +1,54 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<title>Untitled Document</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#333399">
+  <table border="0" cellspacing="4" cellpadding="4" width="100%">
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameListCA.html" target="middle"><b>List Certificate Authorities</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCA.html" target="middle"><b>Add Certificate Authority</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameAddCRL.html" target="middle"><b>Add Certificate Revocation List</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameCheckCert.html" target="middle"><b>Check Certificate Status</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="#999999"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameOCSP.html" target="middle"><b>OCSP Service</b></a></font></td>
+    </tr>
+    <tr> 
+      <td bgcolor="white"><font size="-1" face="PrimaSans BT, Verdana, sans-serif">
+        <a href="frameStats.html" target="middle"><b><font color=black>Statistics</font></b></a></font></td>
+    </tr>
+  </table>
+</body>
+</html>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/removeCA.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/removeCA.template
new file mode 100755
index 000000000..1b85bba95
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ocsp/removeCA.template
@@ -0,0 +1,65 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Removing Certificate Authority</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Removing Certificate Authority
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('Certificate authority has been removed');
+    setTimeout ( goBackToList, 2000 );
+
+    if (result.header.error != null) {
+        document.write('\nAdditional information:\n    ');
+        document.writeln(result.header.error);
+    }
+
+    function goBackToList() {
+       document.location="/ocsp/agent/ocsp/listCAs";
+    }
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ports.template b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ports.template
new file mode 100644
index 000000000..c4b21fca7
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/agent/ports.template
@@ -0,0 +1,121 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>OCSP Agent Ports</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/ocsp/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Services Summary</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	for (var i = 0; i < result.recordSet.length; ++i) {
+          if (result.recordSet[i].port == -1)
+                  continue;
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/ocsp/agent/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].prefix + "://" +
+			result.header.hostname + ":" +
+			result.recordSet[i].port);
+		if (result.recordSet[i].type == "eeGateway.http.port") {
+			document.write('">End Users Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else if (result.recordSet[i].type == "eeGateway.https.port") {
+			document.write('">SSL End Users Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else if (result.recordSet[i].type == "agentGateway.https.port") {
+			document.write('">Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+</SCRIPT>
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+      </table>
+    </td>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/index.html b/dogtag/ocsp-ui/shared/webapps/ocsp/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/ocsp-ui/shared/webapps/ocsp/services.template b/dogtag/ocsp-ui/shared/webapps/ocsp/services.template
new file mode 100644
index 000000000..74783cd3b
--- /dev/null
+++ b/dogtag/ocsp-ui/shared/webapps/ocsp/services.template
@@ -0,0 +1,106 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>OCSP Services</title>
+    <link rel="shortcut icon" href="img/favicon.ico" />
+    <link rel="stylesheet" href="css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System OCSP Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+for (var i=0; i<result.recordSet.length; ++i) {
+    document.write('<tr valign="TOP">');
+    document.write('<td>');
+    document.write('<td>');
+    document.write('<font size=4 face="PrimaSans BT, Verdana, sans-serif">');
+    document.write('<li><a href="');
+    document.write(result.recordSet[i].prefix + "://" +
+      result.recordSet[i].host + ":" + result.recordSet[i].port + "/"+
+      result.recordSet[i].uri);
+    if (result.recordSet[i].type == "admin") {
+        document.write('">Admin Services</a></font>');
+    } else if (result.recordSet[i].type == "agent") {
+        document.write('">Agent Services</a></font>');
+    } else if (result.recordSet[i].type == "ee") {
+        document.write('">SSL End Users Services</a></font>');
+    }
+
+    document.write('</font></td></tr>');
+}
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</center>
+<div id="footer">
+</div>
+</body>
+</html>
diff --git a/dogtag/ra-ui/CMakeLists.txt b/dogtag/ra-ui/CMakeLists.txt
new file mode 100644
index 000000000..3bdbb46ae
--- /dev/null
+++ b/dogtag/ra-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(ra-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/ra-ui/LICENSE b/dogtag/ra-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/ra-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/ra-ui/build.xml b/dogtag/ra-ui/build.xml
new file mode 100644
index 000000000..512a622f8
--- /dev/null
+++ b/dogtag/ra-ui/build.xml
@@ -0,0 +1,273 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="ra-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./shared"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./shared"
+                        mode="644"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/ra-ui/build_dogtag b/dogtag/ra-ui/build_dogtag
new file mode 100755
index 000000000..f88e9838c
--- /dev/null
+++ b/dogtag/ra-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-ra-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="ra-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/ra-ui/dogtag-pki-ra-ui.spec b/dogtag/ra-ui/dogtag-pki-ra-ui.spec
new file mode 100644
index 000000000..32e9a72a6
--- /dev/null
+++ b/dogtag/ra-ui/dogtag-pki-ra-ui.spec
@@ -0,0 +1,61 @@
+Name:           dogtag-pki-ra-ui
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - Registration Authority User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-ra-ui = %{version}-%{release}
+
+Obsoletes:      pki-ra-ui < %{version}-%{release}
+
+Conflicts:      redhat-pki-ra-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag Registration Authority User Interface contains the graphical
+user interface for the Dogtag Registration Authority.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="ra-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_datadir}/pki/
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
diff --git a/dogtag/ra-ui/shared/docroot/404.html b/dogtag/ra-ui/shared/docroot/404.html
new file mode 100755
index 000000000..ec42699f2
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>RA 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ra/admin/console/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ra/admin/console/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System RA Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/ra-ui/shared/docroot/500.html b/dogtag/ra-ui/shared/docroot/500.html
new file mode 100755
index 000000000..f25ba430a
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>RA 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ra/admin/console/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/ra/admin/console/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System RA Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/ra-ui/shared/docroot/admin/group/add_new.vm b/dogtag/ra-ui/shared/docroot/admin/group/add_new.vm
new file mode 100644
index 000000000..70d0d16ac
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/group/add_new.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Add New Group</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/admin/index.cgi">Administrator Interface</a>
+</font><br>
+<p> 
+#if ($error == 'exist')
+<font color=red>Group already exists</font>
+<p>
+#end
+<center>
+<form name="add_new_form" method=post action="add.cgi">
+<table>
+<tr>
+  <td><b>GID</b></td>
+  <td><input type=text name="gid" value=""></td>
+</tr>
+<tr>
+  <td><b>Name</b></td>
+  <td><input type=text name="name" value=""></td>
+</tr>
+</table>
+</form>
+<a href="#" onclick="document.add_new_form.submit();">Add Group</a>
+</center>
+<p>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/admin/group/index.vm b/dogtag/ra-ui/shared/docroot/admin/group/index.vm
new file mode 100644
index 000000000..6f25e3740
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/group/index.vm
@@ -0,0 +1,81 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Admin</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/admin/index.cgi">Administrator Interface</a>
+</font><br>
+<p> 
+<a href="add_new.cgi">Add New Group</a>
+<p>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>GID</b></td>
+<td><b>Name</b></td>
+</tr>
+#foreach($r in $rows)
+<tr valign="TOP">
+<td><a href="read.cgi?gid=$r.getGID()">$r.getGID()</a></td>
+<td>$r.getName()</td>
+</tr>
+#end
+</table>
+</center>
+<p>
+<a href="index.cgi?sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?sp=$np&mc=$mc">Next</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/admin/group/read.vm b/dogtag/ra-ui/shared/docroot/admin/group/read.vm
new file mode 100644
index 000000000..c780ab09a
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/group/read.vm
@@ -0,0 +1,104 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Groups</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/admin/index.cgi">Administrator Interface</a>
+</font><br>
+<p> 
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+  <td><b>GID</b></td>
+  <td>$gid</td>
+</tr>
+<tr valign="TOP">
+  <td><b>Name</b></td>
+  <td>$name</td>
+</tr>
+</table>
+</center>
+<p>
+<a href="delete.cgi?gid=$gid">Delete This Group</a>
+<p>
+-----------------------------------------------
+<br/>
+<b>Members</b> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+#foreach($r in $members)
+<tr valign="TOP">
+<td><a href="../user/read.cgi?uid=$r.getUID()">$r.getUID()</a> <a href="delete_member.cgi?gid=$gid&uid=$r.getUID()">[Delete]</a></td>
+</tr>
+#end
+</table>
+</center>
+<br/>
+-----------------------------------------------
+<br/>
+#if ($non_member_exists)
+<b>New Member</b> 
+<form name=new_member_form method=post action="add_member.cgi">
+<input type=hidden name=gid value="$gid">
+<select name=uid>
+#foreach ($u in $users)
+  <option value="$u.getUID()">$u.getUID()</option>
+#end
+</select> <a href="#" onclick="document.new_member_form.submit();">Add</a>
+</form>
+#end
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/admin/index.vm b/dogtag/ra-ui/shared/docroot/admin/index.vm
new file mode 100644
index 000000000..b14712e9d
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/index.vm
@@ -0,0 +1,95 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Admin</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+RA Admin Services
+</font><br>
+<p> 
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/admin/user/index.cgi">List Users</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/admin/user/add_new.cgi">Add New User</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/admin/group/index.cgi">List Groups</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/admin/group/add_new.cgi">Add New Group</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/admin/user/add_new.vm b/dogtag/ra-ui/shared/docroot/admin/user/add_new.vm
new file mode 100644
index 000000000..2915c8ff3
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/user/add_new.vm
@@ -0,0 +1,95 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Add New User</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/admin/index.cgi">Administrator Interface</a>
+</font><br>
+<p> 
+#if ($error == 'exist')
+<font color=red>User already exists</font>
+<p>
+#end
+#if ($error == 'cert_header')
+<font color=red>Invalid Certificate header</font>
+<p>
+#end
+<center>
+<form name="add_new_form" method=post action="add.cgi">
+<table>
+<tr>
+  <td><b>UID</b></td>
+  <td><input type=text name="uid" value=""></td>
+</tr>
+<tr>
+  <td><b>Name</b></td>
+  <td><input type=text name="name" value=""></td>
+</tr>
+<tr>
+  <td><b>Email</b></td>
+  <td><input type=text name="email" value=""></td>
+</tr>
+<tr>
+  <td><b>Certificate</b></td>
+  <td><textarea name=certificate></textarea></td>
+</tr>
+</table>
+</form>
+<a href="#" onclick="document.add_new_form.submit();">Add User</a>
+</center>
+<p>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/admin/user/index.vm b/dogtag/ra-ui/shared/docroot/admin/user/index.vm
new file mode 100644
index 000000000..a6ff73721
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/user/index.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Admin</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/admin/index.cgi">Administrator Interface</a>
+</font><br>
+<p> 
+<a href="add_new.cgi">Add New User</a>
+<p>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>UID</b></td>
+<td><b>Name</b></td>
+<td><b>Email</b></td>
+</tr>
+#foreach($r in $rows)
+<tr valign="TOP">
+<td><a href="read.cgi?uid=$r.getUID()">$r.getUID()</a></td>
+<td>$r.getName()</td>
+<td>$r.getEmail()</td>
+</tr>
+#end
+</table>
+</center>
+<p>
+<a href="index.cgi?status=$status&sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?status=$status&sp=$np&mc=$mc">Next</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/admin/user/read.vm b/dogtag/ra-ui/shared/docroot/admin/user/read.vm
new file mode 100644
index 000000000..1fb6358aa
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/admin/user/read.vm
@@ -0,0 +1,88 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Users</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/admin/index.cgi">Administrator Interface</a>
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+  <td><b>UID</b></td>
+  <td>$userid</td>
+</tr>
+<tr valign="TOP">
+  <td><b>Name</b></td>
+  <td>$name</td>
+</tr>
+<tr valign="TOP">
+  <td><b>Email</b></td>
+  <td>$email</td>
+</tr>
+<tr valign="TOP">
+  <td><b>Certificate</b></td>
+  <td>$certificate</td>
+</tr>
+</table>
+</center>
+<p>
+<a href="delete.cgi?uid=$userid">[Delete]</a>
+<p>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/cert/index.vm b/dogtag/ra-ui/shared/docroot/agent/cert/index.vm
new file mode 100644
index 000000000..77c73f69a
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/cert/index.vm
@@ -0,0 +1,86 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Agent</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+<br>List Certificates Approved by: $uid
+</font><br>
+<p> 
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Serial#</b></td>
+<td><b>Request ID</b></td>
+<td><b>Subject DN</b></td>
+<td><b>Approved By</b></td>
+<td><b>Created At</b></td>
+</tr>
+#foreach($r in $rows)
+<tr valign="TOP">
+<td><a href="read.cgi?serialno=$r.getSerialno()">$r.getSerialno()</a></td>
+<td><a href="/agent/request/read.cgi?id=$r.getReqId()">$r.getReqId()</a></td>
+<td>$r.getSubjectDN()</td>
+<td>$r.getApprovedBy()</td>
+<td>$r.getCreatedAt()</td>
+</tr>
+#end
+</table>
+</center>
+<p>
+<a href="index.cgi?sp=$pp&mc=$mc">Previous</a> | <a href="index.cgi?sp=$np&mc=$mc">Next</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/cert/read.vm b/dogtag/ra-ui/shared/docroot/agent/cert/read.vm
new file mode 100644
index 000000000..f315dd7b0
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/cert/read.vm
@@ -0,0 +1,96 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Certificates</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+<br>Certificate Information
+</font><br>
+<p> 
+</font>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Serial Number</b></td>
+<td><a href="read.cgi?serialno=$serialno">$serialno</a></td>
+</tr>
+<tr valign="TOP">
+<td><b>Subject DN</b></td>
+<td>$subject_dn</td>
+</tr>
+<tr valign="TOP">
+<td><b>Certificate</b></td>
+<td>$certificate</td>
+</tr>
+<tr valign="TOP">
+<td><b>Approved By</b></td>
+<td>$approved_by</td>
+</tr>
+<tr valign="TOP">
+<td><b>Created At</b></td>
+<td>$created_at</td>
+</tr>
+<tr valign="TOP">
+<td><b>Revocation Status</b></td>
+<td>$certStatus</td>
+</tr>
+</table>
+</center>
+<br/>
+<a href="/agent/cert/revoke.cgi?rid=$rid&serialno=$serialno&subject_dn=$subject_dn">Revoke</a>
+<br/>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/cert/revoke.vm b/dogtag/ra-ui/shared/docroot/agent/cert/revoke.vm
new file mode 100644
index 000000000..14358b485
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/cert/revoke.vm
@@ -0,0 +1,111 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Certificate Revocation</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+<br>Revoking Certificate: 
+</font><br>
+<p> 
+</font>
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Serial Number:</b></td>
+<td>$serialno</td>
+</tr>
+<tr valign="TOP">
+<td><b>Subject DN:</b></td>
+<td>$subject_dn</td>
+</tr>
+</table>
+<br>
+<b>Select A Reason:</b>
+</br>
+<table>
+<form name=reason_form method=post action=submit.cgi>
+<input type=hidden name=serialno value="$serialno">
+<input type=hidden name=subject_dn value="$subject_dn">
+<input type=hidden name=rid value="$rid">
+<tr>
+<td><input checked type=radio name="reason" value="0">Unspecified</td>
+</tr>
+<tr>
+<td><input type=radio name="reason" value="1">Key compromised</td>
+</tr>
+<tr>
+<td><input type=radio name="reason" value="2">CA key compromised</td>
+</tr>
+<tr>
+<td><input type=radio name="reason" value="3">Affiliation changed</td>
+</tr>
+<tr>
+<td><input type=radio name="reason" value="4">Certificate superseded</td>
+</tr>
+<tr>
+<td><input type=radio name="reason" value="5">Cessation of operation</td>
+</tr>
+<tr>
+<td><input type=radio name="reason" value="6">Certificate is on hold</td>
+</tr>
+</form>
+</table>
+</center>
+<br/>
+<a href="#" onclick="document.reason_form.submit();">Submit</a>
+<br/>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/cert/submit.vm b/dogtag/ra-ui/shared/docroot/agent/cert/submit.vm
new file mode 100644
index 000000000..6e7b90e2a
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/cert/submit.vm
@@ -0,0 +1,91 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Certificate Revocation Submission</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+<br>Revocation of Certificate: 
+</font><br>
+<p> 
+</font>
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Serial Number:</b></td>
+<td>$serialno</td>
+</tr>
+<tr valign="TOP">
+<td><b>Subject DN:</b></td>
+<td>$subject_dn</td>
+</tr>
+<tr>
+<td><b>Result:</b></td>
+#if ($errorString == "0")
+<td>Revoked</td>
+#else
+<td>Failed: $errorString</td>
+#end
+</tr>
+<tr>
+<td><b>Request ID:</b></td>
+<td><a href="/agent/request/read.cgi?id=$rid">$rid</a></td>
+</tr>
+</table>
+<br>
+</center>
+<br/>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/error.vm b/dogtag/ra-ui/shared/docroot/agent/error.vm
new file mode 100644
index 000000000..9dd0f28ad
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/error.vm
@@ -0,0 +1,72 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Agent Error!</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Agent Interface
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+You are not authorized to access the requested page.
+<br>
+#if ($has_error)
+  Error: $error
+#end
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/index.vm b/dogtag/ra-ui/shared/docroot/agent/index.vm
new file mode 100644
index 000000000..dd6b19fae
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/index.vm
@@ -0,0 +1,81 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Agent</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+RA Agent Services
+</font><br>
+<p> 
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/agent/request/index.cgi">List Requests</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/agent/cert/index.cgi">List Certificates</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/request/index.vm b/dogtag/ra-ui/shared/docroot/agent/request/index.vm
new file mode 100644
index 000000000..5785718b3
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/request/index.vm
@@ -0,0 +1,95 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Agent</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+</font><br>
+<p> 
+<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a> | <a href="index.cgi?status=ERROR">FAILED</a>
+<p>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Id</b></td>
+<td><b>Type</b></td>
+<td><b>Status</b></td>
+<td><b>Assigned To</b></td>
+<td><b>Created By</b></td>
+<td><b>Created At</b></td>
+<td><b>Error</b></td>
+</tr>
+#foreach($r in $rows)
+<tr valign="TOP">
+<td><a href="read.cgi?id=$r.getId()">$r.getId()</a></td>
+<td>$r.getType()</td>
+<td>$r.getStatus()</td>
+<td>$r.getAssignedTo()</td>
+<td>$r.getCreatedBy()</td>
+<td>$r.getCreatedAt()</td>
+<td>$r.getError()</td>
+</tr>
+#end
+</table>
+</center>
+<p>
+Total: $total
+<br/>
+<br/>
+<a href="index.cgi?status=$status&sp=$pp&mc=$mc">Previous</a> | 
+<a href="index.cgi?status=$status&sp=$np&mc=$mc">Next</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/request/op.vm b/dogtag/ra-ui/shared/docroot/agent/request/op.vm
new file mode 100644
index 000000000..2d8963634
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/request/op.vm
@@ -0,0 +1,127 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Certificate Request Operations</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+</font><br>
+<p> 
+<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a> | <a href="index.cgi?status=ERROR">FAILED</a>
+<p>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Request Id</b></td>
+<td><a href="read.cgi?id=$id">$id</a></td>
+</tr>
+<tr valign="TOP">
+<td><b>Type</b></td>
+<td>$type</td>
+</tr>
+<tr valign="TOP">
+<td><b>Data</b></td>
+<td>$data</td>
+</tr>
+<tr valign="TOP">
+<td><b>Output</b></td>
+<td>$output</td>
+</tr>
+<tr valign="TOP">
+<td><b>Serial Number</b></td>
+<td>$serialno</td>
+</tr>
+<tr valign="TOP">
+<td><b>Status</b></td>
+<td>$status</td>
+</tr>
+<tr valign="TOP">
+<td><b>Error</b></td>
+<td>$errorString</td>
+</tr>
+<tr valign="TOP">
+<td><b>Assigned To</b></td>
+<td>$assigned_to</td>
+</tr>
+<tr valign="TOP">
+<td><b>Created By</b></td>
+<td>$created_by</td>
+</tr>
+<tr valign="TOP">
+<td><b>Updated At</b></td>
+<td>$updated_at</td>
+</tr>
+<tr valign="TOP">
+<td><b>Processed By</b></td>
+<td>$processed_by</td>
+</tr>
+<tr valign="TOP">
+<td><b>Created At</b></td>
+<td>$created_at</td>
+</tr>
+<tr valign="TOP">
+<td><b>IP</b></td>
+<td>$ip</td>
+</tr>
+<tr valign="TOP">
+<td><b>Note</b></td>
+<td>$note</td>
+</tr>
+</table>
+</center>
+
+<br/>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/agent/request/read.vm b/dogtag/ra-ui/shared/docroot/agent/request/read.vm
new file mode 100644
index 000000000..dd5879ae3
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/agent/request/read.vm
@@ -0,0 +1,149 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Certificate Requests</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+UID: $uid
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/agent/index.cgi">Agent Interface</a>
+</font><br>
+<p> 
+<a href="index.cgi">All</a> | <a href="index.cgi?status=OPEN">OPEN</a> | <a href="index.cgi?status=APPROVED">APPROVED</a> | <a href="index.cgi?status=REJECTED">REJECTED</a>| <a href="index.cgi?status=ERROR">FAILED</a>
+<p>
+<center>
+<table border="1" cellspacing="1" cellpadding="1">
+<tr valign="TOP">
+<td><b>Request Id</b></td>
+<td><a href="read.cgi?id=$id">$id</a></td>
+</tr>
+<tr valign="TOP">
+<td><b>Type</b></td>
+<td>$type</td>
+</tr>
+<tr valign="TOP">
+<td><b>Data</b></td>
+<td>$data</td>
+</tr>
+<tr valign="TOP">
+<td><b>Output</b></td>
+<td>$output</td>
+</tr>
+<tr valign="TOP">
+<td><b>Serial Number</b></td>
+#if ($serialno == "unavailable")
+<td>$serialno</td>
+#else
+<td><a href="/agent/cert/read.cgi?serialno=$serialno">$serialno</a></td>
+#end
+</tr>
+<tr valign="TOP">
+<td><b>Subject DN</b></td>
+<td>$subject_dn</td>
+</tr>
+<tr valign="TOP">
+<td><b>Meta Info</b></td>
+<td>$meta_info</td>
+</tr>
+<tr valign="TOP">
+<td><b>Status</b></td>
+<td>$status</td>
+</tr>
+<tr valign="TOP">
+<td><b>Error</b></td>
+<td>$errorString</td>
+</tr>
+<tr valign="TOP">
+<td><b>Assigned To</b></td>
+<td>$assigned_to</td>
+</tr>
+<tr valign="TOP">
+<td><b>Created By</b></td>
+<td>$created_by</td>
+</tr>
+<tr valign="TOP">
+<td><b>Updated At</b></td>
+<td>$updated_at</td>
+</tr>
+<tr valign="TOP">
+<td><b>Processed By</b></td>
+<td>$processed_by</td>
+</tr>
+<tr valign="TOP">
+<td><b>Created At</b></td>
+<td>$created_at</td>
+</tr>
+<tr valign="TOP">
+<td><b>IP</b></td>
+<td>$ip</td>
+</tr>
+<tr valign="TOP">
+<td><b>Note</b></td>
+<td>$note</td>
+</tr>
+</table>
+</center>
+<br/>
+#if ($is_open || $is_error)
+<a href="op.cgi?type=approve&id=$id">Approve</a> | <a href="op.cgi?type=reject&id=$id">Reject</a> 
+<br/>
+<br/>
+#end
+<form name=note_form method=post action=add_note.cgi>
+<input type=hidden name=id value="$id">
+<textarea name=note>
+</textarea>
+</form>
+<a href="#" onclick="document.note_form.submit();">Add Note</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/css/pki-360.css b/dogtag/ra-ui/shared/docroot/css/pki-360.css
new file mode 100644
index 000000000..bdcd7ed3b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/css/pki-360.css
@@ -0,0 +1,941 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+/* 
+color scheme:
+
+light gray:  #e6e6e6
+medium gray:
+dark gray:
+
+link blue: #06c
+
+red: #900
+
+*/
+
+
+/* This establishes background pattern and centering of content area as well
+as font-styles for the site */
+body {
+	margin: 0;
+	padding: 0;
+	color: #333;
+	text-align: center;
+	background: #fff url(/img/bkgrnd_greydots.png) repeat;
+	font-family: "Luxi Sans", "Bitstream Vera Sans", "Lucida Grande", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	}
+	
+td, th { /* for ie55  */
+    font-size: x-small;      
+    /* false value for WinIE4/5 */
+    voice-family: "\"}\"";   
+    /* trick WinIE4/5 into thinking rule is over */
+    voice-family: inherit;   
+    /* recover from trick */
+    font-size: small;
+    /* intended value for better browsers */
+	}
+	
+img {
+	border: 0;
+	}
+	
+a {
+	text-decoration: none;
+	}
+	
+a:link {
+	color: #06c;
+	}
+	
+a:visited {
+	color: #06c;
+	}
+
+/* This is the container for the content that is centered */
+#wrap {
+	margin: 0 20px 10px 20px;
+	padding: 10px 15px;
+	text-align: left;
+	background: #fff;
+/*
+	min-width: 900px;
+*/
+	}
+
+/* The following styles establish the header, top nav bar and systems and
+search areas */	
+#header {
+	height: 31px;	/* changed height added bottom margin  */
+	margin-top: 10px;
+	margin-bottom: 20px;
+	}
+	
+#headertitle {
+	height: 31px;          /* same as header */
+	margin-top: 10px;      /* same as header */
+	margin-right: 100px;   /* "myLogo" margin-left + "logo_header.gif" */
+	margin-bottom: 20px;   /* same as header */
+	font-size: large;
+	font-weight: bold;
+	}
+
+#headerpaddedtitle {
+	height: 31px;          /* same as header */
+	margin-top: 10px;      /* same as header */
+	margin-bottom: 20px;   /* same as header */
+	font-size: large;
+	font-weight: bold;
+	padding-left: 115px;   /* "myLogo" margin-left +
+	                          "logo_header.gif" + 15px */
+	}
+
+img#myLogo {
+	float: left;
+	margin-left: 15px;
+	}
+	
+img#pkiLogo {
+	float: left;
+	}
+	
+#account {
+	float: right;
+	width: 450px;
+	margin-right: 15px;
+	padding-top: 7px;	/* removed margin-bottom, added padding-top  */
+	}
+	
+#account dl {
+	float: right;
+	padding: 0;
+	margin: 0;
+	}
+	
+#account dt {
+	float: left;
+	width: 66px;
+	height: 1.1em;
+	background: url(/img/account_loggedin.gif) 100% 100% no-repeat;
+	}
+	
+#account dd {	/* note changes to dl, dt and dd   */
+	float: left;
+	margin-left: 10px;
+	}
+	
+#account p {
+	float: right;
+	margin: 0 0 0 30px;
+	padding: 0;
+	}
+	
+#account p a {
+	width: 56px;
+	height: 1.1em;
+	background: url(/img/account_signout.gif) 100% 100% no-repeat;
+	display: block;
+	}
+	
+#account span {
+	display: none;
+	}
+
+#bar {
+	margin-bottom: 10px; 
+	background-color: #e6e6e6
+	}
+	
+#bar:after {
+    content: "."; 
+    display: block;
+    height: 0px;	/* took out negative margin and set height to 0  */
+    overflow: hidden;
+    clear: both; 
+    visibility: hidden;
+    }
+
+    /* Holly Hack Targets IE Win only \*/
+    * html #bar {height: 1%;}
+    /* End Holly Hack */
+	
+#systembar {
+	float: right;
+	width: 34%;
+	background: #e6e6e6 url(/img/greybar_tr.gif) 100% 0 no-repeat;
+	}
+	
+#systembarinner {
+	background: url(/img/greybar_br.gif) 100% 100% no-repeat;
+	height: 2.8em;
+	/* text-align: center; */
+	text-align: right;
+	padding-right: 10px;
+	}
+	
+#systembarinner div {
+	color: #000;
+	font-variant: small-caps;
+	padding-top: 5px;
+	}
+	
+#searchbar {
+	float: left;
+	width: 66%;
+	background: #e6e6e6 url(/img/greybar_tl.gif) 0 0 no-repeat;
+	}
+	
+#searchbarinner {
+	padding-left: 10px;
+	background: url(/img/greybar_bl.gif) 0 100% no-repeat;
+	height: 2.8em;
+	/*
+	text-align: left;
+	text-align: center;
+	*/
+	text-align: right;
+
+	}
+	
+#systembarinner form,
+#searchbarinner form {
+	margin: 0;
+	padding-top: 5px;	/* changed to padding-top: 5px  */
+	/*text-align: center;*/
+	}
+/* end header */
+	
+/* The following styles establish the new side nav bar */
+#sidenav {	/* for ie55  */
+	width: 132px;
+	background-color: #999;
+	background-image: url(/img/corner_sidenav_top.gif);
+	background-position: top right;
+	background-repeat: no-repeat;
+	font-family: "Luxi Sans", verdana, arial, sans-serif;	
+	font-size: xx-small;
+    /* false value for WinIE4/5 */
+    voice-family: "\"}\"";   
+    /* trick WinIE4/5 into thinking rule is over */
+    voice-family: inherit;   
+    /* recover from trick */
+    font-size:  x-small;
+    /* intended value for better browsers */
+	font-weight: bold;
+	}
+
+	
+#sidenav ul {
+	background-image: url(/img/corner_sidenav_bottom.gif);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	list-style: none;
+	padding: 10px 0 10px 0;
+	margin: 0;
+	}
+	
+#sidenav ul ul {
+	background: none;
+	/* background-color: #c1c1c1; */
+	background-color: #ccc;
+	margin: 0;
+	padding: 0;
+	border-top: 1px solid #999;
+	}
+	
+#sidenav ul li {
+	border-bottom: 1px solid #a7a7a7;
+	margin: 0;
+	}
+	
+#sidenav ul li:last-child {
+	border-bottom: 1px solid #999;
+	}
+
+#sidenav ul li.sidenav-selected {
+	/*
+	background: #8a8a8a;
+	background: #7b7b7b;
+	*/
+	background: #6c6c6c;
+	/* border-top: 1px solid #999; */
+	}
+
+#sidenav ul li.sidenav-selected span {
+	display: none;
+	}
+	
+#sidenav ul li a {
+	display: block;
+	color: white;
+	text-decoration: none;
+	padding: 3px 5px 3px 15px;
+	margin: 0;
+	}
+	
+#sidenav ul ul li.sidenav-selected {
+	background: #6c6c6c;
+	/* background: #7b7b7b;
+	background: #8a8a8a;
+	*/
+	}
+
+	
+#sidenav ul ul li:last-child {
+	border-bottom: none;
+	}
+	
+#sidenav ul ul li a {
+	padding-left: 30px;
+	color: #555;
+	}
+
+#sidenav ul ul li.sidenav-selected a {
+	padding-left: 30px;
+	color: white;
+	}
+
+
+#content {
+	clear: both;
+	}
+
+/* The following styles establish the legend boxes in the left sidebar */
+.sideleg {
+	width: 132px;
+	background: url(/img/sidelegend_top.gif) 0 0 no-repeat;
+	padding-top: 9px;
+	margin-top: 1em;
+	}
+	
+	
+.sideleg h2 {
+	font-size: x-small;
+	color: #666;
+	border: 1px solid #acacac;
+	border-top: none;
+	padding: 0 0 3px 15px;
+	margin: 0;
+	}
+	
+.sideleg ul {
+	padding: 0 0 9px 0 ;
+	margin: 0;
+	list-style: none;
+	background: url(/img/sidelegend_bottom.gif) 0 100% no-repeat;
+	}
+	
+.sideleg ul li {
+	padding: 12px 0 6px 15px;
+	font-size: x-small;
+	color: #666;
+	border-left: 1px solid #acacac;
+	border-right: 1px solid #acacac; /* removed clear:left  */
+	}
+	
+.sideleg ul li img {
+	float: left;
+	padding-right: 3px;
+	margin-top: -3px;
+	}
+	
+h1 {
+	margin-top: 0;
+	}
+	
+/* existing PKI STYLES - modded - these need to be inserted carefully */
+
+.sidebar {
+	padding-right: 15px;
+    vertical-align: top;
+}
+
+table.iso_dl {
+    border-collapse: collapse;
+}    
+
+table.iso_dl td {
+    padding: 4px;
+}
+
+table.iso_dl th {
+    color: #999;
+    background-color: #eee;
+    border:  1px solid #999;
+    padding: 6px 3px;
+    text-align: right;
+}
+
+table.iso_dl th.first {
+    text-align: left;
+}
+
+th {
+	padding: 4px 6px;
+	color: #fff;
+   /* background-color: #b4b19a; */
+	text-align: left;
+	font-size: small;
+}
+
+
+/* -- YOUR PKI stuff -- */
+table.half-table {
+	background: #b4b19a url(/img/table_corner_tr.gif) 100% 0 no-repeat;
+	padding: 0px;
+	margin: 0px;
+	}
+
+.half-table td {
+	background-color: #fff;
+}	
+
+table.your-pki table.half-table td { 
+  padding: 2px 8px;
+}
+
+table.your-pki table.full-table td { 
+  padding-left: 4px;
+  padding-right: 4px;
+  padding-top: 4px;
+}
+
+table.half-table thead th:first-child { 
+	background: url(/img/table_corner_tl.gif) top left no-repeat;
+	}
+
+
+
+
+/* -- General list stuff -- */
+table.list {
+	font-size: 10px;
+	background: #b4b19a url(/img/table_corner_tr.gif) top right no-repeat;
+	border-bottom: 1px solid #b4b19a;
+}
+
+/* Holly Hack Targets IE Win only \*/
+    * html table.list, * html table.half-table {background-image: none;}
+    /* End Holly Hack */
+
+
+
+table.list thead th:first-child {
+	background: url(/img/table_corner_tl.gif) top left no-repeat;
+	}
+
+table.list-pagination {
+	font-size: smaller;
+}
+
+
+td.first-column {
+	border-left: 1px solid #b4b19a;
+}
+
+td.last-column  {
+	border-right: 1px solid #b4b19a;
+}
+
+td.only-column  {
+	border-right: 1px solid #b4b19a;
+	border-left: 1px solid #b4b19a;
+}
+
+
+.list-checkbox {
+	text-align: center;
+	border-left: 1px solid #b4b19a;
+}
+
+.list-checkbox-header {
+	text-align: center;
+}
+
+.list th a {
+	display: inline;
+	}
+
+.list a:hover {
+	text-decoration: underline;
+}
+
+/* list row classes */
+.list-row-even td{
+	background-color: #F1EBDC;
+}
+.list-row-odd td {
+        background-color: #ffffff;
+}
+.list-row-summary {
+	text-align: right;
+	font-weight: bold;
+	border: 1px solid #ccc;
+	background-color: #eee;
+}
+.list-row-even td, .list-row-odd td, .list-row-summary td {
+	padding: 4px 8px;
+}
+
+.list-horiz-separator hr {
+	border: 0;
+	border-bottom: 1px solid #ccc;
+	padding: 0px;
+}
+
+
+/* default class def for row color toggling */
+.list-row-even-selected {
+        background-color: #dde5ff;
+}
+.list-row-odd-selected {
+        background-color: #dde5ff;
+}
+
+.list-row-odd-selected td, .list-row-even-selected td {
+	border-bottom: 1px solid #ccc;
+	padding: 4px 8px;
+}
+
+/* special column classes */
+th + th {
+	border-left: 0;
+}
+a[name]:hover {
+	color: inherit;
+}
+
+
+
+
+/* --- TABLE TREE VIEW --- */
+tr.table-tree-even td, tr.table-tree-odd td {
+   padding: 10px 15px;
+}
+tr.table-tree-even img,
+tr.table-tree-odd img {
+   margin-left: 4px;
+}
+tr.table-tree-odd {
+   background-color: #F1EBDC;
+}
+tr.table-tree-even {
+   background-color: #fff;
+}
+                                                                                                                                                             
+/* padding for parent+child channels  */
+tr.table-tree-even + tr.table-tree-even td,
+tr.table-tree-odd + tr.table-tree-odd td {
+   padding-top: 0;
+}
+
+
+
+
+/* signin page stuff start */
+#footer {
+        /*
+	border-top: 2px dotted #ccc;
+	padding: 2em 4em 2em 4em;
+	*/
+	padding: 1em;
+	margin: 1em 4em 1em 4em;
+	text-align: center;
+	font-size: 10px;
+	color: #aaa;
+
+	margin-left: auto;
+	margin-right: auto;
+        margin-top: 64px;
+}
+
+h1#pki_welcome {
+	background-image: url(/img/pki_welcome.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	padding-bottom: 5px;
+	height: 20px;
+	}
+	
+h1#pki_welcome2 {
+	background-image: url(/img/pki_welcome2.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	height: 37px;
+	}
+	
+h1#pki_welcome3 {
+	background-image: url(/img/pki_welcome3.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	height: 40px;
+	}
+	
+h1#pki_welcome span {
+	display: none;
+	}
+	
+h1#pki_welcome2 span {
+	display: none;
+	}
+	
+h1#pki_welcome3 span {
+	display: none;
+	}
+	
+ul.linkage {
+	list-style: none;
+	padding: 8px;
+	margin: 0px;
+	}
+	
+ul.linkage li{
+	background-image: url(/img/bullet_arrowblue.png);
+	background-repeat: no-repeat;
+	background-position: 0 .4em;
+	padding-left: 10px;
+	margin: .4em 0;
+	}
+
+#contentLeft {
+	float: left;
+	margin-top: 20px;
+}
+
+#contentRight {
+	margin: 0 15px 0 295px;
+}
+
+ /**** following styles define the CLEAR BOX W/ROUNDED CORNERS */
+ 
+ .clearBox {
+ 	width: 279px;
+ 	background: url(/img/corner_halflinebox_top.png) top right no-repeat;
+ 	}
+ 	
+ .clearBox {
+ 	padding-top: 7px;
+ 	margin-bottom: 15px;
+ 	}
+ 	
+ .clearBoxInner {
+ 	background: url(/img/corner_halflinebox_bottom.png) bottom left no-repeat;
+ 	}
+ 	
+ .clearBoxInner {
+ 	width: 100%;
+ 	padding-bottom: 7px;
+ 	}
+ 	
+ .clearBoxBody {
+ 	padding: 5px 14px;
+ 	border-left: 1px solid #b4b4b4;
+ 	border-right: 1px solid #b4b4b4;
+ 	}
+ 	
+ .clearBoxBody h2 {
+ 	font-size: small;
+ 	}
+ 	
+div.formrow {
+  	padding: 5px 0;
+  	font-size: x-small;
+  	}
+  	
+div.formrow:after {
+    content: "."; 
+    display: block; 
+    height: 0;
+    overflow: hidden;
+    clear: right; 
+    visibility: hidden;
+    }
+
+    /* Holly Hack Targets IE Win only \*/
+    * html .formrow {height: 1%;}
+    /* End Holly Hack */
+
+div.formrow span.label {
+	float: left;
+	width: 110px;
+	text-align: right;
+	font-weight: bold;
+	padding: .5em 0;
+	}
+
+div.formrow span.formfield {
+	float: right;
+	width: 130px;
+	text-align: left;
+	}
+	
+p#intro {
+	font-size: 1.3em;
+	line-height: 1.2em;
+	color: #000;
+	}
+	
+p.endnote {
+	font-size: smaller;
+	margin-top: 3em;
+	padding-top: 10px;
+	line-height: 1.5em;
+	border-top: 1px solid #333;
+	}
+
+
+/* CONTENT-NAV - begin */
+	
+.content-nav {
+	margin: 0;
+	padding: 0;
+}
+
+.content-nav a:visited {
+    color: #06c;
+}
+		
+.content-nav ul {
+	list-style-type: none;
+	margin: 0;
+	padding: 0;
+	font-size: 10px;
+      	font-family: "Luxi Sans", verdana, arial, sans-serif;
+	}
+		
+.content-nav:after,
+.content-nav ul:after {
+	content: "."; 
+	display: block;
+	height: 1px;
+	margin-top: -1px;
+	overflow: hidden;
+	clear: both; 
+	visibility: hidden;
+	}
+
+/* Holly Hack Targets IE Win only */
+* html .content-nav {height: 1%;}
+* html .content-nav ul {height: 1%;}
+/* End Holly Hack */
+		
+ul.content-nav-rowone,
+ul.content-nav-rowthree {
+	margin-left: 10px;
+	}
+		
+ul.content-nav-rowone {
+	border-bottom: 3px solid #e6e6e6;
+	margin-bottom: -3px;
+	}
+		
+/* Holly Hack Targets IE Win only \*/
+* html ul.content-nav-rowone {margin-right: 8px;}
+* html ul.content-nav-rowone {margin-bottom: -2px;}
+/* End Holly Hack */
+		
+ul.content-nav-rowone li, ul.content-nav-rowthree li {
+	float: left;
+	}
+	
+ul.content-nav-rowone li a, ul.content-nav-rowthree li a {
+	display: block;
+	padding: 4px 8px;
+	}
+		
+ul.content-nav-rowtwo {
+	background: url(/img/contentnav_rowtwo_b.gif) bottom left no-repeat;
+	padding-bottom: 6px;
+	margin-right: 8px;
+	}
+		
+ul.content-nav-rowtwo li {
+	display: inline;
+	padding-left: 18px;
+	}
+		
+a.content-nav-selected-link {
+	color: #000;
+	font-weight: bold;
+	}
+		
+ul.content-nav-rowone li.content-nav-selected {
+	background: url(/img/contentnav_tabr.gif) top right no-repeat;
+	}
+		
+ul.content-nav-rowone a.content-nav-selected-link {
+	background: url(/img/contentnav_tabl.gif) top left no-repeat;
+	}
+		
+ul.content-nav-rowthree li.content-nav-selected {
+	background: url(/img/contentnav_tabr.gif) bottom right no-repeat;
+	}
+		
+ul.content-nav-rowthree a.content-nav-selected-link {
+	background: url(/img/contentnav_tabl.gif) bottom left no-repeat;
+	}
+		
+div.contentnav-row2 {
+	background: #e6e6e6 url(/img/contentnav_rowtwo_t.gif) top left no-repeat;
+	padding: 0px;
+	clear: left;
+	}
+		
+div.contentnav-row2 div.top {
+	background: url(/img/contentnav_rowtwo_t.gif) top right no-repeat;
+	margin-left: 8px;
+	height: 6px;
+	font-size: 0;
+	}
+		
+div.contentnav-row2 div.bottom {
+	background: url(/img/contentnav_rowtwo_b.gif) bottom right no-repeat;
+	}
+		
+/* CONTENTNAV - end */
+
+
+
+
+/************************************************************** MAIN NAVIGATION */
+	
+#mainNavOuter {
+	width: 100%;
+	background-image: url(/img/corner_mainnav_bottom_chopped.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	background-color: #4f52b5;
+	}
+	
+#mainNav {
+	width: 100%;
+	font-weight: bold;
+	font-family: "Luxi Sans", verdana, helvetica, arial, sans-serif;
+	font-size: x-small;
+	}
+	
+	
+/* float clear hack that has been hacked for Moz 1.5x and below */
+#mainNavOuter:after {
+    content: "."; 
+    display: block; 
+    height: 1px;
+    margin-top: -1px;
+    overflow: hidden;
+    clear: both; 
+    visibility: hidden;
+    }
+    /* Holly Hack Targets IE Win only \*/
+    * html .mainNavOuter {height: 1%;}
+    /* End Holly Hack */
+    
+    
+#mainNavInner {
+	width: 100%;
+	height: 7px;
+	background-image: url(/img/corner_mainnav_top_chopped.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul {
+	padding: 0;
+	margin: 0;
+	list-style-type: none;
+	background-image: url(/img/corner_mainnav_tl.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li {
+	background: #b70000;
+	display: block;
+	float: left;
+	padding: 0;
+	margin: 0;
+	}
+	
+#mainNav li#mainFirst-active,
+#mainNav li#main-active,
+#mainNav li#mainLast-active {
+	background-color: #000080;
+	}
+	
+
+/* special casing for left-most top tab */
+#mainNav ul li a.mainFirstLink {
+	background-image: url(/img/corner_mainnav_tl.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainFirst-active a.mainFirstLink {
+	background-image: url(/img/corner_mainnav_tl_hi.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li#mainFirst {
+	background-image: url(/img/corner_mainnav_bl.png);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainFirst-active {
+	background-image: url(/img/corner_mainnav_bl_hi.png);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	}
+
+/* special casing for right-most top tab */	
+#mainNav ul li a.mainLastLink {
+	background-image: url(/img/corner_mainnav_tr.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainLast-active a.mainLastLink {
+	background-image: url(/img/corner_mainnav_tr_hi.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li#mainLast {
+	background-image: url(/img/corner_mainnav_br.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainLast-active {
+	background-image: url(/img/corner_mainnav_br_hi.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li a {
+	display: block;
+	float: left;
+	text-decoration: none;
+	color: #fff;
+	padding: 5px 15px;
+	font-size: 11px;
+	text-decoration: none !important;
+	}
+
diff --git a/dogtag/ra-ui/shared/docroot/css/pki-base.css b/dogtag/ra-ui/shared/docroot/css/pki-base.css
new file mode 100644
index 000000000..1892b75dc
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/css/pki-base.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+@import url("pki.css");
+@import url("pki-360.css");
+
+/* The following styles are for ALL browsers, including Netscape
+   Navigator 4.x.  Put more detailed CSS in pki.css. */
+
+
+/* from rob byers */
+
+/* This establishes background pattern and centering of content area as well
+as font-styles for the site */
+body {
+	margin: 0;
+	padding: 0;
+	color: #333;
+	text-align: center;
+	font-family: "Luxi Sans", "Bitstream Vera Sans", "Lucida Grande", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size: small;
+	}
+	
+img {
+	border: 0;
+	}
+
+#broken-browser-warning { 
+        text-align: center;
+}
+
+.sidebar {
+	padding: 10px 0 0 0;	/* changed padding parameters */
+	/*border-right: 1px solid #ccc;*/
+        vertical-align: top;
+}
+.sidebar-title {
+	color: #999;
+	font-size: 10px;
+	text-align: center;
+	border-bottom: 1px solid #ccc;
+}
+.sidebar-links {
+	font-size: 10px;
+	margin: 0;
+	padding: 0 0 0 15pt;
+	color: #999;
+}
+.sidebar-title + .sidebar-links {
+	margin-top: -0.5em;
+}
+
+.sidebar-info {
+  padding: 4px 4px;
+}
+.sidebar-info h2 {
+  padding-left: 10px;
+  margin: 4px;
+}
+.legend-row {
+  padding: 0px 2px;
+  white-space: nowrap;
+}
+.legend-row img {
+  vertical-align: middle;
+  margin: 3px 4px;
+  padding: 0;
+}
+
+.tab-row img {
+        vertical-align: bottom;
+}
+
+.bar-undertabs div {
+	background: #900 url("/img/tab-bar.gif") repeat-x bottom;
+        height: 11px;
+        font-size: 1px;
+        margin: 0;
+        padding: 0;
+}
+.bar-status form { 
+        margin: 0;
+}
+
+.bar-status {
+	background-color: #ddd;
+	font-size: 10px;
+	padding: 5px;
+	margin: 0;
+	border: 1px solid #ccc;
+	border-top: none;
+	/*
+	text-align: left;
+	*/
+}
+
+#footer {
+        /*
+	border-top: 2px dotted #ccc;
+	padding: 2em 4em 2em 4em;
+	*/
+	padding: 1em;
+	margin: 1em 4em 1em 4em;
+	text-align: center;
+	font-size: 10px;
+	color: #aaa;
+
+	margin-left: auto;
+	margin-right: auto;
+        margin-top: 64px;
+}
+
+ul#help-url-list ul {
+
+}
+ul#help-url-list li {
+  list-style: none;
+  padding-top: 10px;
+  padding-bottom: 10px;
+}
+
+ul#help-url-list li a {
+  font-weight: bold;
+}
+
+ul#faq-list { 
+  padding-left: 2px;
+  margin-left: 0;
+}
+
+#faq-list li { 
+  list-style: none;
+  margin-left: 10px;
+  margin-top: 10px;
+  margin-bottom: 10px;
+}
+
+#faq-list a {
+}
+
+#faq-details { 
+  margin-left: 1em;
+}
+
+#faq-details a.faq-back-to-top { 
+  float: right;
+}
+
+#faq-details p + h3 { 
+  padding-top: 2em;
+}
+
+div.login-component { 
+  text-align: center;
+}
+
+div.login-box { 
+  border: 1px solid #999;
+  text-align: right;
+  padding: 12px 10px;
+  margin: 4px;
+  background-color: #eee;
+  width: 210px;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+div.login-box form { 
+  margin: 0;
+}
+
+div.login-box div.input-row { 
+  font-weight: bold;
+  font-size: 10px;
+  white-space: nowrap;
+}
+
+div.login-box div.input-row input { 
+  font-weight: normal;
+  vertical-align: middle;
+}
+
+div.filter-input { 
+}
+div.filter-input input { 
+  vertical-align: middle;
+  font-size: 10px;
+}
+
+/*
+ Devel environment only.
+
+b, i, u, font, center, .fixme, blockquote { 
+  background-color: #eaa;
+  text-decoration: line-through;
+}
+*/
diff --git a/dogtag/ra-ui/shared/docroot/css/pki.css b/dogtag/ra-ui/shared/docroot/css/pki.css
new file mode 100644
index 000000000..8149eccf4
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/css/pki.css
@@ -0,0 +1,742 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+/* This file is for more detailed compliance (basically any browser
+"better" than NN 4.x */
+
+#broken-browser-warning { 
+  display: none;
+}
+
+
+table.namespaces {
+	font-size: 10px;
+	border: 1px solid #999;
+}
+
+table.list-pagination {
+	font-size: 10px;
+}
+
+.list-empty-message {
+  margin: 0 2%;
+  cursor: text;
+  font-weight:  bold;
+}
+.list-filterbox {
+	font-size: 10px;
+}
+.list-alphabar {
+	text-align: right;
+	font-size: 12px;
+        white-space: nowrap;
+}
+.list-alphabar a {
+        padding: 0px 2px;
+}
+.list-alphabar-enabled {
+        padding: 0px 2px;
+}
+.list-alphabar-disabled {
+        padding: 0px 2px;
+	color:  #aaa;
+        cursor: default;
+}
+.list-box {
+	border: 1px solid #ccc;
+}
+.list-data-number {
+	text-align: right;
+}
+
+
+/* sample reddish toggle class def... */
+.remove-even-selected {
+	background-color: #fcc;
+}
+.remove-odd-selected {
+        background-color: #fcc;
+}
+.remove-even-selected td, .remove-odd-selected td {
+	border-bottom: 1px solid #aaa;
+	padding: 4px;
+}
+
+
+/* sample greenish toggle class def... */
+.green-even-selected {
+	background-color: #e5ffdd;
+}
+.green-odd-selected {
+        background-color: #e5ffdd;
+}
+.green-even-selected td, .green-odd-selected td {
+	border-bottom: 1px solid #ccc;
+	padding: 4px;
+}
+
+
+
+.list-navbuttons {
+	white-space: nowrap;
+}
+.list-infotext {
+	white-space: nowrap;
+	color: #777;
+}
+.list-channel a {
+}
+.list-channel ul {
+	padding: 0;
+	margin: 0;
+}
+.list-channel li {
+	list-style: none;
+}
+.list-channel li + li {
+	padding-top: 0;
+}
+.list-channel li + li li {
+	padding-top: 0;
+}
+.list-channel li li {
+	list-style-image: url("/img/branch.gif");
+	margin-left: 2.5em;
+}
+
+
+
+
+
+
+
+
+
+.invisible-buttons input {
+	font-size: 10px;
+}
+a:hover, .invisible-buttons input:hover {
+	color: #f00;
+}
+
+:visited {
+	color: #3850a9;
+}
+:link {
+	color: #2843c9;
+}
+a { 
+	text-decoration: none;
+}
+a:hover {
+	text-decoration: underline !important;
+}
+a[name] {
+	text-decoration: inherit;
+}
+a[name]:hover {
+	text-decoration: none !important;
+}
+
+.tab-row td {
+	background: #fff url("/img/tab-bar-top.gif") repeat-x bottom;
+}
+
+hr {
+	border: 0;
+	border-bottom: 1px dashed #ccc;
+	padding: 0.5em;
+}
+
+.site-info {
+        border: 2px solid #002244;
+        background-color: #225580;
+        color: white;
+
+        padding: 0.5em;
+        margin-bottom: 0.5em;
+        margin-top: 2px;
+        font-size: 14px;
+        text-align: center;
+}
+
+.site-info a:link {
+        color: #99ddff;
+        font-weight: bold;
+}
+
+.site-info a:visited {
+        color: #99ddff;
+        font-weight: bold;
+}
+
+.site-alert {
+        border: 3px solid #d00;
+	background-color: #924;
+        color: white;
+
+        padding: 0.4em;
+        margin-bottom: 0.5em;
+        margin-top: 2px;
+	text-align: left;
+}
+.local-info {
+        color: #7782aa;
+
+	text-align: left;
+        font-size: 14px;
+}
+.local-alert {
+        color: #d00;
+    padding-top:7px;
+    padding-left:4px;
+	text-align: left;
+        font-size: 14px;
+}
+
+.bar-search {
+	font-size: 10px;
+	text-align: center;
+}
+.bar-logged-out {
+	font-weight: bold;
+	font-size: 10px;
+	text-align: center;
+}
+.bar-login {
+	font-weight: bold;
+	text-align: left;
+}
+.bar-ssm {
+	font-size: 10px;
+	text-align:  right;
+}
+
+button {
+	padding: 2px 5px 2px 5px;
+}
+button:hover {
+	background-color: #eee;
+}
+button:active {
+	padding: 3px 6px 1px 4px;
+}
+a.help-title { 
+  vertical-align: top;
+}
+
+a.help-title img {
+  border: 0;
+  padding: 0;
+  margin: 0;
+  vertical-align: top;
+
+  /* Mozilla and IE extensions */
+  opacity: 0.75;
+}
+a.help-title:hover img {
+  /* Mozilla and IE extensions */
+  opacity: 1.0;
+}
+
+a[name]:hover {
+	color: inherit;
+}
+
+h1, div.toolbar-h1 {
+  margin-top: 0;
+  margin-bottom: 0.5em;
+  font-size: 20px;
+}
+
+h1 img, div.toolbar-h1 img { 
+  vertical-align: middle;
+  padding-top: 2px;
+  padding-bottom: 4px;
+}
+
+h1 a.help-title img, div.toolbar-h1 a.help-title img { 
+  margin: 0;
+  padding: 0;
+  vertical-align: top;
+}
+
+div.toolbar-h1, div.toolbar-h2 { 
+  font-weight: bold;
+  padding: 4px 0;
+}
+
+h2, div.toolbar-h2  {
+  font-size: 1.0em;
+  color: #999;
+  border-bottom: 2px solid #ccc;
+}
+h2 img, div.toolbar-h2 img { 
+  vertical-align: middle;
+}
+h2 a { 
+}
+
+
+h3 {
+  font-size: 1.0em;
+}
+
+.form-center {
+	text-align: center;
+}
+select, input, textarea {
+	font-family: sans-serif;
+	font-size: 100%;
+}
+.indent {
+	margin-left: 1em;
+}
+.iso-md5 {
+	font-family: monospace;
+	text-align: right;
+}
+
+.list-iso th {
+	border-width: 0 0 1px 0;
+}
+.list-iso th + th {
+	border-left: 1px solid #ccc;
+}
+.list-iso td.seperated {
+        border-top: 1px solid #ccc;
+        font-weight: bold;
+}
+.list-iso {
+	font-size: 10px;
+	border: 1px solid #999;
+	padding: 1px;
+}
+.list-iso-item {
+	margin-left: 1em;
+}
+.list-iso-item {
+	color: #555;
+}
+.list-iso-item + .list-iso-item {
+	margin-top: 0.05em;
+}
+.list-iso p + p {
+}
+.a-to-z-bar {
+
+}
+.linkchain {
+	text-align: center;
+	font-size: 12px;
+	color: #555;
+        white-space: nowrap;
+}
+.linkchain a {
+	font-weight: bold;
+}
+.preference {
+	margin: 0 30px 0 30px;
+	text-align: left;
+	font-size: 0.9em;
+	font-weight: bold;
+	color: #444;
+}
+
+
+.schedule-action-interface th {
+	background-color: #fff;
+	padding: 2px;
+	border: none;
+	color: black;
+	text-align: left;
+}
+
+div.toolbar {
+	vertical-align: middle;
+	font-weight: normal;
+	font-size: 12px;
+	color: #999;
+        float: right;
+        margin-top: 9px;
+        white-space: nowrap;
+}
+.toolbar img {
+	border: none;
+	padding: 0 2px 1px 2px;
+	vertical-align: middle;
+}
+.toolbar a {
+	padding: 0 2px;
+	text-decoration: none;
+}
+
+div.up-arrow {
+	vertical-align: middle;
+	font-weight: normal;
+	font-size: 12px;
+	color: #999;
+        float: left;
+        margin: 0 2%;
+        white-space: nowrap;
+}
+.up-arrow img {
+	border: none;
+	padding: 0 2px 4px 2px;
+	vertical-align: middle;
+}
+.up-arrow a {
+	padding: 0 2px;
+	text-decoration: none;
+}
+
+
+.ok-explanation img {
+	border: none;
+	vertical-align: middle;
+	padding: 2px 0 4px 0;
+}
+
+
+.resubscribe-warning img {
+	border: none;
+	vertical-align: middle;
+	padding: 2px 0 4px 0;
+}
+
+.resubscribe-warning-big {
+	margin: 0 2%;
+	cursor: text;
+	color:  #c00;
+}
+.resubscribe-warning-big img {
+	border: none;
+	padding: 0 4px 0 0;
+	vertical-align: middle;
+	float: left;
+}
+
+.required-form-field {
+	font-weight: bold;
+	color:  #c00;
+}
+.ssm-overview th {
+	background-color: #fff;
+	border: none;
+	text-align: center;
+	padding: 6px;
+}
+
+
+table.namespace-control {
+  padding:  4px;
+}
+
+.namespace-control tr {
+	vertical-align:  middle;
+}
+
+.namespace-control td {
+	padding: 4px;
+}
+
+.namespace-control-buttons td {
+	padding:  4px;
+	vertical-align:  middle;
+}
+
+table.details-2-columns {
+	padding: 4px;
+	border: none;
+}
+
+table.details { 
+  margin: 0 2%;
+}
+.details th {
+	padding: 8px;
+        padding-left: 16px;
+	border: none;
+	color: #444;
+	text-align: right;
+	vertical-align: top;
+        border: 1px solid #ddd;
+        border:none;
+        background-color: #eee;
+        -moz-border-radius-topleft: 15px;
+        -moz-border-radius-bottomleft: 15px;
+}
+
+.details th.required-form-field { 
+  border-right: 4px solid #c77;
+}
+
+.details td {
+	vertical-align: top;
+	padding: 4px;
+        padding-left: 2px;
+        padding: 8px;
+        border-bottom: 0;
+}
+
+.details th + td {
+	border-bottom: 1px solid #ddd;
+}
+
+.details td div {
+	text-align: left;
+        margin-bottom: 10px;
+        white-space: nowrap;
+}
+
+.details td table td {
+        margin: 0;
+        padding: 0;
+	border: 0;
+}
+
+.details td table {
+}
+
+table.details td.small-form textarea {
+        font-size: 10px;
+        font-family: monospace;
+}
+
+.details-header {
+	font-weight: bold;
+	color: #444;
+	font-family: helvetica;
+}
+
+.system-status {
+	text-align: center;
+}
+.system-status img {
+	vertical-align: middle;
+	padding-top: 0px;
+	padding-bottom: 2px;
+}
+.system-update-critical {
+	font-weight: bold;
+	color: #900;
+}
+
+.system-status-critical-updates {
+	font-weight: bold;
+	color: #c00;
+}
+.system-status-updates {
+	font-weight: bold;
+	color: #d80;
+}
+.system-status-bugfixes {
+	font-weight: bold;
+	color: #337;
+}
+.system-status-enhancements {
+	font-weight: bold;
+	color: #595;
+}
+.system-status-updates-scheduled {
+	font-weight: bold;
+}
+.system-status-up-to-date {
+	font-weight: bold;
+	color: #68d;
+}
+.system-status-unentitled {
+	font-weight: bold;
+	color: #333;
+}
+.system-status-awol {
+	font-weight: bold;
+	color: #f63;
+}
+
+.system-status-locked {
+	font-weight: bold;
+	color: #f63;
+}
+
+.system-status-kickstart {
+	font-weight: bold;
+	color: #f90;
+}
+
+osa-offline {
+    font-weight: bold;
+     color: #900;
+}
+
+.osa-online {
+    font-weight: bold;
+    color: #68d;
+}
+
+.probe-status-critical {
+        font-weight: bold;
+        color: #c00;
+}
+
+.probe-status-unknown {
+        font-weight: bold;
+        color: #f63;
+}
+
+.work-with-group-header {
+	text-align:  right;
+}
+.work-with-group-header img {
+	border: none;
+}
+
+td.comparison {
+	padding: 10px;
+}
+
+.summary-row {
+	background-color: #f5f5f5;
+}
+
+.feedback-email { 
+  font-weight: bold;
+  color: #900;
+}
+
+.schedule-action-interface { 
+  color: black;
+}
+
+#navlogo { 
+  border: 0;
+  margin: 4px 13px;
+  position: absolute;
+  top: 5px;
+}
+#navtabs {
+  position: absolute;
+  left: 166px;  
+  top: 35px;
+  display: block;
+}
+#navhelp { 
+  position: absolute;
+  right: 10px;
+  top: 15px;
+  border: 0;
+  padding: 15px;
+  padding-top: 0px;
+}
+
+
+.action-summary-errata, .action-summary-package, .action-summary-config { 
+  padding-top: 10px;
+}
+
+.action-summary-errata ul, .action-summary-package ul, .action-summary-config ul { 
+  margin: 0;
+  list-style: none;
+}
+
+div.page-summary {
+  margin: 0 2%;
+  cursor: text;
+}
+
+div.page-summary a { 
+  text-decoration: underline;
+  cursor: pointer
+}
+
+div.marketing-summary {
+  margin: 0 2%;
+  cursor: text;
+}
+
+div.marketing-summary a { 
+  text-decoration: underline;
+  font-weight: bold;
+  cursor: pointer
+}
+
+.search-choices form { 
+  margin: 0;
+  padding: 0;
+}
+.search-choices { 
+  margin-top: 20px;
+}
+
+.search-choices-group { 
+  margin-left: 40px;
+}
+
+.debug-profile { 
+  background-color: #eee;
+  border: 1px solid #ccc;
+  margin: 20px 40px;
+  padding: 8px;
+}
+
+div.buy-now { 
+  text-align: left;	
+  padding-top: 16px;
+}
+
+div.buy-now img { 
+  border: 0;
+}
+
+span.no-details {
+  font-style: italic;
+  color: #777;
+}  
+
+.page-content {
+	padding: 6px 10px 6px 16px;
+        vertical-align: top;
+		width: 100%;
+}
+
+div.pki-embedded-help { 
+  padding: 6px 20px 6px 20px;
+}
+
+.pki-embedded-help-NAVHEADER th { 
+  margin-top: 0;
+  padding-bottom: 1em;
+  font-size: 20px;
+  border: 0;
+  background-color: #fff;
+  color: black;
+  text-align: left;
+}
+
+.pki-embedded-help-NAVHEADER td { 
+  padding: 0 2em;
+}
+
+.pki-embedded-help-TOC { 
+  padding: 0 4em;
+}
+
+code.line-of-code {
+  white-space: nowrap
+}
diff --git a/dogtag/ra-ui/shared/docroot/ee/agent/enroll.vm b/dogtag/ra-ui/shared/docroot/ee/agent/enroll.vm
new file mode 100644
index 000000000..a8dacbfbe
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/agent/enroll.vm
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Agent Certificate Enrollment</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br />
+Enroll Interface
+</font><br>
+<p> 
+<b>Your Certificate:</b>
+<br/>
+<b>Subject DN:</b> $subject_dn
+<br/>
+<pre>
+-----BEGIN CERTIFICATE-----
+$cert
+-----END CERTIFICATE-----
+</pre>
+<a href="/ee/request/importcert.cgi?id=$rid">import certificate</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/agent/index.vm b/dogtag/ra-ui/shared/docroot/ee/agent/index.vm
new file mode 100644
index 000000000..003ce2ca2
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/agent/index.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br />
+</font><br>
+<p> 
+For RA agent enrollment, an agent must submit a pin creation request first before performing certificate enrollment.
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="new.cgi">Pin Creation Request</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="start.cgi">Certificate Enrollment</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/agent/new.vm b/dogtag/ra-ui/shared/docroot/ee/agent/new.vm
new file mode 100644
index 000000000..3cbf754b0
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/agent/new.vm
@@ -0,0 +1,88 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Agent Certificate Request</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br />
+Agent Interface
+</font><br>
+<p> 
+This form is for new agent to request for agent certificate.
+<p> 
+<center>
+<form method=post action="submit.cgi">
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>UID:</td>
+  <td><input type=text name=uid value="" ></td>
+</tr>
+<tr>
+  <td>Your Email:</td>
+  <td><input type=text name=email value=""></td>
+</tr>
+<tr>
+  <td>&nbsp;</td>
+  <td>&nbsp;</td>
+</tr>
+<tr>
+  <td><input type=submit name=Submit value="Submit"></td>
+  <td></td>
+</tr>
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/agent/start.vm b/dogtag/ra-ui/shared/docroot/ee/agent/start.vm
new file mode 100644
index 000000000..32adbb57f
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/agent/start.vm
@@ -0,0 +1,114 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Agent Certificate Request Using a One-Time Pin</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function validate()
+{
+    with (document.forms[0]) {
+        crmfObject = crypto.generateCRMFRequest(
+                "CN=x",
+                "regToken", "authenticator",
+                null,
+                "setCRMFRequest();",
+                1024, null, "rsa-dual-use");
+        return false;
+    }
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+          csr.value = crmfObject.request;
+          submit();
+    }
+}
+
+</SCRIPT>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br />
+Agent Interface
+</font><br>
+<p> 
+This form is for new RA agent to request a certificate.
+<p> 
+<center>
+<form onSubmit="return validate();" method=post action="enroll.cgi">
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>UID:</td>
+  <td><input type=text name=uid value="" ></td>
+</tr>
+<tr>
+  <td>One-Time Pin:</td>
+  <td><input type=text name=pin value=""></td>
+</tr>
+<tr>
+  <td>&nbsp;</td>
+  <td>&nbsp;</td>
+</tr>
+<tr>
+  <td><input type=submit name=Submit value="Submit"></td>
+  <td></td>
+</tr>
+</table>
+<input type=hidden name="csr" value="">
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/agent/submit.vm b/dogtag/ra-ui/shared/docroot/ee/agent/submit.vm
new file mode 100644
index 000000000..3bbdf9ad0
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/agent/submit.vm
@@ -0,0 +1,73 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Agent Certificate Request Submission</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/agent/index.cgi">Agent Enrollment</a><br />
+</font><br>
+<p> 
+Your request has been successfully submitted.
+<p> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Request ID:</td>
+  <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/error.vm b/dogtag/ra-ui/shared/docroot/ee/error.vm
new file mode 100644
index 000000000..1ca3a37ed
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/error.vm
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity Error!</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+EE Interface
+</font><br>
+<p> 
+<center>
+Request process error
+<br>
+#if ($has_error)
+  Error: $error
+#end
+
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/index.vm b/dogtag/ra-ui/shared/docroot/ee/index.vm
new file mode 100644
index 000000000..c63d186c5
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/index.vm
@@ -0,0 +1,102 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+RA EE Services
+</font><br>
+<p> 
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/ee/scep/index.cgi">SCEP Enrollment</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/ee/server/index.cgi">Server Enrollment</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/ee/user/index.cgi">User Enrollment</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/ee/agent/index.cgi">Agent Enrollment</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="/ee/request/index.cgi">Request Status Check</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/request/getcert.vm b/dogtag/ra-ui/shared/docroot/ee/request/getcert.vm
new file mode 100644
index 000000000..44d5bd6b9
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/request/getcert.vm
@@ -0,0 +1,72 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Import Certificate</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a>
+<br/>
+Certificate Import
+</font><br>
+<p> 
+<p> 
+<b>Serial Number:</b>$serialno<br>
+<b>Subject DN:</b>$subject_dn<br><br>
+<b>Base64 Encoding:</b><br>
+  <pre>$output</pre>
+<b>Import Certificate (click on the following link to import):</b><br>
+<a href="importcert.cgi?id=$id">import certificate</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/request/index.vm b/dogtag/ra-ui/shared/docroot/ee/request/index.vm
new file mode 100644
index 000000000..003b0c8c3
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/request/index.vm
@@ -0,0 +1,67 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status</a><br />
+</font><br>
+<p> 
+<form name=form method=post action="status.cgi">
+Request Id: <input type=text name=id value="">
+</form>
+<a href="#" onclick="document.form.submit();">Check</a>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/request/status.vm b/dogtag/ra-ui/shared/docroot/ee/request/status.vm
new file mode 100644
index 000000000..0b76168ea
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/request/status.vm
@@ -0,0 +1,91 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Certificate Request Status</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/request/index.cgi">Request Status Check</a>
+<br/>
+Request Status
+</font><br>
+<p> 
+<p> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%><b>Request ID:</b></td>
+  <td><a href="status.cgi?id=$id">$id</a></td>
+</tr>
+<tr>
+  <td width=20%><b>Status:</b></td>
+  <td>$status</td>
+</tr>
+<tr>
+  <td width=20%><b>Error Message:</b></td>
+  <td>$errorString</td>
+</tr>
+#if ($status == "APPROVED")
+#if ($serialno != "unavailable")
+<tr>
+  <td width=20%><b>Import Certificate:</b></td>
+  <td><a href="getcert.cgi?id=$id">$id</td>
+</tr>
+#end
+#end
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/scep/enroll.vm b/dogtag/ra-ui/shared/docroot/ee/scep/enroll.vm
new file mode 100644
index 000000000..0864f0aba
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/scep/enroll.vm
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Enrollment</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Installer Interface
+</font><br>
+<p> 
+This form is for router installer to retrieve the requested certificate.
+<p> 
+  <b>Your Certificate:</b>
+<br/>
+<pre>
+-----BEGIN CERTIFICATE-----
+$cert
+-----END CERTIFICATE-----
+</pre>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/scep/index.vm b/dogtag/ra-ui/shared/docroot/ee/scep/index.vm
new file mode 100644
index 000000000..5c5b0db1a
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/scep/index.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+</font><br>
+<p> 
+In the SCEP enrollment, a manager must firstly submit a one-time pin creation request to the RA. RA Agent will then approve and generate an one-time pin. The pin will be returned to the manager who will give the pin to a local router installer. The router installer visits the enrollment form where certificate request, one time pin and other necessary information are submitted. The system will issue the certificate immediately.
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="manager.cgi">Request Submission - Manager</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="installer.cgi">SCEP Enrollment - Installer</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/scep/installer.vm b/dogtag/ra-ui/shared/docroot/ee/scep/installer.vm
new file mode 100644
index 000000000..567544495
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/scep/installer.vm
@@ -0,0 +1,73 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Request Using a One-Time Pin</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Installer Interface
+</font><br>
+<p> 
+This form is for router installer to request a certificate with the given one time pin.
+<p> 
+<center>
+The SCEP enrollment URL for the router is:
+<br/>
+<br/>
+http://$machine:$port/ee/scep/pkiclient.cgi
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/scep/manager.vm b/dogtag/ra-ui/shared/docroot/ee/scep/manager.vm
new file mode 100644
index 000000000..a9b0717bb
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/scep/manager.vm
@@ -0,0 +1,123 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Manager Request for a One-Time Pin</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function validate()
+{
+    var c = document.enrollment.client_id.value;
+    if (c == '') {
+      alert("client id is empty");
+      return false;
+    }
+    var s = document.enrollment.site_id.value;
+    if (s == '') {
+      alert("site id is empty");
+      return false;
+    }
+    var e = document.enrollment.email.value;
+    if (e == '') {
+      alert("email is empty");
+      return false;
+    }
+}
+
+</SCRIPT>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Manager Interface
+</font><br>
+<p> 
+This form is for manager to request for a one time pin so that router installer can request for a certificate.
+<p> 
+<script language=javascript>
+<!--
+ if (navigator.appName == "Microsoft Internet Explorer") {
+   document.writeln('<form name="enrollment" method=post action="submit.cgi">');  } else {
+   document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">');   }
+-->
+</script>
+
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Client ID:</td>
+  <td><input type=text name=client_id value="" ></td>
+</tr>
+<tr>
+  <td>Site ID (IP Address):</td>
+  <td><input type=text name=site_id value=""></td>
+</tr>
+<tr>
+  <td>Your Email:</td>
+  <td><input type=text name=email value=""></td>
+</tr>
+<tr>
+  <td>&nbsp;</td>
+  <td>&nbsp;</td>
+</tr>
+<tr>
+  <td><input type=submit name=Submit value="Submit"></td>
+  <td></td>
+</tr>
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/scep/submit.vm b/dogtag/ra-ui/shared/docroot/ee/scep/submit.vm
new file mode 100644
index 000000000..41a186a49
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/scep/submit.vm
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>SCEP Router Request Submission</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/scep/index.cgi">SCEP Enrollment</a><br />
+Manager Interface
+</font><br>
+<p> 
+Your request has been successfully submitted.
+<p> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Request ID:</td>
+  <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td>
+</tr>
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/server/admin.vm b/dogtag/ra-ui/shared/docroot/ee/server/admin.vm
new file mode 100644
index 000000000..7307aaf50
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/server/admin.vm
@@ -0,0 +1,132 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Server Certificate Request</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+<SCRIPT LANGUAGE="JavaScript">
+
+function validate()
+{
+    var x = document.enrollment.server_id.value;
+    if (x == '') {
+      alert("server id is empty");
+      return false;
+    }
+    var s = document.enrollment.site_id.value;
+    if (s == '') {
+      alert("site id is empty");
+      return false;
+    }
+    var e = document.enrollment.email.value;
+    if (e == '') {
+      alert("email is empty");
+      return false;
+    }
+    var c = document.enrollment.csr.value;
+    if (c == '') {
+      alert("csr is empty");
+      return false;
+    }
+}
+</SCRIPT>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/server/index.cgi">Server Enrollment</a><br />
+Server Administrator Interface
+</font><br>
+<p> 
+This form is for server administrator to request for a server certificate.
+<p> 
+
+<script language=javascript>
+<!--
+ if (navigator.appName == "Microsoft Internet Explorer") { 
+   document.writeln('<form name="enrollment" method=post action="submit.cgi">');
+  } else {
+   document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">');
+  }
+-->
+</script>
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Server ID:</td>
+  <td><input type=text name=server_id value="" ></td>
+</tr>
+<tr>
+  <td>Site ID:</td>
+  <td><input type=text name=site_id value=""></td>
+</tr>
+<tr>
+  <td>Your Email:</td>
+  <td><input type=text name=email value=""></td>
+</tr>
+<tr>
+  <td>CSR:</td>
+  <td><textarea cols=40 rows=5 name=csr></textarea></td>
+</tr>
+<tr>
+  <td>&nbsp;</td>
+  <td>&nbsp;</td>
+</tr>
+<tr>
+  <td><input type=submit name=Submit value="Submit"></td>
+  <td></td>
+</tr>
+</table>
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/server/index.vm b/dogtag/ra-ui/shared/docroot/ee/server/index.vm
new file mode 100644
index 000000000..7d3ca76d5
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/server/index.vm
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/server/index.cgi">Server Enrollment</a><br />
+</font><br>
+<p> 
+Server Administrator must use the following form to submit a request which will later be approved by a RA agent. Upon approval, the administrator will be notified by email and the server certificate can be retrieved.
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="admin.cgi">Request Submission - Administrator</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/server/submit.vm b/dogtag/ra-ui/shared/docroot/ee/server/submit.vm
new file mode 100644
index 000000000..2afb4b891
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/server/submit.vm
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>Server Certificate Request Submission</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/server/index.cgi">Server Enrollment</a><br />
+Server Administrator Interface
+</font><br>
+<p> 
+Your request has been successfully submitted.
+<p> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Request ID:</td>
+  <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</a></td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/user/index.vm b/dogtag/ra-ui/shared/docroot/ee/user/index.vm
new file mode 100644
index 000000000..0a6766f1b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/user/index.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA End-Entity</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> : <a href="/ee/user/index.cgi">User Enrollment</a><br />
+</font><br>
+<p> 
+For user enrollment, user must access the following forms with appropriate client (i.e. browser) where key pair will be generated.
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="user.cgi">Request Submission - User</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="renewal.cgi">Renewal - User</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/user/renew.vm b/dogtag/ra-ui/shared/docroot/ee/user/renew.vm
new file mode 100644
index 000000000..e8b0c90fc
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/user/renew.vm
@@ -0,0 +1,86 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>User Certificate Renewal Notification</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="https://$host:$port/ee/index.cgi">RA Services</a> :
+<a href="https://$host:$port/ee/user/index.cgi">User Enrollment</a><br />
+Renewal Interface
+</font><br>
+<p> 
+Your certificate has been successfully renewed.
+<p> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Request ID:</td>
+  <td><a href="https://$host:$port/ee/request/status.cgi?id=$request_id">$request_id</a></td>
+<tr valign="TOP">
+<td><b>Data</b></td>
+<td>$data</td>
+</tr>
+<tr valign="TOP">
+<td><b>Output</b></td>
+<td>$output</td>
+</tr>
+<tr valign="TOP">
+<td><b>Serial Number</b></td>
+<td>$serialno</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/user/renewal.vm b/dogtag/ra-ui/shared/docroot/ee/user/renewal.vm
new file mode 100644
index 000000000..592468445
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/user/renewal.vm
@@ -0,0 +1,73 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>User Certificate Renewal</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/user/index.cgi">User Enrollment</a><br />
+User Renewal Interface
+</font><br>
+<p> 
+This form is for end user to renew his/her certificates.<br>
+At popup, please select the user certificate to renew.
+<p> 
+<center>
+<form method=post action=$url>
+<input type=submit name=Submit value="Renewal">
+</form>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/user/submit.vm b/dogtag/ra-ui/shared/docroot/ee/user/submit.vm
new file mode 100644
index 000000000..02edb6d58
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/user/submit.vm
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>User Certificate Request Submission</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/user/index.cgi">User Enrollment</a><br />
+Manager Interface
+</font><br>
+<p> 
+Your request has been successfully submitted.
+<p> 
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td width=20%>Request ID:</td>
+  <td><a href="/ee/request/status.cgi?id=$request_id">$request_id</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ee/user/user.vm b/dogtag/ra-ui/shared/docroot/ee/user/user.vm
new file mode 100644
index 000000000..2da3d3606
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ee/user/user.vm
@@ -0,0 +1,435 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; either version 2 of the License, or
+     (at your option) any later version.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<OBJECT
+        classid="clsid:127698e4-e730-4e5c-a2b1-21490a70c8a1"
+        CODEBASE="/ee/xenroll.dll"
+        id="Enroll">
+</OBJECT>
+
+<OBJECT id='g_objClassFactory' CLASSID='clsid:884e2049-217d-11da-b2a4-000e7bbb2b09'>
+</OBJECT>
+
+<title>User Certificate Request</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+<SCRIPT LANGUAGE="JavaScript">
+function encode_utf8( s )
+{
+  return unescape( encodeURIComponent( s ) );
+}
+ 
+function decode_utf8( s )
+{
+   return decodeURIComponent( escape( s ) );
+}
+
+function validate()
+{
+    var x = document.enrollment.uid.value;
+    if (x == '') {
+      alert("uid is empty");
+      return false;
+    }
+    var e = document.enrollment.email.value;
+    if (e == '') {
+      alert("email is empty");
+      return false;
+    }
+    var cn = document.enrollment.cn.value;
+    if (cn == '') {
+      alert("Full name is empty");
+      return false;
+    }
+    var dn = encode_utf8("uid="+x+",e="+e+",cn="+cn);
+    with (document.forms[0]) {
+        crmfObject = crypto.generateCRMFRequest(
+                dn,
+                "regToken", "authenticator",
+        	null,
+                "setCRMFRequest();",
+                1024, null, "rsa-dual-use");
+        return false;
+    }
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+          csr.value = crmfObject.request;
+          submit();
+    }
+}
+
+</SCRIPT>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+<a href="/ee/index.cgi">RA Services</a> :
+<a href="/ee/user/index.cgi">User Enrollment</a><br />
+User Interface
+</font><br>
+<p> 
+This form is for user to request for an end-user certificate.
+<p> 
+<script language=javascript>
+<!--
+ if (navigator.appName == "Microsoft Internet Explorer") { 
+   document.writeln('<form name="enrollment" method=post action="submit.cgi">');
+  } else {
+   document.writeln('<form name="enrollment" onSubmit="return validate();" method=post action="submit.cgi">');
+  }
+-->
+</script>
+<SCRIPT LANGUAGE=VBS>
+<!--
+'Get OS Version, works for Vista and below only
+Function GetOSVersion
+  dim agent
+  dim result
+  dim pos
+
+  agent = Navigator.appVersion
+  pos = InStr(agent,"NT 6.")
+
+  If pos > 0 Then
+    GetOSVersion = 6 ' Vista
+    Exit Function
+  End If
+
+  pos = InStr(agent,"NT 5.")
+
+  If pos > 0 Then
+    GetOSVersion = 5  ' XP etc
+    Exit Function
+  End If
+
+' Default
+  GetOSVersion = 5
+End Function
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Dim options
+  Dim osVersion
+  Dim result
+  Set TheForm = Document.enrollment
+
+  osVersion = GetOSVersion()
+
+  If osVersion <> 6 Then 'Not Vista
+
+  ' Contruct the X500 distinguished name
+  szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   ' Pick the provider that is selected
+   set options = TheForm.all.cryptprovider.options
+   index = options.selectedIndex
+   Enroll.providerType = options(index).value
+   Enroll.providerName = options(index).text
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security'
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection you would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "Your credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.csr.Value = szCertReq
+
+  ' TheForm.Submit
+
+Else 'Vista
+    Dim enrollment
+    Dim privateKey
+    Dim request
+    Dim csr
+    Dim objDN
+
+    'certUsage is "1.3.6.1.5.5.7.3.2"
+
+    On Error Resume Next
+      'CreateObject("X509Enrollment.CX509EnrollmentWebClassFactory")
+
+    If IsObject(g_objClassFactory) = False Then
+      result = MsgBox("Can't create Factory Object "  & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Sub
+    End If
+
+    Set enrollment = g_objClassFactory.CreateObject("X509Enrollment.CX509Enrollment")
+
+    If IsObject(enrollment) = False Then
+      result = MsgBox("Can't create enroll Object! "  & " Error: " & Err.number & " :" & Err.description,"")
+      Exit Sub
+    End If
+
+    Set privateKey = g_objClassFactory.CreateObject("X509Enrollment.CX509PrivateKey")
+
+ If IsObject(privateKey) = False Then
+      result = MsgBox("Can't create Key Object! " & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Sub
+    End If
+
+    Set request = g_objClassFactory.CreateObject("X509Enrollment.CX509CertificateRequestPkcs10")
+
+    If IsObject(request) = False Then
+      result = MsgBox("Can't create Request Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Sub
+    End If
+
+    privateKey.KeySpec= "1"
+
+  ' Pick the provider that is selected
+    set options = TheForm.all.cryptprovider.options
+    index = options.selectedIndex
+    privateKey.ProviderType=  index
+    privateKey.ProviderName = options(index).text
+
+    szName = "0.9.2342.19200300.100.1.1=" & TheForm.uid.Value & ",E=" & TheForm.email.Value & ",CN=" & TheForm.cn.Value
+
+    Set objDN = g_objClassFactory.CreateObject("X509Enrollment.CX500DistinguishedName")
+
+    If IsObject(objDN) = False Then
+      result = MsgBox("Can't create DN Object. ! " & " Error: " & Err.number & " :" & Err.description,0,"")
+      Exit Sub
+    End If
+
+    objDN.Encode szName,0
+
+    request.InitializeFromPrivateKey 1,privateKey,""
+    request.Subject = objDN
+
+    enrollment.InitializeFromRequest(request)
+    csr=enrollment.CreateRequest(1)
+
+    If len(csr) = 0 Then
+        result = MsgBox("Error Creating Request! "& " Error: " & Err.number & " :" & Err.description,0,"")
+        Exit Sub
+    End If
+
+    TheForm.csr.Value = csr
+
+  End If
+  Exit Sub
+
+End Sub
+
+-->
+</SCRIPT>
+<center>
+<table border="0" cellspacing="1" cellpadding="1">
+<tr>
+  <td>UID:</td>
+  <td><input type=text name=uid value=""></td>
+</tr>
+<tr>
+  <td>Full Name:</td>
+  <td><input type=text name=cn value=""></td>
+</tr>
+<tr>
+  <td>Site ID:</td>
+  <td><input type=text name=site_id value=""></td>
+</tr>
+<tr>
+  <td>Your Email:</td>
+  <td><input type=text name=email value=""></td>
+</tr>
+<tr>
+</tr>
+<tr>
+  <td>&nbsp;</td>
+  <td>&nbsp;</td>
+</tr>
+<script language=javascript>
+<!--
+ if (navigator.appName == "Microsoft Internet Explorer") { 
+        document.writeln('<SELECT NAME=\"cryptprovider\"></SELECT>');
+ }
+-->
+</script>
+<tr>
+  <td>
+<script language=javascript>
+<!--
+ if (navigator.appName == "Microsoft Internet Explorer") { 
+   document.writeln('<input type=hidden name=csr_type value="pkcs10">');
+   document.writeln('<input type=submit Name=Send value="Submit">');
+ } else {
+   document.writeln('<input type=hidden name=csr_type value="crmf">');
+   document.writeln('<input type=submit name=Submit value="Submit">');
+ }
+-->
+</script>
+  </td>
+  <td></td>
+</tr>
+</table>
+</center>
+<input type=hidden name="csr" value="">
+<SCRIPT LANGUAGE=VBS>
+<!--
+FindProviders
+
+Function FindProviders
+        Dim i, j
+        Dim providers()
+        i = 0
+        j = 1
+        Dim el
+        Dim temp
+        Dim first
+        Dim TheForm
+        Set TheForm = document.enrollment
+        On Error Resume Next
+        first = 0
+
+        Dim osVersion
+        Dim result
+        osVersion = GetOSVersion()
+
+        If osVersion <> 6 Then 'Not Vista
+ Do While True
+          temp = ""
+          Enroll.providerType = j
+          temp = Enroll.enumProviders(i,0)
+          If Len(temp) = 0 Then
+          If j < 1 Then
+            j = j + 1
+            i = 0
+          Else
+            Exit Do
+          End If
+          Else
+          set el = document.createElement("OPTION")
+          el.text = temp
+          el.value = j
+          If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+            first = i
+          End If
+          TheForm.cryptprovider.add(el)
+          If first = 0  Then
+            first = 1
+            TheForm.cryptprovider.selectedIndex = 0
+          Else
+            TheForm.cryptprovider.selectedIndex = first
+          End If
+          i = i + 1
+          End If
+          Loop
+        Else 'Vista
+
+ Dim csps
+            Set csps = g_objClassFactory.CreateObject("X509Enrollment.CCspInformations")
+            If IsObject(csps) = False Then
+               result = MsgBox("Can't create CSP List Object! " & " Error: " & Err.number & " :" & Err.description,0,"")
+               Exit Function
+
+            End If
+            csps.AddAvailableCsps()
+            'result = MsgBox(csps.Count,0,"Number of CSPS")
+
+            Dim curName
+            Dim csp
+            Dim selected
+            selected = 0
+            For i = 0 to csps.Count-1
+
+                curName = csps.ItemByIndex(i).Name
+                If len(curName) > 0 Then
+                  Set csp = document.createElement("OPTION")
+                  csp.text = curName
+                  csp.value = 1
+                  TheForm.cryptprovider.add(csp)
+
+                  If curName = "Microsoft Base Cryptographic Provider v1.0" Then
+                    selected = i
+                  End If
+                  'result = MsgBox(curName,0,"")
+                End If
+            Next
+TheForm.cryptprovider.selectedIndex = selected
+        End If
+End Function
+
+-->
+</SCRIPT>
+</form>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/footer.vm b/dogtag/ra-ui/shared/docroot/footer.vm
new file mode 100644
index 000000000..a596e45b1
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/footer.vm
@@ -0,0 +1,19 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+  <div id="footer">
+  </div>
diff --git a/dogtag/ra-ui/shared/docroot/header.vm b/dogtag/ra-ui/shared/docroot/header.vm
new file mode 100644
index 000000000..18862497b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/header.vm
@@ -0,0 +1,26 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information"><img src="/ra/admin/console/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
diff --git a/dogtag/ra-ui/shared/docroot/images/logo_header.gif b/dogtag/ra-ui/shared/docroot/images/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/images/logo_header.gif
diff --git a/dogtag/ra-ui/shared/docroot/images/pki-icon-help.gif b/dogtag/ra-ui/shared/docroot/images/pki-icon-help.gif
new file mode 100644
index 000000000..21d9f13d6
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/images/pki-icon-help.gif
diff --git a/dogtag/ra-ui/shared/docroot/images/pki-icon-home.gif b/dogtag/ra-ui/shared/docroot/images/pki-icon-home.gif
new file mode 100644
index 000000000..ef1726b74
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/images/pki-icon-home.gif
diff --git a/dogtag/ra-ui/shared/docroot/images/pki-icon-software.gif b/dogtag/ra-ui/shared/docroot/images/pki-icon-software.gif
new file mode 100644
index 000000000..dd64b485c
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/images/pki-icon-software.gif
diff --git a/dogtag/ra-ui/shared/docroot/index.vm b/dogtag/ra-ui/shared/docroot/index.vm
new file mode 100644
index 000000000..2b9677f20
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/index.vm
@@ -0,0 +1,90 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>RA Services</title>
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System RA Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$non_clientauth_securePort/ee/index.cgi">SSL End Users Services</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/agent/index.cgi">Agent Services</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/admin/index.cgi">Administrator Services</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+
+</body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/adminauthenticatepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/adminauthenticatepanel.vm
new file mode 100644
index 000000000..7d5aade5f
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/adminauthenticatepanel.vm
@@ -0,0 +1,52 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<p>
+The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem.
+#if ($systemType != "tps")
+<br/>
+If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one.
+#end
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<p>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/adminpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/adminpanel.vm
new file mode 100644
index 000000000..36e99097b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/adminpanel.vm
@@ -0,0 +1,237 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT ID=Send_OnClick type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+#if ($import == 'true' && $clone != 'clone')
+    var email = document.forms[0].email.value;
+    var name = document.forms[0].name.value;
+    var o = '$securityDomain';
+    if (name == '') {
+        alert("Name is empty");
+        return;
+    }
+    if (email == '') {
+        alert("Email is empty");
+        return;
+    }
+    var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o;
+    document.forms[0].subject.value = dn;
+    var keyGenAlg = "rsa-dual-use";
+
+    if (navigator.appName == "Netscape" &&
+      typeof(crypto.version) != "undefined") {
+
+        crmfObject = crypto.generateCRMFRequest(
+          dn, "regToken", "authenticator", null,
+          "setCRMFRequest();", 1024, null, keyGenAlg);
+    } else {
+        Send_OnClick();
+    }
+#else
+    with (document.forms[0]) {
+        submit();
+    }
+#end
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+        cert_request.value = crmfObject.request;
+        submit();
+    }
+}
+
+</SCRIPT>
+<SCRIPT type="text/VBS">
+<!--
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Set TheForm = Document.f
+
+
+  ' Contruct the X500 distinguished name
+  szName = "CN=NAME"
+
+  ' IE doesnt like the dn containing the O component
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   Enroll.providerType = 1
+   Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0"
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security'
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection the user would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.cert_request.Value = szCertReq
+  TheForm.cert_request_type.Value = "pkcs10"
+  TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value
+
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+
+-->
+</SCRIPT>
+
+<SCRIPT type="text/VBS">
+<!--
+FindProviders
+
+Function FindProviders
+        Dim i, j
+        Dim providers()
+        i = 0
+        j = 1
+        Dim el
+        Dim temp
+        Dim first
+        Dim TheForm
+        Set TheForm = document.f
+        On Error Resume Next
+        first = 0
+
+        Do While True
+        temp = ""
+        Enroll.providerType = j
+        temp = Enroll.enumProviders(i,0)
+        If Len(temp) = 0 Then
+        If j < 1 Then
+          j = j + 1
+          i = 0
+        Else
+          Exit Do
+        End If
+        Else
+        set el = document.createElement("OPTION")
+        el.text = temp
+        el.value = j
+        If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+          first = j
+        End If
+        TheForm.cryptprovider.add(el)
+        If first = 0  Then
+          first = 1
+          TheForm.cryptprovider.selectedIndex = 0
+        Else
+          TheForm.cryptprovider.selectedIndex = first
+        End If
+        i = i + 1
+        End If
+        Loop
+End Function
+
+-->
+</SCRIPT>
+The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel.
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+    <br/>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>UID:</th>
+#if ($clone != 'clone')
+        <td><input type=text name=uid value="$admin_uid"></td>
+#else
+        <td><input type=text name=uid value="$admin_uid" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Name:</th>
+#if ($clone != 'clone')
+        <td><input size=35 type=text name=name value="$admin_name"></td>
+#else
+        <td><input size=35 type=text name=name value="$admin_name" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Email:</th>
+#if ($clone != 'clone')
+        <td><input size=35 type=text name=email value="$admin_email"></td>
+#else
+        <td><input size=35 type=text name=email value="$admin_email" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Password:</th>
+#if ($clone != 'clone')
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td>
+#else
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" disabled="disabled" autocomplete="off"/></td>
+#end
+      </tr>
+      <tr>
+        <th>Password (Again):</th>
+                                                                              
+#if ($clone != 'clone')
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td>
+#else
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" disabled="disabled" autocomplete="off"/></td>
+#end
+<input type="hidden" name="cert_request" value=""/>
+<input type="hidden" name="display" value=$displayStr />
+<input type="hidden" name="profileId" value="caAdminCert" />
+<input type="hidden" name="cert_request_type" value="crmf" />
+<input type="hidden" name="import" value=$import />
+<input type="hidden" name="uid" value="admin" />
+<input type="hidden" name="clone" value=$clone />
+<input type="hidden" name="securitydomain" value="$securityDomain" />
+<input type="hidden" name="subject" value="cn=x" />
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/agentauthenticatepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/agentauthenticatepanel.vm
new file mode 100644
index 000000000..2124e7a36
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/agentauthenticatepanel.vm
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<br/>
+The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests.
+<br/>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/authdbpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/authdbpanel.vm
new file mode 100644
index 000000000..43c0ed544
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/authdbpanel.vm
@@ -0,0 +1,66 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+    Please provide information about the LDAP server that will be used to authenticate the identity of end users. <a href="javascript: toggle_details();">[Details]</a>
+<script>
+function toggle_details() {
+  d = document.getElementById('details');   if (d.style.display == "block") {
+    d.style.display="none";   } else {
+    d.style.display="block";
+  } } </script>
+<div id=details style="display: none;"> <p>
+    In order for ESC to submit certificate requests to TPS, the end user's identity must first be verified.  To accomplish this, an end user first sends a uid and password to TPS.  TPS must then contact an LDAP server (e.g. - a corporate LDAP directory server) to verify this end user's identity.
+<p>
+If the end user's identity is successfully verified, TPS will establish an authenticated connection with this ESC, and begin accepting certificate requests and issuing certificates to this end user.
+<p>
+If, however, the end user's identity fails to be verified, TPS will not establish a connection with this ESC. TPS never issues certificates to unauthenticated end users.
+</div>
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>                                                                            
+
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+            
+      <tr>
+        <th>Port:</th>
+                                
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+    </table>
+ 
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm
new file mode 100644
index 000000000..6bea8a184
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/cainfopanel.vm
@@ -0,0 +1,55 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+A Certificate Authority (CA) is responsible for issuing different kinds of certificates. Select an HTTPS EE URL of a CA from the list below.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+
+
+     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certchainpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certchainpanel.vm
new file mode 100644
index 000000000..08bcc1331
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certchainpanel.vm
@@ -0,0 +1,49 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<b>Pretty Print of Certificates on this subsystem.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certprettyprintpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certprettyprintpanel.vm
new file mode 100644
index 000000000..ac8da10ee
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certprettyprintpanel.vm
@@ -0,0 +1,49 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+The following certificates were installed on this instance.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certrequestpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certrequestpanel.vm
new file mode 100644
index 000000000..883cb6589
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/certrequestpanel.vm
@@ -0,0 +1,225 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 250px;
+  top: 50px;
+  width: 600px;
+  padding: 3px;
+  border: solid;
+  border-width: 5px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+</style>
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function showcert(element, event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var content = element.getAttribute("content");
+  var content_d = element.getAttribute("content_desc");
+
+  if (content == null) { return false; }
+
+  var n = element.getAttribute("n");
+
+  var editableType = element.getAttribute("editableType");
+  var desc;
+  var d;
+  var c;
+  if (editableType == "cert")
+  {
+    d = document.getElementById(n+"_editCertDiv");
+    c = document.getElementById(n+"_text");
+    desc = document.getElementById(n+"_desc_t");
+  } else if (editableType == "certchain") {
+    d = document.getElementById(n+"_editCertChainDiv");
+    c = document.getElementById(n+"_cc_text");
+    desc = document.getElementById(n+"_cc_desc_t");
+  } else {
+    d = document.getElementById(n+"_showCertDiv");
+    c = document.getElementById(n+"_pre");
+    desc = document.getElementById(n+"_desc_p");
+  }
+
+  if (desc.hasChildNodes())
+  {
+    desc.removeChild(desc.childNodes[0]);
+  }
+  var content_desc = document.createTextNode(content_d);
+  desc.appendChild(content_desc);
+    
+  if (c.hasChildNodes())
+  {
+    c.removeChild(c.childNodes[0]);
+  }
+  var content_text = document.createTextNode(content);
+  c.appendChild(content_text);
+    
+  d.style.left = x+30; // x-offset of floating div
+  assumedheight = 1000;
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  d.style.top = y+ offset +document.body.scrollTop;
+
+  // unhide the window
+  d.style.display ="block";
+
+}
+
+function hide(tag)
+{
+    document.getElementById(tag+"_showCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertChainDiv").style.display ="none";
+}
+
+</SCRIPT>
+A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate.
+<p>
+If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully.
+<p>
+However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation.
+<p>
+Press the [Apply] button after certificates and chains are pasted in.
+<p>
+Press the [Next] button once all certificates have been generated successfully.
+<p>
+#foreach ($item in $reqscerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr>
+  <td width=10%></td>
+  <td width=20%></td>
+  <td width=70%></td>
+</tr>
+
+<tr>
+  <td>&nbsp;</td>
+#if ($item.getCert() == "...paste certificate here...") 
+  <td><font color=red>action required</font><br>
+<img src="../img/no-certificate.png"/></td>
+#else
+  #if ($item.getCert() == "...certificate be generated internally...")
+<td>
+  <img src="../img/no-certificate.png"/><br>
+  certificate will be generated internally
+  </td>
+  #else
+    #if ($item.getCert() == "")
+  <td>
+<img src="../img/no-certificate.png"/><br>
+  No Certificate Generated. Please import.<br>
+  </td>
+    #else
+  <td>
+<img src="../img/certificate.png"/><br>
+  Certificate Generated Successfully
+  </td>
+    #end
+  #end
+#end
+
+<td>
+
+
+#if ($item.getCert() == "...paste certificate here...") 
+<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p>
+<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p>
+<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p>
+#else
+  #if ($item.getCert() == "...certificate be generated internally...")
+<p>
+  #else
+<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p>
+<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p>
+<a content="$item.getCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p>
+  #end
+#end
+
+
+</td>
+</tr>
+</table>
+                                                                                
+<div id="$item.getCertTag()_showCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_stable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_p"></td>
+</tr>
+<tr>
+<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertChainDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_cc_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_cc_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td>
+</tr>
+</table>
+</div>
+
+
+#end
+
+    <p>
+
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_addhsm.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_addhsm.vm
new file mode 100644
index 000000000..45002f9cd
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_addhsm.vm
@@ -0,0 +1,96 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Security Modules</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Registering a New Security Module</H2>
+<form name=configForm action="config_addhsm" method="post">
+<p>
+If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here.
+<table>
+<tr>
+  <td>
+Library Path: <input type=text name="modulePath" value="">
+  </td>
+</tr>
+<tr>
+  <td>
+Module Name: <input type=text name="moduleName" value="">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_db.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_db.vm
new file mode 100644
index 000000000..4db7b3e53
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_db.vm
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function donePanel(errorStr, displayS) {
+      if (displayS == "loaded") {
+        if (errorStr == '') {
+            window.close();
+        }
+      }
+    }
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="donePanel('$errorString', '$displayStr')">
+<div id="wrap">
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Internal Database </h1>
+
+    <form name=configForm action="config_db" method="post">
+    <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Port:</th>
+                                                                                
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+      <tr>
+        <th>Database:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+                                                                                
+        <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+        <td><input type="hidden" name="display" value=$displayStr /></td>
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_hsm.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_hsm.vm
new file mode 100644
index 000000000..ac452893b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_hsm.vm
@@ -0,0 +1,176 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+#include ( "admin/console/config/topmenu.vm" )
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Security Modules </h1>
+
+<form name=configForm action="config_hsm" method="post">
+
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below.
+<p>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+
+  </td>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_hsm value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_hsmloginpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_hsmloginpanel.vm
new file mode 100644
index 000000000..46d8ae0ea
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_hsmloginpanel.vm
@@ -0,0 +1,83 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+  <h1>
+  Security Modules Login Panel</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Security Token Login</H2>
+<form name=configHSMLoginForm action="config_hsmlogin" method="post">
+<p>
+The user has chosen to login to the following security module: <b>$SecToken</b>
+<p>
+#if ($status == "alreadyLoggedIn")
+	Token already logged in.
+#else
+   #if ($status == "tokenPasswordNotInitialized")
+	Token password not initialized.
+   #else
+      #if ($status == "justLoggedIn")
+          Token logged in successfully.
+      #else
+<table>
+<tr>
+  <td>
+Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b>
+  </td>
+</tr>
+<tr>
+  <td>
+Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+      #end
+    #end
+#end
+
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+    <p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+
+
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_join.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_join.vm
new file mode 100644
index 000000000..bed838ef6
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_join.vm
@@ -0,0 +1,125 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+                                                                                
+                                                                                
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Join the PKI Network </h1>
+
+To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing.
+    <p>
+    <form action="config_join" method="post" name="f">
+                                                                                
+<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA.
+<p>
+<table width=100%>
+<tr>
+  <td width=50%>Certificate Request to a CA:</td>
+  <td>Certificate Chain From a CA:</td>
+  </td>
+</tr>
+<tr>
+  <td>
+<textarea rows=8 cols=40 name="req">$certreq</textarea>
+  </td>
+  <td>
+<textarea rows=8 cols=40 name="cert">$cert</textarea>
+  </td>
+</tr>
+</table>
+<p>
+<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority
+<br>
+    <table class="details">
+      <tr>
+        <th width=10%>URL:</th>
+        <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>UID:</th>
+        <td><input type="text" length="64" size="40" name="uid" value="agent" /></td>
+      </tr>       
+      <tr>
+        <th>Password:</th>
+        <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td>
+      </tr>       
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit();" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_rootca.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_rootca.vm
new file mode 100644
index 000000000..747024acf
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/config_rootca.vm
@@ -0,0 +1,113 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+
+
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Root CA </h1>
+
+A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide.
+    <p>
+
+<form name="f" action="config_rootca" method="post">
+                                                                                
+<H2>CA Certificate Profile</H2>
+
+<p>
+    <table class="details">
+      <tr>
+        <th width=10%>Profile:</th>
+                                                                                
+        <td><select name="profile">
+#foreach ($p in $profiles)
+#if ($p.getID() == $selected_profile_id)
+        <option selected value="$p.getID()">$p.getName()</option>
+#else
+        <option value="$p.getID()">$p.getName()</option>
+#end
+#end
+        </select>
+        </td>
+      </tr>
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit()" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm
new file mode 100644
index 000000000..18af9c523
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/createsubsystempanel.vm
@@ -0,0 +1,95 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Subsystem Configuration</h2>
+<p>
+This instance can be configured as a new $systemname subsystem.
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+<b><input $check_newsubsystem type=radio name=choice value="newsubsystem">&nbsp;Configure this Instance as a New $systemname Subsystem </b>
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTP URL (unsecure): </th>
+        <td>http://$machineName:$http_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS URL (clientauth): </th>
+        <td>https://$machineName:$https_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS URL (non-clientauth): </th>
+        <td>https://$machineName:$non_clientauth_https_port</td>
+      </tr>
+    </table>
+<p>
+#if ($disableClone)
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled">&nbsp;Clone an Existing $systemname Subsystem </b>
+#else
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem">&nbsp;Clone an Existing $systemname Subsystem </b>
+#end
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+#if ($disableClone)
+        <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname
+ Clone 1)</td>
+#else
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname
+ Clone 1)</td>
+#end
+      </tr>
+      <tr>
+        <th>Subsystem URL: </th>
+#if ($disableClone)
+        <td><select name="urls" disabled="disabled">
+#else
+        <td><select name="urls">
+#end
+           #if ($urls_size != 0) 
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #else
+               <option selected value="none">NONE</option>
+           #end
+        </select>
+        </td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/databasepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/databasepanel.vm
new file mode 100644
index 000000000..76c3c887d
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/databasepanel.vm
@@ -0,0 +1,53 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+An SQL Lite database will be created to store RA internal information.
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<p>
+</div>
+<p>
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>                                                                            
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/displaycertchain2panel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/displaycertchain2panel.vm
new file mode 100644
index 000000000..068fd9283
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/displaycertchain2panel.vm
@@ -0,0 +1,41 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<p>
+A certificate chain is a list of all certificates chained up to the root.
+<p>
+If the entire certificate chain is displayed below, click the Next button to import it into this subsystem. This certificate chain will then be trusted for this instance.
+<p>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<p>
+<pre>
+$certchain
+</pre>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/displaycertchainpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/displaycertchainpanel.vm
new file mode 100644
index 000000000..829ee24cb
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/displaycertchainpanel.vm
@@ -0,0 +1,41 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<br/>
+A certificate chain is a list of all certificates chained up to the root.
+<br/>
+If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance.
+<br/>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<br/>
+<pre>
+$certchain
+</pre>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm
new file mode 100644
index 000000000..bc7ccfc01
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/donepanel.vm
@@ -0,0 +1,42 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<input type="hidden" name="host" value=$host />
+<input type="hidden" name="port" value=$port />
+<input type="hidden" name="systemType" value=$systemType />
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+As 'root', restart the server on the command line by typing "$initCommand
+ restart $instanceID". After performing this restart, the server should become operational.
+<br/>
+Please go to the <A href="https://$host:$non_clientauth_port"><b>services page</b></A> to access all of the available interfaces.
+<br/>
+<br/>
+To create additional instances, type "/usr/bin/pkicreate" on the command line.
+<br/>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm
new file mode 100644
index 000000000..e4e6842ba
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/drminfopanel.vm
@@ -0,0 +1,56 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+A Data Recovery Manager (DRM) is responsible for server-side key generation, archival, and recovery. If server-side key generation is not needed, this step can be skipped.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+<p>
+#end
+<b><input checked type=radio name=choice value="keygen">&nbsp;Connect this instance to an HTTPS Agent URL of a DRM to support server-side key generation.</b>
+<p>
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+    <div align="right">
+      <hr />
+    </div>
+<p>
+<b><input type=radio name=choice value="nokeygen">&nbsp;Configure this instance to NOT support server-side key generation.</b>
+<p>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/footer.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/footer.vm
new file mode 100644
index 000000000..22d7213ba
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/footer.vm
@@ -0,0 +1,20 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+  <div id="footer">
+  </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/header.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/header.vm
new file mode 100644
index 000000000..d4cea30c2
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/header.vm
@@ -0,0 +1,26 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="../img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+    </div>
+</div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/hierarchypanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/hierarchypanel.vm
new file mode 100644
index 000000000..bde310882
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/hierarchypanel.vm
@@ -0,0 +1,80 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+  setURL();
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>PKI Hierarchy</h2>
+<p>
+This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a>
+<script>
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+
+function setURL() {
+    var cbox = document.forms[0].elements['urls'];
+    if (document.forms[0].choice[0].checked) {
+        cbox.disabled = "disabled";
+    } else {
+        cbox.disabled = "";
+    }
+}
+
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA.
+</div>
+
+<p>
+<b><input $check_root type=radio name=choice value="root" onChange="setURL();">&nbsp;Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="rootca.gif"></b>
+<p>
+<b><input $check_join type=radio name=choice value="join" onChange="setURL();">&nbsp;Make this a subordinate CA of another CA. <img alt="" src="sub.gif"></b>
+
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls.size() > 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+<p>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm
new file mode 100644
index 000000000..d64d4a344
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/importadmincertpanel.vm
@@ -0,0 +1,56 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<font color="red">$info</font>
+<p>
+    <p>
+                                                                                
+    <table class="details">
+      <tr>
+#if ($ca == 'true' && $import == 'true')
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#else
+#if ($caType == 'ca' && $import == 'true')
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#else
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#end 
+#end
+<input type="hidden" name="serialNumber" value=$serialNumber />
+<input type="hidden" name="caHost" value=$caHost />
+<input type="hidden" name="caPort" value=$caPort />
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/login.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/login.vm
new file mode 100644
index 000000000..dac518e9f
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/login.vm
@@ -0,0 +1,110 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Certificate System</title>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body><div id="wrap">
+  
+#include ( "ra/admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+  -
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+         
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Login</h1>
+
+A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue.
+
+    <p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <p>
+    <form name="f" action="login" method="post">
+                                                                                
+    <table class="details">
+      <tr>
+        <th>PIN:</th>
+        <td><input type=password name="pin"></td>
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+<td align=right>
+<input type=button onclick="javascript: document.f.submit();" name=login value="Login">
+</td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+#include ( "ra/admin/console/config/footer.vm" )
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/modulepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/modulepanel.vm
new file mode 100644
index 000000000..cb9a1eaf8
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/modulepanel.vm
@@ -0,0 +1,158 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<br/>
+Key pairs for this instance will be generated and stored on a device called a security module.
+<br/>
+A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>.
+<br/>
+<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included.
+<br/>
+Before any security module solution can be used, a user must first always be authenticated to this security module via a token.  To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software.
+<br/>
+Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot.  For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication.
+<br/>
+Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue.
+</div>
+<br/>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+   #if ($token.isLoggedIn())
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+   #end
+  </td>
+  <td>
+	#if (!$token.isLoggedIn())
+<a href="wizard?p=$subpanelno&amp;SecToken=$token.getNickName()">Login</a>
+	#end
+</td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/namepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/namepanel.vm
new file mode 100644
index 000000000..798f16598
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/namepanel.vm
@@ -0,0 +1,91 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names. Each certificate will be stored in the security module using a unique nickname. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields.
+<br/>
+</div>
+
+    <p>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#foreach ($item in $certs)
+<H2>$item.getUserFriendlyName()</H2>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>DN:</th>
+        <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getDN()"/></td>
+      </tr>
+      <tr> 
+        <th>Nickname:</th>
+        <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td>
+      </tr>
+    </table>
+<p>
+#end
+<p>
+<hr>
+<p>
+Please select the CA to submit these system certificate requests:
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+                                                                                
+   <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainloginpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainloginpanel.vm
new file mode 100644
index 000000000..25134303f
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainloginpanel.vm
@@ -0,0 +1,109 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/ca/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+  </head>
+
+
+<div id="wrap">
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag"><img src="/ca/admin/console/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/ca/admin/console/img/pki-icon-software.gif" />
+  Security Domain ($name) Login </h1>
+
+    <form name=sdForm action="getCookie" method="post">
+    <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p>
+#if ($errorString != "")
+<img src="/ca/admin/console/img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Password:</th>
+                                                                                
+        <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td>
+      </tr>       
+<input type=hidden name=url value="$url">
+
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<div align="right">
+<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> 
+</div>
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm
new file mode 100644
index 000000000..3bd19c520
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/securitydomainpanel.vm
@@ -0,0 +1,115 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>$panelname</h2>
+<br/>
+A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<br/>
+This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority.
+<br/>
+If the user is creating a new security domain, this CA Administrator is also
+the security domain Administrator.
+<br/>
+If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator
+requested in the next panel.
+</div>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#if ($cstype == "CA") 
+<b><input $check_newdomain type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTP EE URL (unsecure): </th>
+        <td>http://$machineName:$http_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Agent URL (clientauth): </th>
+        <td>https://$machineName:$https_agent_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS EE URL (non-clientauth): </th>
+        <td>https://$machineName:$https_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td>https://$machineName:$https_admin_port</td>
+      </tr>
+    </table>
+<br/>
+<b><input $check_existingdomain type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#else
+<b><input disabled="disabled" type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+    </table>
+<br/>
+<b><input checked type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#end
+<br/>
+Enter the URL to an existing security domain.
+<br/>
+    <table class="details">
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td>
+      </tr>
+    </table>
+<br/>
+<table>
+<tr>
+<td valign="top"><b>NOTE:&nbsp;&nbsp; </b></td>
+<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$initCommand status $instanceID" from the command-line.</td>
+</tr>
+</table>
+<br/>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/sidemenu.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/sidemenu.vm
new file mode 100644
index 000000000..09fe16870
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/sidemenu.vm
@@ -0,0 +1,30 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<div id="sidenav">
+<ul>
+  <li><a href="welcome">Welcome</a></li>
+  <li><a href="database">Internal Database</a></li>
+  <li><a href="module">Security Modules</a></li>
+  <li><a href="size">Key Size</a></li>
+  <li><a href="name">Issuer Name</a></li>
+  <li><a href="hierarchy">PKI Hierarchy</a></li>
+  <li><a href="admin">Administrator</a></li>
+  <li><a href="done">Finish</a></li>
+</ul>
+</div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/sizepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/sizepanel.vm
new file mode 100644
index 000000000..b7a7a820c
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/sizepanel.vm
@@ -0,0 +1,235 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<style type="text/css">
+div#advance
+{
+  margin: 0px 20px 0px 20px;
+  display: none;
+}
+div#simple
+{
+  margin: 0px 20px 0px 20px;
+  display: block;
+}
+</style>
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function toggleLayer(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function toggleLayer1(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else if (style2.display == "") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function keyTypeChange()
+{
+  var form = document.forms[0];
+  var keyTypeSelect = document.forms[0].elements['keytype'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_keytype') != -1) {
+      form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+    }
+  }
+}
+
+function defaultChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function customChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function textChange()
+{
+  var customSize = document.forms[0].elements['custom_size'];
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_custom_size') != -1) {
+      form.elements[name].value = customSize.value;
+    }
+  }
+}
+
+</SCRIPT>
+Select the key pair type(s) and associated key pair size(s) from the pulldown menus. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<p>
+Each key pair is comprised of a <b><i>key type</i></b> and a <b><i>key size</i></b>. Based upon the key type selected from the first pulldown menu, associated key sizes (in bits) will be selectable from the second pulldown menu.
+<p>
+Within each key pair type (but not comparable between two different key pair types), the size of the key is a measure of how secure a given system is (i.e. - the longer the key pair size, the more secure the system). Unfortunately, longer key pair sizes increase the time required to perform operations such as signing certificates.
+<p>
+</div>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+<div id="simple">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td>
+</tr>
+</table>
+<p>
+<H2>Common Key Settings</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+        <td><select name="keytype" onChange="keyTypeChange()"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td>
+      </tr>
+</table>
+<p>
+    <input
+#if ($select == "default")
+ checked
+#end
+ onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC)</b>.
+    <p>
+    <input
+#if ($select == "custom")
+ checked
+#end
+ onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key size:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size:</th>
+        <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="2048" /></td>
+      </tr>
+</table>
+</div>
+<p>
+<div id="advance">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td>
+</tr>
+</table>
+#foreach ($item in $certs)
+<H2>Key for $item.getUserFriendlyName()</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+        <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td>
+      </tr>
+</table>
+<p>
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC).
+    <p>
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key size:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size:</th>
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_size value="$item.getCustomKeysize()" /></td>
+      </tr>
+</table>
+#end
+</div>
+<br/>
+<br/>
+<br/>
+#if ($firsttime == 'false')
+<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p>
+#end
+<p>
+    <div align="right">
+      <hr />
+<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete.  Please wait for the next panel to appear.</i>
+      &nbsp;
+    </div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm
new file mode 100644
index 000000000..f4cb5eb6b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/tksinfopanel.vm
@@ -0,0 +1,51 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+The Token Key Service (TKS) is responsible for managing master keys that are used for establishing secure channels. Select an HTTPS Agent URL of a TKS from the list below.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+    <div align="right">
+      <hr />
+    </div>
+<p>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/topmenu.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/topmenu.vm
new file mode 100644
index 000000000..64881066f
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/topmenu.vm
@@ -0,0 +1,21 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li>
+</ul>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/welcomepanel.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/welcomepanel.vm
new file mode 100644
index 000000000..fd478d1a8
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/welcomepanel.vm
@@ -0,0 +1,57 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<H2>$wizardname</H2>
+The $fullsystemname
+ configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname
+ ($systemname). <a href="javascript:toggle_details();">[Details]</a>
+                                                                                
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates.
+<p>
+Dogtag Certificate System (DCS) $productversion &nbsp;
+is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC).
+<p>
+For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem.
+#if ($systemType != "tps")
+<p>
+#end
+</div>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/wizard.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/wizard.vm
new file mode 100644
index 000000000..6256703e3
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/wizard.vm
@@ -0,0 +1,144 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/ra/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+function process(fop) {
+    with (document.forms[0]) {
+        op.value = fop;
+        if (fop == 'next') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else if (fop == 'apply') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else {
+            document.getElementById('progress').style.visibility = "visible";
+            submit();
+        }
+    }
+}
+
+</SCRIPT>
+
+  <body><div id="wrap">
+  
+#include ( "ra/admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li>
+</ul>
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+          
+<div id="sidenav">
+<ul>
+#foreach ($pn in $panels)
+#if (!$pn.isSubPanel())
+  <li><center><font color=black size="2">$pn.getName()</font></center></li>
+#end
+#end
+</ul>
+</div>
+
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  $title </h1>
+
+<form name=f method=post action="wizard">
+<input type=hidden name=p value="$p">
+
+#parse ( $panel )
+
+<input type=hidden name="op" value=''>
+
+</form>
+
+<table width=100% border=0 cellspacing=0 cellpadding=0>
+<tr bgcolor="#eeeeee">
+<td><img id=progress style="visibility: hidden;" src="../img/bigrotation2.gif" /></td>
+<td align=right>
+
+#if ($showApplyButton == "true")
+<input type=button onclick="process('apply')" name=back value="Apply">
+#end
+
+#if ($lastpanel)
+&nbsp;
+#else
+<input type=button onclick="process('next')" name=back value="Next>">
+#end
+
+</td>
+</tr>
+</table>
+
+	</td>
+      </tr>
+    </table>
+
+#include ( "ra/admin/console/config/footer.vm" )
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/config/xml.vm b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/xml.vm
new file mode 100644
index 000000000..31ff72aa2
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/config/xml.vm
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<response>
+  $xml 
+</response>
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/badge.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/badge.png
new file mode 100644
index 000000000..5fe0223b5
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/badge.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/bigrotation2.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/bigrotation2.gif
new file mode 100644
index 000000000..5bb90fd6a
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/bigrotation2.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-clear.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-clear.gif
new file mode 100644
index 000000000..336e6e5d9
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-clear.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-manage.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-manage.gif
new file mode 100644
index 000000000..8f2f3db5e
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-manage.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-search.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-search.gif
new file mode 100644
index 000000000..b015c82a9
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/button-search.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/certificate.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/certificate.png
new file mode 100644
index 000000000..2ea9f88bb
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/certificate.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/clearpixel.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/clearpixel.gif
new file mode 100644
index 000000000..ae710460b
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/clearpixel.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/favicon.ico b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/favicon.ico
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/icon_crit_update.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/icon_crit_update.gif
new file mode 100644
index 000000000..cf3c47907
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/icon_crit_update.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/id.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/id.png
new file mode 100644
index 000000000..2c54191e1
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/id.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/idkey.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/idkey.png
new file mode 100644
index 000000000..3e27d2d05
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/idkey.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/key.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/key.png
new file mode 100644
index 000000000..db2896248
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/key.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/lock.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/lock.png
new file mode 100644
index 000000000..56be3b755
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/lock.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/logo_header.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/logo_header.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/no-certificate.png b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/no-certificate.png
new file mode 100644
index 000000000..7d93a41c3
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/no-certificate.png
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-help.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-help.gif
new file mode 100644
index 000000000..21d9f13d6
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-help.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-home.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-home.gif
new file mode 100644
index 000000000..ef1726b74
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-home.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-software.gif b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-software.gif
new file mode 100644
index 000000000..dd64b485c
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/img/pki-icon-software.gif
diff --git a/dogtag/ra-ui/shared/docroot/ra/admin/console/js/misc.js b/dogtag/ra-ui/shared/docroot/ra/admin/console/js/misc.js
new file mode 100644
index 000000000..d4dc336ab
--- /dev/null
+++ b/dogtag/ra-ui/shared/docroot/ra/admin/console/js/misc.js
@@ -0,0 +1,30 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * This function is to submit the form's parameters and to decide if the 
+ * window should remain open.
+ *
+ * @param f The form
+ * @param fclose true if you want to close the window; otherwise false.
+ */
+function saveConfig(f, fclose) {
+    f.submit();
+    if (fclose == true)
+        window.close();
+}
diff --git a/dogtag/tks-ui/CMakeLists.txt b/dogtag/tks-ui/CMakeLists.txt
new file mode 100644
index 000000000..31d58dfba
--- /dev/null
+++ b/dogtag/tks-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(tks-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/tks-ui/LICENSE b/dogtag/tks-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/tks-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/tks-ui/build.xml b/dogtag/tks-ui/build.xml
new file mode 100644
index 000000000..26d16c67b
--- /dev/null
+++ b/dogtag/tks-ui/build.xml
@@ -0,0 +1,273 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="tks-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./shared"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./shared"
+                        mode="644"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/tks-ui/build_dogtag b/dogtag/tks-ui/build_dogtag
new file mode 100755
index 000000000..e769ab5d8
--- /dev/null
+++ b/dogtag/tks-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-tks-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="tks-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/tks-ui/dogtag-pki-tks-ui.spec b/dogtag/tks-ui/dogtag-pki-tks-ui.spec
new file mode 100644
index 000000000..f51d903a7
--- /dev/null
+++ b/dogtag/tks-ui/dogtag-pki-tks-ui.spec
@@ -0,0 +1,61 @@
+Name:           dogtag-pki-tks-ui
+Version:        9.0.0
+Release:        1%{?dist}
+Summary:        Dogtag Certificate System - Token Key Service User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-tks-ui = %{version}-%{release}
+
+Obsoletes:      pki-tks-ui < %{version}-%{release}
+
+Conflicts:      redhat-pki-tks-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag Token Key Service User Interface contains the graphical
+user interface for the Dogtag Token Key Service.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="tks-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_datadir}/pki/
+
+%changelog
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
diff --git a/dogtag/tks-ui/shared/webapps/tks/404.html b/dogtag/tks-ui/shared/webapps/tks/404.html
new file mode 100755
index 000000000..2fc48f1c0
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>TKS 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tks/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tks/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tks/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TKS Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/500.html b/dogtag/tks-ui/shared/webapps/tks/500.html
new file mode 100755
index 000000000..88829b9bd
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>TKS 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tks/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tks/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tks/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TKS Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/GenUnexpectedError.template b/dogtag/tks-ui/shared/webapps/tks/GenUnexpectedError.template
new file mode 100644
index 000000000..53e975d14
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>TKS Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/tks/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenError.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenError.template
new file mode 100644
index 000000000..e4a49ae07
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenError.template
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/tks/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+document.writeln('<P>');
+document.write('The '+result.fixed.authorityName+' ');
+document.writeln('encountered a problem while processing your request. ');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.errorDetails != null) {
+    document.write(result.fixed.errorDetails);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+if (result != null && result.recordSet != null && result.recordSet.length > 0){
+	document.writeln('<P>');
+    document.write('Additional Information:');
+	document.writeln('<P>');
+    document.write('<BLOCKQUOTE><B><PRE>');
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].errorDescription != null) {
+			document.writeln(result.recordSet[i].errorDescription);
+		}
+	}
+	document.writeln('</UL>');
+	document.write('</PRE></B></BLOCKQUOTE>');
+}
+</SCRIPT>
+
+<P>
+Please consult your local administrator for further assistance.
+The Certificate System logs may provide further information.
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenPending.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenPending.template
new file mode 100644
index 000000000..a75a5ebdc
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Request Pending</TITLE>
+
+<BODY bgcolor="white">
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate Managment System';
+if (result.fixed.authorityName != null) 
+	authority = result.fixed.authorityName;
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted to the '+authority+'. ');
+document.write('Your request will be processed when an authorized agent ');
+document.writeln('verifies and validates the information in your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.writeln('<P>');
+	document.write('Your can check on the status of your request with ');
+	document.write('an authorized agent or local administrator ');
+	document.writeln('by referring to this request ID.'); 
+} else {
+    document.write('<B>not provided.</B> ');
+    document.write('<P>');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenRejected.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenRejected.template
new file mode 100644
index 000000000..112717a7e
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenRejected.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Request Rejected</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Rejected
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null) {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('Your request has been rejected by the '+authority+'. ' );
+document.write('This may indicate that some attributes of the request ');
+document.write('violate the policies of this '+authority+'. ');
+
+document.writeln('<P>');
+document.writeln('Violation details: ');
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result == null || result.recordSet == null || result.recordSet.length == 0){
+	document.writeln('No further details provided.');
+}
+else {
+	document.writeln('<UL>');
+	for (var i = 0; i < result.recordSet.length; i++) {
+		if (result.recordSet[i].policyMessage != null) {
+			document.writeln(result.recordSet[i].policyMessage);
+		}
+	}
+	document.writeln('</UL>');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId == null) {
+	document.write('<B>not provided</B>.');
+	document.writeln('<P>');
+	document.write(
+		'Please consult your local administrator for further assistance.');
+} else {
+	document.write('<B>'+result.fixed.requestId+'</B>. ');
+	document.writeln('<P>');
+	document.write(
+		'You can contact an authorized agent or local administrator for ');
+	document.writeln('further assistance by referring to the request ID.');
+}
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenSuccess.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenSuccess.template
new file mode 100644
index 000000000..02a9b9b8b
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenSuccess.template
@@ -0,0 +1,44 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Generic Request Success</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submited
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+var authority = 'Certificate System';
+if (request.fixed.authorityName != null) 
+	authority = request.fixed.authorityName;
+
+document.writeln('<P>');
+document.write('Congratulations, your request has been successfully ');
+document.write('submitted and processed by the '+authority+'.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenSvcPending.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenSvcPending.template
new file mode 100644
index 000000000..cb36a5881
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenSvcPending.template
@@ -0,0 +1,61 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Request Svc Pending</TITLE>
+
+<BODY bgcolor="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Request Successfully Submitted
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+document.writeln('<P>');
+document.write('Your request has been successfully submitted and processed ');
+document.writeln('by the '+result.fixed.authorityName+'.');
+document.write('The '+result.fixed.authorityName+' is waiting for a remote ');
+if (result.fixed.remoteAuthorityName != null)
+	document.write(result.fixed.remoteAuthorityName);
+else
+	document.write('Certificate Manager or Data Recovery manager');
+document.write(' to fill your request.');
+
+document.writeln('<P>');
+document.write('Your request ID is ');
+if (result.fixed.requestId != null) {
+    document.write('<B>'+result.fixed.requestId+'</B>.');
+	document.write('<P>');
+	document.write('Your can check on status of your request with an '+
+				   'authorized agent or local administrator by referring '+
+				   'to this request ID.');
+} else {
+    document.write('not provided. ');
+	document.writeln('Please consult your local administrator for assistance.');
+}
+</SCRIPT>
+
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenUnauthorized.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenUnauthorized.template
new file mode 100644
index 000000000..c6e62f841
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenUnauthorized.template
@@ -0,0 +1,42 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<!-- This template is intended to be replaced by request specific results !  -->
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Generic Unauthorized</TITLE>
+
+<BODY BGCOLOR=white>
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Unauthorized Access
+</font>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="Javascript">
+document.writeln('<P>');
+document.write('You are not authorized for this operation.');
+document.write('<BR>');
+document.write('If you think this is an error please contact your ');
+document.writeln('local administrator for further assistance.');
+</SCRIPT>
+
+</font>
+</body>
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/GenUnexpectedError.template b/dogtag/tks-ui/shared/webapps/tks/agent/GenUnexpectedError.template
new file mode 100644
index 000000000..53287a8a0
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/GenUnexpectedError.template
@@ -0,0 +1,68 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<CMS_TEMPLATE>
+
+<TITLE>TKS Agent Processing Error!</TITLE>
+
+<BODY BGCOLOR="white">
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Problem Processing Your Request
+</font>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 WIDTH="100%" BACKGROUND="/tks/agent/graphics/hr.gif" >
+  <tr>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+
+<font size="-1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+
+<SCRIPT LANGUAGE="JavaScript">
+var authority = 'Certificate System'; 
+if (result.fixed.authorityName != null)  {
+	authority = result.fixed.authorityName;
+}
+
+document.writeln('<P>');
+document.write('The '+authority+' encountered an unexpected error ');
+document.writeln(' while processing your request.');
+document.writeln(
+	'The following is a detailed message of the error that occurred.'); 
+
+document.writeln('<P>');
+document.writeln('<BLOCKQUOTE><B><PRE>');
+if (result.fixed.unexpectedError != null) {
+    document.write(result.fixed.unexpectedError);
+} else {
+    document.write('No further details provided.');
+}
+document.writeln('</PRE></B></BLOCKQUOTE>');
+
+document.writeln('<P>');
+document.writeln(
+	'Please consult your local administrator for further assistance.');
+document.writeln('The Certificate System logs may provide further information.');
+</SCRIPT>
+
+</font>
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/cms-funcs.js b/dogtag/tks-ui/shared/webapps/tks/agent/cms-funcs.js
new file mode 100644
index 000000000..c8ffd51c7
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/cms-funcs.js
@@ -0,0 +1,538 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+
+
+function checkClientTime()
+{
+   var speed;
+   var server_date = new Date(serverdate); 
+   var client_date = new Date();
+   var zone = client_date.getTimezoneOffset(); 
+   var timediff = 0;
+
+   var serverutc = server_date.getTime();
+   var clientutc = client_date.getTime();
+
+   var offset = clientutc - serverutc;
+   if (offset >0) { 
+      speed = 'fast'; 
+      } else { 
+	  speed = 'slow'; 
+   } 
+   timediff = Math.round(Math.abs(offset/1000/60)); 
+
+    if (timediff > 10) { 
+       msg = 'Your computer\'s clock is '+ timediff+ ' minutes '+ speed  +
+             '\n\nYou may encounter problems using your certificate\n' +
+			 'as your clock is set incorrectly.\n\n' +
+			 'According to the server, the time is:\n  ' + server_date +
+			 '\n\nPlease correct your clock before proceeding with enrollment'+
+             '\n\nYour timezone is set to ' + (-zone/60) +' hours relative to GMT.\n' +
+			 'If you change your timezone, you may need to restart your browser\n'+
+             'before continuing.';
+			 alert(msg);
+			 return false;
+       }
+	return true;
+}
+
+
+
+
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.E != null) {
+	    if (E.value != '') {
+		if (doubleQuotes(E.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    E.value = '';
+		    E.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(E.value);
+	    }
+	}
+	if (form.CN!= null) {
+	    if (CN.value != '') {
+		if (doubleQuotes(CN.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    CN.value = '';
+		    CN.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(CN.value);
+	    }
+        }
+	if (form.UID1 != null) {
+	    if (UID1.value != '') {
+		if (doubleQuotes(UID1.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    UID1.value = '';
+		    UID1.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(UID1.value);
+	    }
+        }
+	if (form.OU != null) {
+	    if (OU.value != '') {
+		if (doubleQuotes(OU.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    OU.value = '';
+		    OU.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(OU.value);
+	    }  
+        }
+	if (form.O != null) {
+	    if (O.value != '') {
+		if (doubleQuotes(O.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    O.value = '';
+		    O.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(O.value);
+	    }  
+	}
+	if (form.L != null) {
+	    if (L.value != '') {
+		if (doubleQuotes(L.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    L.value = '';
+		    L.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(L.value);
+	    }
+	}
+	if (form.ST != null) {
+	    if (ST.value != '') {
+		if (doubleQuotes(ST.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    ST.value = '';
+		    ST.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(ST.value);
+	    }
+	}
+	if (form.C != null) {
+	    if (C.value != '') {
+		if (doubleQuotes(C.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    C.value = '';
+		    C.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(C.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.OU.value == '') && (form.O.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.CN.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+	// DEBUG 
+	//alert(form.subject);
+
+    with (form) {
+		if (email != null) {
+	   		if (E.value == "" && email.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (CN.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+	return true;
+    }
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day ) {
+        alert(fieldName + " is invalid");
+	return null;
+     }
+     else 
+     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (asPattern) { 
+   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+   }
+   else if (value != "")
+   	list[last] = tag+"="+escapeValueRfc1779(value);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+    with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+    	makeComponent(result,"E",E.value,asPattern);
+    	makeComponent(result,"CN",CN.value,asPattern);
+    	makeComponent(result,"UID",UID.value,asPattern);
+    	makeComponent(result,"OU",OU.value,asPattern);
+    	makeComponent(result,"O",O.value,asPattern);
+   	makeComponent(result,"L",L.value,asPattern);
+    	makeComponent(result,"ST",ST.value,asPattern);
+	makeComponent(result,"C",C.value,asPattern);
+    }
+    if (result.length == 0)
+    	return asPattern ? "0 == 0" : "0 == 1";
+    else 
+        return "subject" + ( asPattern ? " ~= " : " == ") +
+    				escapeValue(result.join(', '));
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+function navMajorVersion()
+{
+    return parseInt(navigator.appVersion.substring(0, navigator.appVersion.indexOf(".")));
+}
+//-->
+
+
+
+
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/funcs.js b/dogtag/tks-ui/shared/webapps/tks/agent/funcs.js
new file mode 100644
index 000000000..daef83d17
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/funcs.js
@@ -0,0 +1,686 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//<!--
+function doubleQuotes(componentName)
+{
+    for (i=0; i < componentName.length; i++) {
+        if (componentName.charAt(i) == '"') {
+            return true;
+        }
+    }
+    return false;
+}
+
+function escapeDNComponent(str)
+{
+    var outStr = "";
+    var escapeValue = false;
+
+    // Do we need to escape any characters
+    for (i=0; i < str.length; i++) {
+        c = str.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n') {
+            escapeValue = true;
+            break;
+        }
+    }
+
+    if (escapeValue == true) {
+        outStr += '"';
+        outStr += str;
+        outStr += '"';
+    } else {
+        outStr += str;
+    }
+    return outStr;
+}
+
+function formulateDN(form, distinguishedName)
+{
+    // Note: The alerts about double quotes are here to avoid
+    // problems with the code dealing with quoting and escaping in the
+    // Netscape Directory Server 1.0 implementation.
+    with (form) {
+        distinguishedName.value = '';
+	if (form.eMail != null) {
+	    if (eMail.value != '') {
+		if (doubleQuotes(eMail.value) == true) {
+		    alert('Double quotes are not allowed in the E-mail field');
+		    eMail.value = '';
+		    eMail.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'E=' + escapeDNComponent(eMail.value);
+	    }
+	}
+	if (form.commonName != null) {
+	    if (commonName.value != '') {
+		if (doubleQuotes(commonName.value) == true) {
+		    alert('Double quotes are not allowed in Common Name field');
+		    commonName.value = '';
+		    commonName.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'CN=' + escapeDNComponent(commonName.value);
+	    }
+        }
+	if (form.userID != null) {
+	    if (userID.value != '') {
+		if (doubleQuotes(userID.value) == true) {
+		    alert('Double quotes are not allowed in the user id field');
+		    userID.value = '';
+		    userID.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'UID=' + escapeDNComponent(userID.value);
+	    }
+        }
+	if (form.orgUnit != null) {
+	    if (orgUnit.value != '') {
+		if (doubleQuotes(orgUnit.value) == true) {
+		    alert('Double quotes are not allowed in Org Unit field');
+		    orgUnit.value = '';
+		    orgUnit.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'OU=' + escapeDNComponent(orgUnit.value);
+	    }  
+        }
+	if (form.org != null) {
+	    if (org.value != '') {
+		if (doubleQuotes(org.value) == true) {
+		    alert('Double quotes are not allowed in Organization field.');
+		    org.value = '';
+		    org.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'O=' + escapeDNComponent(org.value);
+	    }  
+	}
+	if (form.locality != null) {
+	    if (locality.value != '') {
+		if (doubleQuotes(locality.value) == true) {
+		    alert('Double quotes are not allowed in Locality field.');
+		    locality.value = '';
+		    locality.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'L=' + escapeDNComponent(locality.value);
+	    }
+	}
+	if (form.state != null) {
+	    if (state.value != '') {
+		if (doubleQuotes(state.value) == true) {
+		    alert('Double quotes are not allowed in State field.');
+		    state.value = '';
+		    state.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'ST=' + escapeDNComponent(state.value);
+	    }
+	}
+	if (form.country != null) {
+	    if (country.value != '') {
+		if (doubleQuotes(country.value) == true) {
+		    alert('Double quotes are not allowed in Country field.');
+		    country.value = '';
+		    country.focus();
+		    return;
+		}
+		if (distinguishedName.value != '') distinguishedName.value += ', ';
+		distinguishedName.value += 'C=' + escapeDNComponent(country.value);
+	    }
+	}
+    }
+}
+
+function isValidIssuerDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a CA cert if
+    // that cert does not contain an OU or O component.
+    if ((form.orgUnit.value == '') && (form.org.value == '')) {
+        alert("You must enter an Organization Unit or an Organization.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidAdminDN(form)
+{
+    // Note: The check here is to avoid a bug in Netscape Navigator 3.0 and 3.01
+    // that are triggered on formation of the nickname on import of a personal cert if
+    // that cert does not contain a common name.
+
+    if (form.commonName.value == '') {
+        alert("You must enter a Common Name.");
+        return false;
+    } else {
+        return true;
+    }
+}
+
+function isValidCSR(form)
+{
+    // Note: the checks here are of mixed origin.  Some are required for Navigator
+    // and Communicator.  The CSR field checks are to avoid server side rejection of the
+    // submission.  These checks can be split up to be different for different types of
+    // certificates.
+    
+    formulateDN(form, form.subject);
+
+    with (form) {
+	if (isEmailCert != null) {
+	   if (eMail.value == "" && isEmailCert.checked) {
+              alert("E-mail certificates must include an E-mail address.");
+	      return false;
+	   }
+        }
+        if (commonName.value == "") {
+            alert("You must supply your name for the certificate.");
+            return false;
+        }
+        if (csrRequestorName.value == "") {
+            csrRequestorName.value = commonName.value;
+        }
+        if (csrRequestorPhone.value == "" && csrRequestorEmail.value == "") {
+            alert("You must supply a contact phone number or e-mail address.");
+            return false;
+        }
+        return true;
+    }
+}
+
+function isNegative(string) {
+  if (string.charAt(0) == '-')
+     return true;
+  else
+     return false;
+}
+
+function isNumber(string, radix) {
+  var i = 0; 
+  var legalDigits;
+  if (radix == null || radix == 10) {
+     legalDigits = "0123456789";
+  } else if (radix == 16) {
+     legalDigits = "0123456789abcdefABCDEF:";
+  } else {
+     return false;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	break;
+  }
+  if (string.charAt(i) == '+' || string.charAt(i) == '-' ) {
+     ++i;
+  }
+  if (radix == 16 && i < string.length - 2 &&
+      string.charAt(i) == '0' &&
+      (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+      legalDigits.indexOf(string.charAt(i+2)) != -1) {
+	i += 3;
+  }
+  for(; i < string.length; ++i) {
+     if (legalDigits.indexOf(string.charAt(i)) == -1)
+     	break;
+  }
+  for(; i < string.length; ++i) {
+     if (string.charAt(i) != ' ')
+     	return false;
+  }
+  return true;
+}
+
+function isDecimalNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length &&
+        legalDigits.indexOf(string.charAt(i)) != -1) {
+        i++;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function isHexNumber(string) {
+    var i = 0; 
+    var legalDigits = "0123456789abcdefABCDEF";
+
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            break;
+    }
+    if (i < string.length - 2 &&
+        string.charAt(i) == '0' &&
+        (string.charAt(i+1) == 'x' || string.charAt(i+1) == 'X') &&
+        legalDigits.indexOf(string.charAt(i+2)) != -1) {
+        i += 3;
+    } else
+        return false;
+
+    for (; i < string.length; i++) {
+        if (legalDigits.indexOf(string.charAt(i)) == -1)
+            break;
+    }
+    for (; i < string.length; i++) {
+        if (string.charAt(i) != ' ')
+            return false;
+    }
+
+    return true;
+}
+
+function trim(string) {
+    var i, k, newString;
+
+    for (i = 0; i < string.length; i++) {
+        if (string.charAt(i) != ' ' )
+            break;
+    }
+    for (k = string.length - 1; k > i; k--) {
+        if (string.charAt(k) != ' ' )
+            break;
+    }
+    k++;
+
+    if (k > i)
+        newString = string.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+
+function dateForm(name)
+{
+	var i;
+	document.write('<FORM NAME=\"'+ name +'\">');
+	document.write('<SELECT NAME=\"day\"><OPTION VALUE=0> ');
+	for (i=1; i <=31; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('<SELECT NAME=\"month\">'+
+		'<OPTION VALUE=13> '+
+		'<OPTION VALUE=0>January'+
+		'<OPTION VALUE=1>February'+
+		'<OPTION VALUE=2>March'+
+		'<OPTION VALUE=3>April'+
+		'<OPTION VALUE=4>May'+
+		'<OPTION VALUE=5>June'+
+		'<OPTION VALUE=6>July'+
+		'<OPTION VALUE=7>August'+
+		'<OPTION VALUE=8>September'+
+		'<OPTION VALUE=9>October'+
+		'<OPTION VALUE=10>November'+
+		'<OPTION VALUE=11>December'+
+		'</SELECT>'
+	);
+	
+	document.write('<SELECT NAME=\"year\"><OPTION VALUE=0> ');
+	for (i=1996; i <=2006; ++i)
+		document.write('<OPTION VALUE='+i+'>'+i);
+	document.write('</SELECT>');
+	document.write('</FORM>');
+}
+
+function dateIsEmpty(form)
+{
+     return form.day.selectedIndex == 0  && 
+            form.month.selectedIndex == 0 &&
+	    form.year.selectedIndex == 0;
+}
+ 
+
+function convertDate(form, fieldName)
+{
+     var date;
+     var day = form.day.options[form.day.selectedIndex].value;
+     var month = form.month.options[form.month.selectedIndex].value;
+     var year = form.year.options[form.year.selectedIndex].value;
+     date = new Date(year,month,day);
+
+     // see if normalization was required
+     if (date.getMonth() != month || date.getDate() != day || year == 0) {
+        alert(fieldName + " is invalid");
+        return null;
+     }
+     else 
+     	return date.getTime();
+//     	return Math.round(date.getTime() / 1000);
+}
+
+function daysToSeconds(days){
+    return 3600 * 24 * days;
+}
+ 
+// encloses value in double quotes preceding all embedded double quotes with \
+function escapeValue(value)
+{
+    var result;
+    var fromIndex = 0, toIndex = 0;
+
+    // kludgy work-around for indexOf JavaScript bug on empty string
+    if (value == "")
+        return '\"\"';
+    
+    result = '\"';
+    while ((toIndex = value.indexOf('\"',fromIndex)) != -1) {
+    	result += value.substring(fromIndex,toIndex);
+     	result += '\\"';
+	fromIndex = toIndex + 1;
+    }
+    result += value.substring(fromIndex,value.length);
+    result += '\"';
+    return result;
+}
+
+// encloses value in double quotes preceding all embedded double quotes and 
+// backslashes with backslash
+function escapeValueJSString(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == '\\' | c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return '\"' + result + '\"';
+}
+
+function escapeValueRfc1779(value)
+{
+    var result = "";
+
+    // Do we need to escape any characters
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c == ',' || c == '=' || c == '+' || c == '<' ||
+            c == '>' || c == '#' || c == ';' || c == '\r' ||
+            c == '\n' || c == '\\' || c == '"') {
+			result += '\\';
+        }
+		result += c;
+    }
+    return result;
+}
+
+// helper function to construct name component(pattern)
+function makeComponent(list,tag,value,asPattern)
+{
+   var last = list.length;
+//   if (asPattern) { 
+//   	list[last] = (value == "") ? "*" : (tag+"="+escapeValueRfc1779(value));
+//   }
+//   else if (value != "")
+   if (value != "") {
+      list[last] = tag+"="+escapeValueRfc1779(value);
+//   } else if (!asPattern) {
+//      list[last] = tag+"=*";
+   }
+//   alert("asPattern = " + asPattern);
+}
+
+// If asPattern is false formulates the RFC 1779 format subject name 
+// from the component parts skipping all components with blank values,
+// otherwise builds RFC 1779-like matching pattern from components
+function computeNameCriterion(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponent(result,"E",eMail.value,asPattern);
+		makeComponent(result,"CN",commonName.value,asPattern);
+		makeComponent(result,"UID",userID.value,asPattern);
+		makeComponent(result,"OU",orgUnit.value,asPattern);
+		makeComponent(result,"O",org.value,asPattern);
+		makeComponent(result,"L",locality.value,asPattern);
+		makeComponent(result,"ST",state.value,asPattern);
+		makeComponent(result,"C",country.value,asPattern);
+	}
+    if (result.length == 0)
+//    	return asPattern ? "0 == 0" : "0 == 1";
+    	return "(x509Cert.subject=*)";
+    else  {
+        return "(x509Cert.subject" + (asPattern ? "~=" : "=") + escapeValue(nsjoin(result,",")) + ")";
+        }
+// escapeValue(result.join(', '));
+}
+
+// helper function to construct name component(pattern)
+function makeComponentFilter(list,tag,value,asPattern)
+{
+   var last = list.length;
+   if (value != "") {
+	if (asPattern) {
+		list[last] = "(x509Cert.subject=*"+tag+"=*"+
+			escapeValueRfc1779(value)+"*)";
+	} else {
+		// exact match (either the end, or appended with ",")
+		list[last] = "(|(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+",*)"
+			+"(x509Cert.subject=*"+tag+"="+
+			escapeValueRfc1779(value)+"))";
+	}
+   }
+}
+
+function computeNameFilter(form)
+{
+    var asPattern = form.match[1].checked;
+    var result = new Array;
+
+	with (form) {
+	// The order of clauses here determines how components are ordered
+	// in the name sent in the client's request.  A site may wish to
+	// re-order the clauses here if their conventions produce names
+	// with components in a different order.
+		makeComponentFilter(result,"E",eMail.value,asPattern);
+		makeComponentFilter(result,"CN",commonName.value,asPattern);
+		makeComponentFilter(result,"UID",userID.value,asPattern);
+		makeComponentFilter(result,"OU",orgUnit.value,asPattern);
+		makeComponentFilter(result,"O",org.value,asPattern);
+		makeComponentFilter(result,"L",locality.value,asPattern);
+		makeComponentFilter(result,"ST",state.value,asPattern);
+		makeComponentFilter(result,"C",country.value,asPattern);
+	}
+	if (result.length == 0) {
+		return "(x509Cert.subject=*)";
+	} else  {
+		if (asPattern) {
+        		return "(|" + nsjoin(result,"") + ")";
+		} else {
+        		return "(&" + nsjoin(result,"") + ")";
+		}
+	}
+}
+
+function booleanCrit(crit,radioArg)
+{
+    for (var i = 0; i < radioArg.length; ++i ){
+       if( radioArg[i].checked ) {
+          if (radioArg[i].value.length != 0) {
+	     crit[crit.length] = radioArg[i].name + " == " + radioArg[i].value;
+          }
+	  return;
+       }
+    }
+}
+
+function isHTTPEscapeChar(c)
+{
+    if (c == '%' || c == '#' || c == '+' || c == '=' || c == '\n' ||
+        c == '\r' || c == '\t' || c == ';' || c == '&' ||
+        c == '>') {
+        return true;
+    }
+
+    return false;
+}
+
+function produceHTTPEscapedString(inString)
+{
+    table = new Object();
+    table["%"] = "25";
+    table["#"] = "23";
+    table["+"] = "2B";
+    table["="] = "3D";
+    table["\n"] = "0A";
+    table["\r"] = "0D";
+    table["\t"] = "09";
+    table[";"] = "3B";
+    table["&"] = "26";
+    table[">"] = "3E";
+
+    outString = "";
+
+    for (i=0; i < inString.length; i++) {
+        if (inString.charAt(i) == ' ') {
+            outString += '+';
+        } else {
+            if (isHTTPEscapeChar(inString.charAt(i))) {
+                outString += "%" + table[inString.substring(i, i+1)];
+            } else {
+                outString += inString.charAt(i);
+            }
+        }
+    }
+
+    return outString;
+}
+
+function isHex(string)
+{
+      if (string.charAt(0) == '0' &&
+      (string.charAt(1) == 'x' || string.charAt(1) == 'X')) {
+        return true;
+      } else {
+        return false;
+      }
+}
+
+function writeError(errorDetails)
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (errorDetails != null) {
+                document.write(errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+              "further information.");
+}
+
+// strips (optional) spaces and 0[xX] prefix at the beginning of s
+function stripPrefix(s)
+{
+  var i;
+  for(i = 0; i < s.length - 1; ++i) {
+     if (s.charAt(i) != ' ' )
+	break;
+  }
+  if (s.charAt(i) == '0' && (s.charAt(i+1) == 'x' || s.charAt(i+1) == 'X')) {
+	return s.substring(i+2,s.length);
+  } else {
+  	return  s.substring(i,s.length);;
+  }
+}
+
+// removes colons from value and returns the result
+// used as helper to convert colon-separated hexadecimal numbers
+// to regular numbers
+function removeColons(value)
+{
+    var result = "";
+
+    for (i=0; i < value.length; i++) {
+        c = value.charAt(i);
+        if (c != ':' ){
+		result += c;
+        }
+    }
+    return result;
+}
+
+// Replacement for the array.join() function which isn't in MSIE 3.0
+
+function nsjoin(array,str) {
+  val = "";
+  for (i=0; i<array.length; i++) {
+    val = val + array[i];
+    if (i < (array.length-1)) val = val+str;
+    }
+  return val;
+}
+//-->
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/dgLeftTab.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/dgLeftTab.gif
new file mode 100644
index 000000000..35a76c859
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/dgLeftTab.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/dgRightTab.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/dgRightTab.gif
new file mode 100644
index 000000000..a519bc759
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/dgRightTab.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/favicon.ico b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/favicon.ico
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/goto-tall.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/goto-tall.gif
new file mode 100644
index 000000000..6eea3ef5c
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/goto-tall.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/gray90.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/gray90.gif
new file mode 100644
index 000000000..c6f811102
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/gray90.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/hr.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/hr.gif
new file mode 100644
index 000000000..14f8acf92
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/hr.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/lgLeftTab.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/lgLeftTab.gif
new file mode 100644
index 000000000..a78fbc89d
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/lgLeftTab.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/lgRightTab.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/lgRightTab.gif
new file mode 100644
index 000000000..71852402d
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/lgRightTab.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/logo_header.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/logo_header.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/graphics/spacer.gif b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/spacer.gif
new file mode 100644
index 000000000..13acffe53
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/graphics/spacer.gif
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/header.template b/dogtag/tks-ui/shared/webapps/tks/agent/header.template
new file mode 100644
index 000000000..dc92d82ad
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/header.template
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>Header</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body onResize=location.reload() bgcolor="#CCCCCC" link="#FFFFFF" vlink="#FFFFFF" alink="#CCCCFF">
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tks/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr> 
+          <td><img src="/tks/agent/graphics/spacer.gif" alt="" width="12" height="21"></td>
+<SCRIPT type="text/javascript">
+	for (var i = 0; i < result.recordSet.length; ++i) {
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/tks/agent/graphics/lgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#cccccc" nowrap>');
+		} else {
+          		document.write('<td><img src="/tks/agent/graphics/dgLeftTab.gif" width="13" height="21"><\/td>');
+          		document.write('<td bgcolor="#999999" nowrap>');
+		}
+		document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif">');
+                if (result.recordSet[i].type == "CertificateAuthority") {
+			type = "Certificate Manager";
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			type = "Data Recovery Manager";
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			type = "Online Certificate Status Manager";
+		} else if (result.recordSet[i].type == "RegistrationAuthority") {
+			type = "Registration Manager";
+		}
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<b>' + type + '<\/b>');
+		} else {
+          		document.write('<a href="../' + 
+				result.recordSet[i].id + 
+				'/index.html" target="_top">' + 
+				type + '<\/a>');
+		}
+		document.write('<\/font><\/td>');
+		if (result.recordSet[i].id == header.selected) {
+          		document.write('<td><img src="/tks/agent/graphics/lgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		} else {
+          		document.write('<td><img src="/tks/agent/graphics/dgRightTab.gif" width="16" height="21" alt=""><\/td>');
+		}
+	}
+</SCRIPT>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+</body>
+</html>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/helpfun.js b/dogtag/tks-ui/shared/webapps/tks/agent/helpfun.js
new file mode 100644
index 000000000..f9580279a
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/helpfun.js
@@ -0,0 +1,36 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+
+function help(helptopic) { 
+
+     var HelpWin=window.open("","MyWin", "toolbar=no,directories=no,menubar=no,status=no,scrollbars=yes,resizable=yes,width=500,height=500"); 
+
+     HelpWin.location = helptopic;
+     HelpWin.focus();
+
+}
+
+function helpstatus(helpline) {
+
+     window.status = helpline;
+
+     return true;
+
+}
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/index.html b/dogtag/tks-ui/shared/webapps/tks/agent/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/index.template b/dogtag/tks-ui/shared/webapps/tks/agent/index.template
new file mode 100644
index 000000000..588712364
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/index.template
@@ -0,0 +1,140 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>TKS Agent</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/tks/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Agent Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	var displayServices = 'true';
+	for (var i = 0; i < result.recordSet.length; ++i) {
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].id + '/index.html');
+		if (result.recordSet[i].type == "RegistrationAuthority") {
+			document.write('">Registration Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "CertificateAuthority") {
+			document.write('">Certificate Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process certificate requests, revoke certificates, and update information in the directory server.');
+		} else if (result.recordSet[i].type == "OCSPAuthority") {
+			displayServices = 'false';
+			document.write('">Online Certificate Status Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to check certificate status.');
+		} else if (result.recordSet[i].type == "KeyRecoveryAuthority") {
+			displayServices = 'false';
+			document.write('">Data Recovery Manager Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+			document.write('The operations available through this menu are used to process key requests, and recover keys.');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+document.write('<tr valign="TOP">'); 
+document.write('<td>&nbsp;</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+if (displayServices== 'true')
+{	
+	document.write('<tr valign="TOP">');
+	document.write('<TD><IMG src="/graphics/goto-tall.gif" width="10" height="15"></TD>');
+	document.write('<TD><FONT face="PrimaSans BT, Verdana, sans-serif">');
+	document.write('<A href="ports">Services Summary</A></FONT></TD>');
+	document.write('</tr>');
+}
+document.write('<TR valign="TOP">');
+document.write('<TD> </TD>');
+document.write('<TD> </TD>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</td>');
+document.write('<td>&nbsp;</td>');
+document.write('</tr>');
+</SCRIPT>
+
+</table>
+</body>
+</html>
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/ports.template b/dogtag/tks-ui/shared/webapps/tks/agent/ports.template
new file mode 100644
index 000000000..e1f1ee73e
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/ports.template
@@ -0,0 +1,121 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<CMS_TEMPLATE>
+<title>TKS Agent Ports</title>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+</head>
+
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<table border="0" width="100%" cellspacing="0" cellpadding="6">
+  <tr bgcolor="#000080"> 
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr> 
+          <td><img src="/tks/agent/graphics/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> Services Summary</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+  <tr valign="TOP"> 
+    <td>&nbsp;</td>
+    <td> 
+      <table border="0" cellspacing="0" cellpadding="0">
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+<SCRIPT type="text/javascript">
+function displayError()
+{
+        document.write("<center><h2><b>" +
+                "Problem Processing Your Request" +
+                "</b></h2></center><p>" +
+                "The service encountered a problem " +
+                "when processing your request. This problem may " +
+                "indicate a flaw in the form used to submit your " +
+                "request or the values that were entered into the form." +
+                "The following message supplies more information " +
+                "about the error that occurred.<p>");
+        document.write("<blockquote><b><pre>");
+        if (result.header.errorDetails != null) {
+                document.write(result.header.errorDetails);
+        } else {
+                document.write("Unable to provide details. " +
+                 "Contact Administrator.");
+        }
+        document.write("</pre></b></blockquote>");
+        if (result.header.errorDescription != null) {
+                document.write('<p>Additional Information:<p>');
+                document.write('<blockquote><b>');
+                document.write(result.header.errorDescription);
+                document.write('</b></blockquote>');
+        }
+        document.write("<p>");
+        document.write("Please consult your local administrator for " +
+                "further assistance.");
+        document.write("The certificate server's log may provide " +
+                "further information.");
+}
+
+if (result.header.errorDetails != null) {
+        displayError();
+} else {
+	for (var i = 0; i < result.recordSet.length; ++i) {
+          if (result.recordSet[i].port == -1)
+                  continue;
+        	document.write('<tr valign="TOP">');
+          	document.write('<td>');
+		document.write('<img src="/tks/agent/graphics/goto-tall.gif" width="10" height="15">&nbsp;</td>');
+          	document.write('<td>');
+		document.write('<font face="PrimaSans BT, Verdana, sans-serif">');
+		document.write('<a href="');
+		document.write(result.recordSet[i].prefix + "://" +
+			result.header.hostname + ":" +
+			result.recordSet[i].port);
+		if (result.recordSet[i].type == "eeGateway.http.port") {
+			document.write('">End Users Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else if (result.recordSet[i].type == "eeGateway.https.port") {
+			document.write('">SSL End Users Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else if (result.recordSet[i].type == "agentGateway.https.port") {
+			document.write('">Agent Services</a></font>');
+			document.write('<font size="-1" face="PrimaSans BT, Verdana, sans-serif"><br>');
+		} else {
+			document.write('">Internal Error</a></font>');
+		}
+		document.write('</font></td></tr>');
+	}
+}
+</SCRIPT>
+        <tr valign="TOP"> 
+          <td>&nbsp;</td>
+          <td>&nbsp;</td>
+        </tr>
+      </table>
+    </td>
+    <td>&nbsp;</td>
+  </tr>
+</table>
+</body>
+</html>
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/tks/getStats.template b/dogtag/tks-ui/shared/webapps/tks/agent/tks/getStats.template
new file mode 100644
index 000000000..a08a6fe60
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/tks/getStats.template
@@ -0,0 +1,141 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+   <title>Display CRL</title>
+   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<SCRIPT LANGUAGE="JavaScript"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript" SRC="../helpfun.js"></SCRIPT>
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+if (navigator.appName == "Microsoft Internet Explorer") {
+    document.writeln('<META HTTP-EQUIV="Pragma" CONTENT="no-cache">');
+}
+//-->
+</SCRIPT>
+</head>
+
+<CMS_TEMPLATE>
+
+<body bgcolor="#FFFFFF" link="#6666CC" vlink="#6666CC" alink="#333399">
+<font face="PrimaSans BT, Verdana, sans-serif" size="+1">
+Statistics
+</font><br>
+<table border="0" cellspacing="0" cellpadding="0" background="/graphics/hr.gif" width="100%">
+  <tr> 
+    <td>&nbsp;</td>
+  </tr>
+</table>
+<br>
+
+<SCRIPT LANGUAGE="JavaScript">
+<!--
+    document.writeln('<table border="0" cellspacing="0" cellpadding="0" width="100%">');
+    document.writeln('<tr align="left" bgcolor="#e5e5e5"><td align="left">');
+    document.writeln('<font face="PrimaSans BT, Verdana, sans-serif" size="-1">');
+    document.writeln('Detailed Information (Start Time <b>' + header.startTime + '</b>, Current Time: <b>' + header.curTime + '</b>)</font></td><td align=right><a href="getStats?op=clear">Clear Statistics</a></td></tr></table>');
+
+    document.writeln('<table border="0" cellspacing="2" cellpadding="2" width="100%">');
+    document.writeln('<tr>');
+    document.writeln('<td width="40%">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Action</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b># of operations</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Time Taken (in msec)</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Min</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Max</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Std Dev</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Avg</b></font></td>');
+    document.writeln('<td align="left">');
+    document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+    document.writeln('<b>Percentage</b></font></td>');
+    document.writeln('</tr>');
+    for (var i = 0; i <=  recordCount; i++) {
+      if (result.recordSet[i].name.charAt(0) == '-') {
+        document.writeln('<tr><td>');
+      } else {
+        document.writeln('<tr bgcolor="#cccccc"><td>');
+      }
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].name + '</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].noOfOp+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      document.writeln(result.recordSet[i].timeTaken+'</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].min+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].max == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].max+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].stddev == -1) {
+        document.writeln('-</font></td>');
+      } else {
+        document.writeln(result.recordSet[i].stddev+'</font></td>');
+      }
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].avg))/100);
+      }
+      document.writeln('</font></td>');
+      document.writeln('<td>');
+      document.writeln('<font size=-1 face="PrimaSans BT, Verdana, sans-serif">');
+      if (result.recordSet[i].noOfOp == 0) {
+        document.writeln('-');
+      } else {
+        document.writeln(Math.round(100*(result.recordSet[i].percentage))/100 + '%');
+      }
+      document.writeln('</font></td>');
+      document.writeln('</tr>');
+    }
+    document.writeln('</table><br>');
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
+
diff --git a/dogtag/tks-ui/shared/webapps/tks/agent/tks/index.html b/dogtag/tks-ui/shared/webapps/tks/agent/tks/index.html
new file mode 100644
index 000000000..615afae2c
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/agent/tks/index.html
@@ -0,0 +1,31 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+  <meta http-equiv="content-type"
+ content="text/html; charset=ISO-8859-1">
+  <link rel="shortcut icon" href="/tks/agent/graphics/favicon.ico" />
+  <title>TKS Agent</title>
+</head>
+<body>
+<div style="text-align: center;"><big><big><big><big><span
+ style="font-weight: bold;">TKS&nbsp; services</span></big></big></big></big><br>
+</div>
+</body>
+</html>
diff --git a/dogtag/tks-ui/shared/webapps/tks/index.html b/dogtag/tks-ui/shared/webapps/tks/index.html
new file mode 100644
index 000000000..30662d47a
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/index.html
@@ -0,0 +1,23 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<script lang="javascript">
+    // redirect to 'ROOT'
+    window.location = "/";
+</script>
+</html>
diff --git a/dogtag/tks-ui/shared/webapps/tks/services.template b/dogtag/tks-ui/shared/webapps/tks/services.template
new file mode 100644
index 000000000..be72e2cdc
--- /dev/null
+++ b/dogtag/tks-ui/shared/webapps/tks/services.template
@@ -0,0 +1,106 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<CMS_TEMPLATE>
+<title>TKS Services</title>
+    <link rel="shortcut icon" href="img/favicon.ico" />
+    <link rel="stylesheet" href="css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TKS Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+<script language=javascript>
+for (var i=0; i<result.recordSet.length; ++i) {
+    document.write('<tr valign="TOP">');
+    document.write('<td>');
+    document.write('<td>');
+    document.write('<font size=4 face="PrimaSans BT, Verdana, sans-serif">');
+    document.write('<li><a href="');
+    document.write(result.recordSet[i].prefix + "://" +
+      result.recordSet[i].host + ":" + result.recordSet[i].port + "/"+
+      result.recordSet[i].uri);
+    if (result.recordSet[i].type == "admin") {
+        document.write('">Admin Services</a></font>');
+    } else if (result.recordSet[i].type == "agent") {
+        document.write('">Agent Services</a></font>');
+    } else if (result.recordSet[i].type == "ee") {
+        document.write('">SSL End Users Services</a></font>');
+    }
+
+    document.write('</font></td></tr>');
+}
+</script>
+<tr valign="TOP">
+<td>&nbsp;</td>
+<td>&nbsp;</td>
+</tr>
+</table>
+</center>
+<div id="footer">
+</div>
+</body>
+</html>
diff --git a/dogtag/tps-ui/CMakeLists.txt b/dogtag/tps-ui/CMakeLists.txt
new file mode 100644
index 000000000..1164a7ca0
--- /dev/null
+++ b/dogtag/tps-ui/CMakeLists.txt
@@ -0,0 +1,8 @@
+project(tps-ui)
+
+install(
+    DIRECTORY
+        shared/
+    DESTINATION
+        ${SHARE_INSTALL_PREFIX}/${APPLICATION_NAME}/${PROJECT_NAME}
+)
diff --git a/dogtag/tps-ui/LICENSE b/dogtag/tps-ui/LICENSE
new file mode 100644
index 000000000..e281f4362
--- /dev/null
+++ b/dogtag/tps-ui/LICENSE
@@ -0,0 +1,291 @@
+This Program is free software; you can redistribute it and/or modify 
+it under the terms of the GNU General Public License as published 
+by the Free Software Foundation; version 2 of the License.
+ 
+This Program is distributed in the hope that it will be useful, but 
+WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY 
+or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 
+for more details.
+ 
+You should have received a copy of the GNU General Public License 
+along with this Program; if not, write to the Free Software 
+Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ 
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
diff --git a/dogtag/tps-ui/build.xml b/dogtag/tps-ui/build.xml
new file mode 100644
index 000000000..2fc35e8e4
--- /dev/null
+++ b/dogtag/tps-ui/build.xml
@@ -0,0 +1,285 @@
+<!-- ### BEGIN COPYRIGHT BLOCK ###
+  This program is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published by
+  the Free Software Foundation; version 2 of the License.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  You should have received a copy of the GNU General Public License along
+  with this program; if not, write to the Free Software Foundation, Inc.,
+  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+  Copyright (C) 2007 Red Hat, Inc.
+  All rights reserved.
+     ### END COPYRIGHT BLOCK ### -->
+<project name="tps-ui" default="main" basedir=".">
+
+    <import file="config/product.xml"/>
+    <import file="config/product-ext.xml" optional="true"/>
+
+
+    <target name="clean"
+            depends=""
+            description="--> remove component directories">
+        <echo message="${begin.clean.log.message}"/>
+        <delete dir="${dist.base}"/>
+        <delete dir="${build.dir}"/>
+        <echo message="${end.clean.log.message}"/>
+    </target>
+
+
+    <target name="download"
+            depends=""
+            description="--> download dependent components">
+        <echo message="${begin.download.log.message}"/>
+        <echo message="${empty.download.log.message}"/>
+        <echo message="${end.download.log.message}"/>
+    </target>
+
+
+    <target name="compile_java"
+            depends=""
+            description="--> compile java source code into classes">
+        <echo message="${begin.compile.java.log.message}"/>
+        <echo message="${empty.compile.java.log.message}"/>
+        <echo message="${end.compile.java.log.message}"/>
+    </target>
+
+
+    <target name="build_jars"
+            depends="compile_java"
+            description="--> generate jar files">
+        <echo message="${begin.build.jars.log.message}"/>
+        <echo message="${empty.build.jars.log.message}"/>
+        <echo message="${end.build.jars.log.message}"/>
+    </target>
+
+
+    <target name="build_jni_headers"
+            depends="compile_java"
+            description="--> generate jni header files">
+        <echo message="${begin.build.jni.headers.log.message}"/>
+        <echo message="${empty.build.jni.headers.log.message}"/>
+        <echo message="${end.build.jni.headers.log.message}"/>
+    </target>
+
+
+    <target name="build"
+            depends="build_jars,build_jni_headers"
+            description="--> build classes, jars, and jni headers">
+        <echo message="${notify.build.log.message}"/>
+    </target>
+
+
+    <target name="compile_junit_tests"
+            depends="build"
+            description="--> compile junit test source code">
+        <echo message="${begin.compile.junit.tests.log.message}"/>
+        <echo message="${empty.compile.junit.tests.log.message}"/>
+        <echo message="${end.compile.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="run_junit_tests"
+            depends="compile_junit_tests"
+            description="--> execute junit tests">
+        <echo message="${begin.run.junit.tests.log.message}"/>
+        <echo message="${empty.run.junit.tests.log.message}"/>
+        <echo message="${end.run.junit.tests.log.message}"/>
+    </target>
+
+
+    <target name="verify"
+            depends="run_junit_tests"
+            description="--> build and execute junit tests">
+        <echo message="${notify.verify.log.message}"/>
+    </target>
+
+
+    <target name="clean_javadocs"
+            depends=""
+            description="--> remove javadocs directory">
+        <echo message="${begin.clean.javadocs.log.message}"/>
+        <echo message="${empty.clean.javadocs.log.message}"/>
+        <echo message="${end.clean.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="compose_javadocs"
+            depends="build"
+            description="--> generate javadocs">
+        <echo message="${begin.compose.javadocs.log.message}"/>
+        <echo message="${empty.compose.javadocs.log.message}"/>
+        <echo message="${end.compose.javadocs.log.message}"/>
+    </target>
+
+
+    <target name="document"
+            depends="clean_javadocs,compose_javadocs"
+            description="--> remove old javadocs and compose new javadocs">
+        <echo message="${notify.document.log.message}"/>
+    </target>
+
+
+    <target name="distribute_binaries"
+            depends="document"
+            description="--> create the zip and gzipped tar binary distributions">
+        <echo message="${begin.distribute.binaries.log.message}"/>
+        <mkdir dir="${dist.base.binaries}"/>
+
+        <echo message="${begin.binary.wrappers.log.message}"/>
+        <echo message="${empty.binary.wrappers.log.message}"/>
+        <echo message="${end.binary.wrappers.log.message}"/>
+
+        <echo message="${begin.binary.zip.log.message}"/>
+        <zip destfile="${dist.base.binaries}/${dist.name}.zip">
+            <zipfileset dir="./shared"
+                        filemode="644"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+                <exclude name="cgi-bin/sow/cfg.pl"/>
+            </zipfileset>
+            <zipfileset dir="./shared"
+                        filemode="755"
+                        prefix="usr/share/${product.prefix}/${product}">
+                <include name="cgi-bin/sow/cfg.pl"/>
+            </zipfileset>
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.binary.zip.log.message}"/>
+
+        <echo message="${begin.binary.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.binaries}/${dist.name}.tar">
+            <tarfileset dir="./shared"
+                        mode="644"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="**"/>
+                <exclude name="cgi-bin/sow/cfg.pl"/>
+            </tarfileset>
+            <tarfileset dir="./shared"
+                        mode="755"
+                        prefix="${dist.name}/usr/share/${product.prefix}/${product}">
+                <include name="cgi-bin/sow/cfg.pl"/>
+            </tarfileset>
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${dist.name}/usr/share/doc/${dist.name}">
+                <include name="LICENSE"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.binary.tar.log.message}"/>
+
+        <echo message="${begin.binary.gtar.log.message}"/>
+        <gzip destfile="${dist.base.binaries}/${dist.name}.tar.gz"
+              src="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete file="${dist.base.binaries}/${dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.binaries}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.binary.gtar.log.message}"/>
+
+        <echo message="${end.distribute.binaries.log.message}"/>
+    </target>
+
+
+    <target name="distribute_source"
+            depends=""
+            description="--> create the zip and gzipped tar source distributions">
+        <echo message="${begin.distribute.source.log.message}"/>
+        <mkdir dir="${dist.base.source}"/>
+
+        <echo message="${begin.source.zip.log.message}"/>
+        <zip destfile="${dist.base.source}/${src.dist.name}.zip">
+            <zipfileset dir="."
+                        filemode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </zipfileset>
+        </zip>
+        <echo message="${end.source.zip.log.message}"/>
+
+        <echo message="${begin.source.tar.log.message}"/>
+        <tar longfile="gnu"
+             destfile="${dist.base.source}/${src.dist.name}.tar">
+            <tarfileset dir="."
+                        mode="644"
+                        prefix="${src.dist.name}">
+                <include name="${specfile}"/>
+                <include name="LICENSE"/>
+                <include name="build.xml"/>
+                <include name="config/product*.xml"/>
+                <include name="config/release*.xml"/>
+                <include name="release"/>
+                <include name="shared/**"/>
+            </tarfileset>
+        </tar>
+        <echo message="${end.source.tar.log.message}"/>
+
+        <echo message="${begin.source.gtar.log.message}"/>
+        <gzip destfile="${dist.base.source}/${src.dist.name}.tar.gz"
+              src="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete file="${dist.base.source}/${src.dist.name}.tar"/>
+        <delete dir="${dist.name}"/>
+        <checksum fileext=".md5">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <checksum fileext=".sha1"
+                  algorithm="SHA">
+            <fileset dir="${dist.base.source}/">
+                <include name="**/*"/>
+                <exclude name="**/*.asc"/>
+                <exclude name="**/*.md5"/>
+            </fileset>
+        </checksum>
+        <echo message="${end.source.gtar.log.message}"/>
+
+        <echo message="${end.distribute.source.log.message}"/>
+    </target>
+
+
+    <target name="distribute"
+            depends="distribute_binaries,distribute_source"
+            description="--> create binary and source component distributions">
+        <echo message="${notify.distribute.log.message}"/>
+    </target>
+
+
+    <target name="main"
+            depends="clean,distribute"
+            description="--> clean, build, verify, document, distribute [default]">
+        <echo message="${notify.main.log.message}"/>
+    </target>
+
+</project>
+
diff --git a/dogtag/tps-ui/build_dogtag b/dogtag/tps-ui/build_dogtag
new file mode 100755
index 000000000..0e2bf56f5
--- /dev/null
+++ b/dogtag/tps-ui/build_dogtag
@@ -0,0 +1,82 @@
+#!/bin/bash
+# BEGIN COPYRIGHT BLOCK
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# END COPYRIGHT BLOCK
+
+# Always switch into the base directory of this
+# shell script prior to executing it so that all
+# of its output is written to this directory
+cd `dirname $0`
+
+# Retrieve the directory name housing this component
+PWD=`pwd`
+
+# Set Dogtag component-specific environment variables
+DOGTAG_BUILD_SCRIPT=`basename $0`
+export DOGTAG_BUILD_SCRIPT
+DOGTAG_COMPONENT=`basename ${PWD}`
+export DOGTAG_COMPONENT
+DOGTAG_SPECFILE="dogtag-pki-tps-ui.spec"
+export DOGTAG_SPECFILE
+
+# Set PKI 'ant' environment variables (originally obtained from specfile)
+PKI_PRODUCT_UI_FLAVOR_PREFIX="dogtag"
+export PKI_PRODUCT_UI_FLAVOR_PREFIX
+PKI_PRODUCT_PREFIX="pki"
+export PKI_PRODUCT_PREFIX
+PKI_PRODUCT="tps-ui"
+export PKI_PRODUCT
+PKI_VERSION="9.0.0"
+export PKI_VERSION
+
+# Set Dogtag helper variables
+DOGTAG_COMPONENT_NAME=${PKI_PRODUCT}
+export DOGTAG_COMPONENT_NAME
+DOGTAG_WGET_URL=http://cvs.fedora.redhat.com/viewvc
+export DOGTAG_WGET_URL
+
+# Obtain '${DOGTAG_SPECFILE}' as necessary
+if [ "$1" = "refresh" ]; then
+	if [ -f "${DOGTAG_SPECFILE}" ]; then
+		printf "Removing '${DOGTAG_SPECFILE}' . . . "
+		rm -rf ${DOGTAG_SPECFILE}
+		printf "done.\n"
+	fi
+	shift
+fi
+if [ ! -f "${DOGTAG_SPECFILE}" ]; then
+	# Check for Fedora Operating System
+	if [ ! -f /etc/fedora-release ]; then
+		printf "'${DOGTAG_COMPONENT_NAME}' ONLY builds on Fedora!\n"
+		exit 255
+	fi
+	# Obtain Fedora Operating System Version
+	FEDORA_VERSION="F-`cat /etc/fedora-release | awk '{print $3}'`"
+	export FEDORA_VERSION
+	# Retrieve '${DOGTAG_SPECFILE}' from Koji
+	printf "Fetching '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}' . . .\n"
+	wget -O ${DOGTAG_SPECFILE} ${DOGTAG_WGET_URL}/${FEDORA_VERSION}/${DOGTAG_COMPONENT_NAME}/${DOGTAG_SPECFILE}?view=co
+	if [ ! -s "${DOGTAG_SPECFILE}" ]; then
+		printf "Failed to fetch '${DOGTAG_SPECFILE}' for '${FEDORA_VERSION}'!\n"
+		rm -rf ${DOGTAG_SPECFILE}
+		exit 255
+	fi
+fi
+
+# Invoke the shared Dogtag PKI build script
+config-ext/build_dogtag_pki $@
+
diff --git a/dogtag/tps-ui/dogtag-pki-tps-ui.spec b/dogtag/tps-ui/dogtag-pki-tps-ui.spec
new file mode 100644
index 000000000..414967e4d
--- /dev/null
+++ b/dogtag/tps-ui/dogtag-pki-tps-ui.spec
@@ -0,0 +1,65 @@
+Name:           dogtag-pki-tps-ui
+Version:        9.0.0
+Release:        2%{?dist}
+Summary:        Dogtag Certificate System - Token Processing System User Interface
+URL:            http://pki.fedoraproject.org/
+License:        GPLv2 and LGPLv2
+Group:          System Environment/Base
+
+BuildArch:      noarch
+
+BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+
+BuildRequires:  ant
+
+Source0:        http://pki.fedoraproject.org/pki/sources/%{name}/%{name}-%{version}.tar.gz
+
+# NOTE:  Several PKI packages require a "virtual" UI component.  These
+#        "virtual" UI components are "Provided" by various UI "flavors"
+#        including "dogtag", "redhat", and "null".  Consequently,
+#        all "dogtag", "redhat", and "null" UI components MUST be
+#        mutually exclusive!
+Provides:       pki-tps-ui =  %{version}-%{release}
+
+Obsoletes:      pki-tps-ui <  %{version}-%{release}
+
+Conflicts:      redhat-pki-tps-ui
+
+%description
+Dogtag Certificate System is an enterprise software system designed
+to manage enterprise Public Key Infrastructure (PKI) deployments.
+
+The Dogtag Token Processing System User Interface contains the graphical
+user interface for the Dogtag Token Processing System.
+
+%prep
+
+%setup -q
+
+%build
+ant \
+    -Dproduct.ui.flavor.prefix="dogtag" \
+    -Dproduct.prefix="pki" \
+    -Dproduct="tps-ui" \
+    -Dversion="%{version}"
+
+%install
+rm -rf %{buildroot}
+cd dist/binary
+unzip %{name}-%{version}.zip -d %{buildroot}
+
+%clean
+rm -rf %{buildroot}
+
+%files
+%defattr(-,root,root,-)
+%doc LICENSE
+%{_datadir}/pki/
+
+%changelog
+* Fri Feb 4 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-2
+- Bugzilla Bug 606944- Use openldap instead of mozldap
+
+* Fri Nov 19 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
+- Updated Dogtag 1.3.x --> Dogtag 2.0.0 --> Dogtag 9.0.0.
+
diff --git a/dogtag/tps-ui/shared/cgi-bin/demo/Enroll.html b/dogtag/tps-ui/shared/cgi-bin/demo/Enroll.html
new file mode 100755
index 000000000..d366f1a85
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/demo/Enroll.html
@@ -0,0 +1,81 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/demo/style.css" type="text/css">
+
+<title>Enrollment</title>
+</head>
+<script type="text/JavaScript" src="/esc/demo/util.js">
+</script>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+<table width="100%" class="logobar">
+  <tr>
+    <td>
+<img alt="" src="/demo/logo.jpg">
+    </td>
+    <td>
+      <p class="headerText">Veracify Investments Smartcard Enrollment</p>
+    </td>
+  </tr>
+</table>
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+       <td></td>
+    </tr>
+  </table>
+  <p class="bodyText">You have plugged in your Veracify Investments smartcard! After answering a few easy questions, you will be able to use your smartcard to securely manage your investment portfolio.
+  </p>
+  <p class="bodyText"> 
+      Now we would like you to identify yourself as a current Veracify Investments Customer.
+   </p>  
+    <table>
+      <tr>
+        <td><p >Veracify Account Name: </p></td>
+        <td> </td>
+        <td><input type="text" id="snametf"  value=""></td>
+         <td> </td>
+        <td><p>Veracify Account Number: </p></td>
+         <td> </td>
+        <td><input type="password" id="snamepwd" value=""></td>
+      </tr>
+
+      </table>
+
+      <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> 
+      <table>
+      <tr>
+        <td><p >Password:</p></td>
+        <td><input type="password" id="pintf" name="pintf" value=""></td>
+
+        <td><p >Re-Enter Password:</p></td>
+        <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Veracify Smartcard" onClick="DoEnrollCOOLKey();">
+        </td>
+      </tr>
+    </table>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/home/Enroll.html b/dogtag/tps-ui/shared/cgi-bin/home/Enroll.html
new file mode 100755
index 000000000..daa5fead8
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/home/Enroll.html
@@ -0,0 +1,79 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/home/style.css" type="text/css">
+
+<title>Enrollment</title>
+</head>
+<script type="text/JavaScript" src="/esc/home/util.js">
+</script>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+<table width="100%" class="logobar">
+  <tr>
+    <td>
+<img alt="" src="/home/logo.jpg">
+    </td>
+    <td>
+      <p class="headerText">Smartcard Enrollment</p>
+    </td>
+  </tr>
+</table>
+  <table id="BindingTable" width="200px"align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+  <p class="bodyText">You have plugged in your smartcard! After answering a few easy questions, you will be able to use your smartcard.
+  </p>
+  <p class="bodyText"> 
+      Now we would like you to identify yourself.
+   </p>  
+    <table>
+      <tr>
+        <td><p >LDAP User ID: </p></td>
+        <td> </td>
+        <td><input type="text" id="snametf"  value=""></td>
+         <td> </td>
+        <td><p>LDAP Password: </p></td>
+         <td> </td>
+        <td><input type="password" id="snamepwd" value=""></td>
+      </tr>
+
+      </table>
+
+      <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> 
+      <table>
+      <tr>
+        <td><p >Password:</p></td>
+        <td><input type="password" id="pintf" name="pintf" value=""></td>
+
+        <td><p >Re-Enter Password:</p></td>
+        <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Smartcard" onClick="DoEnrollCOOLKey();">
+        </td>
+      </tr>
+    </table>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/so/Enroll.html b/dogtag/tps-ui/shared/cgi-bin/so/Enroll.html
new file mode 100755
index 000000000..c35a53008
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/so/Enroll.html
@@ -0,0 +1,138 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/so/style.css" type="text/css">
+
+<title>Enrollment</title>
+</head>
+<script type="text/JavaScript" src="/esc/so/util.js">
+</script>
+
+<script type="text/javascript">
+<!--
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "http://$host:$port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  var arr = GetAvailableCOOLKeys();
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    UserSelectRowByKeyID(keyType, keyID);
+  }
+}
+
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+}
+
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+// -->
+</script>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+<table width="100%" class="logobar">
+  <tr>
+    <td>
+<!--<img alt="" src="/esc/so/images/logo.gif"> -->
+    </td>
+    <td align = "center">
+      <p class="headerText">Security Officer Enrollment</p>
+    </td>
+  </tr>
+</table>
+  <div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px"align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+  </div>
+  <p class="bodyText">You have plugged in your smartcard! After answering a few easy questions, you will be able to enroll the smartcard for the Security Officer user.
+  </p>
+  <p class="bodyText"> 
+      Now we would like you to identify yourself.
+   </p>  
+    <table>
+      <tr>
+        <td><p >LDAP User ID: </p></td>
+        <td> </td>
+        <td><input type="text" id="snametf"  value=""></td>
+         <td> </td>
+        <td><p>LDAP Password: </p></td>
+         <td> </td>
+        <td><input type="password" id="snamepwd" value=""></td>
+      </tr>
+
+      </table>
+
+      <p class="bodyText"> Before you can use your smartcard, you will need a password to protect it.</p> 
+      <table>
+      <tr>
+        <td><p >Password:</p></td>
+        <td><input type="password" id="pintf" name="pintf" value=""></td>
+
+        <td><p >Re-Enter Password:</p></td>
+        <td><input type="password" id="reenterpintf" name="reenterpintf" value=""></td>
+    </table>
+    <br>
+    <div id="ajax-pb" style="display:none;">
+       <img src="/esc/so/images/indicator.gif">
+       <h2 id="progress" name="progress" value="0%" ></h2>
+    </table>
+    </div>
+
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll My Smartcard" onClick="toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();">
+        </td>
+      </tr>
+    </table>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/cfg.pl b/dogtag/tps-ui/shared/cgi-bin/sow/cfg.pl
new file mode 100755
index 000000000..64e612aaa
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/cfg.pl
@@ -0,0 +1,168 @@
+#! /usr/bin/perl
+#
+# --- BEGIN COPYRIGHT BLOCK ---
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; version 2 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+# Copyright (C) 2007 Red Hat, Inc.
+# All rights reserved.
+# --- END COPYRIGHT BLOCK ---
+#
+
+#
+# Establish platform-dependent variables:
+#
+my $ldapsearch="/usr/bin/ldapsearch";
+
+#
+# Feel free to modify the following parameters:
+#
+my $ldapHost = "localhost";
+my $ldapPort = "389";
+my $basedn = "ou=People,dc=sfbay,dc=redhat,dc=com";
+my $port = "7888";
+my $secure_port = "7889";
+my $host = "localhost";
+
+my $cfg = "/var/lib/pki-tps/conf/CS.cfg";
+
+sub get_ldapsearch()
+{
+  return $ldapsearch;
+}
+
+sub get_ldap_host()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($ldapHost, $p) = split(/:/, $ldapport);
+  return $ldapHost;
+}
+
+sub get_ldap_port()
+{
+  my $ldapport = `grep auth.instance.0.hostport $cfg | cut -c26-`;
+  chomp($ldapport);
+  my ($p, $ldapPort) = split(/:/, $ldapport);
+  return $ldapPort;
+}
+
+sub get_base_dn()
+{
+  my $basedn = `grep auth.instance.0.baseDN $cfg | cut -c24-`;
+  chomp($basedn);
+  return $basedn;
+}
+
+sub get_port()
+{
+  my $port = `grep service.unsecurePort $cfg | cut -c22-`;
+  chomp($port);
+  return $port;
+}
+
+sub get_secure_port()
+{
+  my $secure_port = `grep service.securePort $cfg | cut -c20-`;
+  chomp($secure_port);
+  return $secure_port;
+}
+
+sub get_host()
+{
+  my $host = `grep service.machineName $cfg | cut -c21-`;
+  chomp($host);
+  return $host;
+}
+
+sub is_agent()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_hostport = `grep -e "^tokendb.hostport" $cfg | cut -c18-`;
+  chomp($x_hostport);
+  my ($x_host, $x_port) = split(/:/, $x_hostport);
+  my $x_basedn = `grep -e "^tokendb.userBaseDN" $cfg | cut -c20-`;
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x" .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "cn=TUS Officers,ou=Groups,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-LLL \"(uid=" . $uid . "*)\" | wc -l";
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
+
+sub is_user()
+{
+  my ($dn) = @_;
+
+  my $uid = $dn;
+  # need to map a subject dn into user DN
+  $uid =~ /uid=([^,]*)/; # retrieve the uid
+  $uid = $1;
+
+  my $x_host = get_ldap_host();
+  $x_port = get_ldap_port();
+  my $x_basedn = get_base_dn();
+  chomp($x_basedn);
+  my $x_binddn = `grep -e "^tokendb.bindDN" $cfg | cut -c16-`;
+  chomp($x_binddn);
+  my $x_bindpwdpath = `grep -e "^tokendb.bindPassPath" $cfg | cut -c22-`;
+  chomp($x_bindpwdpath);
+  my $x_bindpwd = `grep -e "^tokendbBindPass" $x_bindpwdpath | cut -c17-`;
+  chomp($x_bindpwd);
+
+   my $cmd = $ldapsearch . " " .
+            "-x" .
+            "-D \"" . $x_binddn . "\" " .
+            "-w \"" . $x_bindpwd . "\" " .
+            "-b \"" . "ou=people,".$x_basedn . "\" " .
+            "-h \"" . $x_host . "\" " .
+            "-p \"" . $x_port ."\" " .
+            "-LLL \"(uid=" . $uid . "*)\" | wc -l";
+
+
+  my $matched = `$cmd`;
+
+  chomp($matched);
+
+  if ($matched eq "0" || $matched eq "") {
+    return 0;
+  } else {
+    return 1;
+  }
+}
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/enroll.html b/dogtag/tps-ui/shared/cgi-bin/sow/enroll.html
new file mode 100755
index 000000000..673035aeb
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/enroll.html
@@ -0,0 +1,260 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+var officerToken = null;
+
+function UserOnDoneInitializeBindingTable()
+{
+  document.body.onkeyup = onUserKeyUp;
+  var enrollbtn = document.getElementById('enrollbtn');
+  enrollbtn.disabled = true;
+  var pintf = document.getElementById('pintf');
+  pintf.focus();
+
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  var enrollbtn = document.getElementById('enrollbtn');
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++;
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }     
+    if(isAgent == true)
+    {
+        MyAlert("You can't Enroll a card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+
+function onUserKeyUp(e)
+{
+  var pintf = document.getElementById('pintf');
+  var reenterpintf = document.getElementById('reenterpintf');
+  var enrollbtn = document.getElementById('enrollbtn');
+  if (e.keyCode == 13) {
+    if (e.target == pintf) {
+      reenterpintf.focus();
+    } else {
+      pintf.focus();
+    }
+  }
+  if (pintf.value != '' && pintf.value == reenterpintf.value) {
+    enrollbtn.disabled = false;
+  } else {
+    enrollbtn.disabled = true;
+  }
+  return e;
+}
+
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p>
+</blockquote>
+<h2><span id="keytext">Please insert new smartcard now!</span></h2>
+      <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote>
+        New Token Password:<br>
+        <input type="password" id="pintf" name="pintf" value=""><br/>
+        Re-Enter Token Password:<br>
+        <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/>
+        <input type="hidden" id="snametf"  value="$uid">
+        User Password:<br>
+        <input type="password" id="snamepwd" value="">
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+  </table>
+
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/enroll_temp.html b/dogtag/tps-ui/shared/cgi-bin/sow/enroll_temp.html
new file mode 100755
index 000000000..caa83fa19
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/enroll_temp.html
@@ -0,0 +1,231 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/esc/sow/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID,
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+var officerToken = null;
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  var enrollbtn = document.getElementById('enrollbtn');
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++;
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }     
+    if(isAgent == true)
+    {
+        MyAlert("You can't Enroll a temporary card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>The security officer has identified the user as <strong>$cn</strong>. The User ID is <strong>$uid</strong>.</p>
+</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+      <blockquote><p>The user must provide a password to protect the smart card.</p> </blockquote>
+        <h3>New Token Password:</h3>
+        <input type="password" id="pintf" name="pintf" value=""><br/>
+        <h3>Re-Enter Token Password:</h3>
+        <input type="password" id="reenterpintf" name="reenterpintf" value=""><br/>
+        <input type="hidden" id="snametf"  value="$uid">
+        <h3>User Password:</h3>
+        <input type="password" id="snamepwd" value=""><br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Start Enrollment" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoEnrollTempCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/format.html b/dogtag/tps-ui/shared/cgi-bin/sow/format.html
new file mode 100755
index 000000000..372737c7f
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/format.html
@@ -0,0 +1,236 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+var officerToken = null;
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+
+    if(keyStatus == "ENROLLED" ) {
+        var uid =  GetCoolKeyIssuedTo(keyType,keyID);
+        if(uid)
+        {
+            isAgent = window.IsAgentOrUser(uid,"agent");
+        }
+        if(isAgent == true)
+        {
+            officerToken = keyID;
+        }
+    }
+  }
+
+  if (arr && arr.length <= 1  )
+  {
+    toggleButton('enrollbtn','off');
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var arr = GetAvailableCOOLKeys();
+  var curKeyType = null;
+  var curKeyID = null;
+  var curKeyStatus = null;
+  var i = 0;
+  while(1) {
+      if (arr && arr.length <= 1  )
+      {
+          toggleButton('enrollbtn','off');
+          return;
+      }
+      if (arr && arr.length > 1 )
+      {
+          toggleButton('enrollbtn','on');
+      }
+      curKeyType = arr[i][0];
+      curKeyID = arr[i][1];
+      
+      var curKeyStatus = GetStatusForKeyID(curKeyType, curKeyID);
+      if(!(curKeyID == officerToken && curKeyStatus == "ENROLLED")) {
+          break;
+      }
+      i++; 
+  }
+
+  if (curKeyStatus == "ENROLLED" || curKeyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  } else {
+      updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" is detected!');
+  }
+
+  var uid = null;
+  var isAgent = null;
+  UserSelectRowByKeyID(curKeyType, curKeyID);
+
+  if(curKeyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(curKeyType,curKeyID);
+    if(uid)
+    {
+        isAgent = window.IsAgentOrUser(uid,"agent");
+    }      
+    if(isAgent == true)
+    {
+        MyAlert("You can't Format a card that belongs to another Security Officer!");
+        updateKeyText('A ' + curKeyStatus + ' smartcard "' + curKeyID + '" SECURITY OFFICER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload="cleanup();">
+
+<progressmeter id="progress-id" hidden="true" align = "center"/> 
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+     <tr id="HeaderRow">
+     </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will erase the phone home URL and format the user token.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/formatso.html b/dogtag/tps-ui/shared/cgi-bin/sow/formatso.html
new file mode 100755
index 000000000..89038b4d1
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/formatso.html
@@ -0,0 +1,186 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    UserOnCOOLKeyInserted(keyType,keyID);
+  }
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") {
+    updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  } else {
+    updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  }
+  UserSelectRowByKeyID(keyType, keyID);
+   var uid = null;
+  var isUser = false;
+
+  if(keyStatus == "ENROLLED")
+  {
+    uid =  GetCoolKeyIssuedTo(keyType,keyID);
+
+    if(uid)
+    {
+        isUser = IsAgentOrUser(uid,"user");
+    }
+    if(isUser == true)
+    {
+        MyAlert("You can't Format a User card here!  Try another card.");
+
+        updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" USER is detected!');
+        toggleButton('enrollbtn','off');
+    }
+  }
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will erase the phone home URL and format the SO token, so that you can start the demonstration all over again. <br/><br/>WARNING: You will not be able to access the security officer station after this operation.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoFormatSoCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/main.html b/dogtag/tps-ui/shared/cgi-bin/sow/main.html
new file mode 100755
index 000000000..e7de688bc
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/main.html
@@ -0,0 +1,67 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> | 
+    </div>
+  <blockquote><p>User Token Functions</p></blockquote>
+<ul style="font-size:1.2em;">
+    <a href="search.cgi">Enroll New Card</a> - enroll a new user smart card<br />
+    <a href="search_temp.cgi">Enroll Temporay Card</a> - enroll a temporary smart card<br />
+    <a href="format.cgi">Format Card</a> - format a user card<br />
+    <a href="seturl.cgi">Set Home URL</a> - set phone home URL to a user card<br />
+</ul>
+  <blockquote><p>Misc Functions</p></blockquote>
+<ul style="font-size:1.2em;">
+    <a href="formatso.cgi">Format SO Card</a> - format a SO card<br />
+</ul>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/noaccess.html b/dogtag/tps-ui/shared/cgi-bin/sow/noaccess.html
new file mode 100755
index 000000000..06e9fa2d8
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/noaccess.html
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    </div>
+  <blockquote><p>Sorry, you do not have permission to perform the requested operation.</p></blockquote>
+<form method=post action="http://$host:$port/cgi-bin/sow/welcome.cgi">
+    <table>
+      <tr>
+      </tr>
+
+      </table>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Start Over">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/read.html b/dogtag/tps-ui/shared/cgi-bin/sow/read.html
new file mode 100755
index 000000000..1e660c84f
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/read.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/css/style.css" type="text/css">
+
+<title>Security Officer</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+  <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote>
+  <table>
+  <tr>
+    <td>
+<script type="text/javascript">
+ if ('$departmentNumber' != '') {
+   document.writeln('<img alt="" border=0 src="$photoSmall">');
+  }
+</script>
+    </td>
+    <td>
+       <span class="heading">UID:</span> $uid<br/>
+       <span class="heading">Given Name:</span> $givenName<br/>
+       <span class="heading">Last Name:</span> $sn<br/>
+       <span class="heading">Email:</span>$mail<br/>
+       <span class="heading">Height:</span> $height<br/>
+       <span class="heading">Weight:</span> $weight<br/>
+       <span class="heading">Eye Color:</span> $eyecolor<br/>
+    </td>
+    </table>
+    <br/>
+
+  <form method=post action="enroll.cgi">
+    <input type=hidden name=uid value="$uid">
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="Enroll" value="Continue">
+        </td>
+      </tr>
+    </table>
+  </form>
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/read_temp.html b/dogtag/tps-ui/shared/cgi-bin/sow/read_temp.html
new file mode 100755
index 000000000..1e660c84f
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/read_temp.html
@@ -0,0 +1,78 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/css/style.css" type="text/css">
+
+<title>Security Officer</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+  <blockquote><p>Please check user's identification and verify the user information. If the information is correct, please insert a new smart card and continue.</p></blockquote>
+  <table>
+  <tr>
+    <td>
+<script type="text/javascript">
+ if ('$departmentNumber' != '') {
+   document.writeln('<img alt="" border=0 src="$photoSmall">');
+  }
+</script>
+    </td>
+    <td>
+       <span class="heading">UID:</span> $uid<br/>
+       <span class="heading">Given Name:</span> $givenName<br/>
+       <span class="heading">Last Name:</span> $sn<br/>
+       <span class="heading">Email:</span>$mail<br/>
+       <span class="heading">Height:</span> $height<br/>
+       <span class="heading">Weight:</span> $weight<br/>
+       <span class="heading">Eye Color:</span> $eyecolor<br/>
+    </td>
+    </table>
+    <br/>
+
+  <form method=post action="enroll.cgi">
+    <input type=hidden name=uid value="$uid">
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="Enroll" value="Continue">
+        </td>
+      </tr>
+    </table>
+  </form>
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/search.html b/dogtag/tps-ui/shared/cgi-bin/sow/search.html
new file mode 100755
index 000000000..789a4a015
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/search.html
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>Please locate the user who is requesting a new smart card.</p></blockquote>
+<form method=post action="read.cgi">
+<div style="font-size:0.8em;">
+    <table>
+      <tr>
+        <td><h3>Name: </h3></td>
+        <td> </td>
+        <td><input type="text" id="name" name="name" value="" autocomplete="off"></td>
+        <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td>
+         <td> </td>
+      </tr>
+
+      </table>
+</div>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/search_temp.html b/dogtag/tps-ui/shared/cgi-bin/sow/search_temp.html
new file mode 100755
index 000000000..507f223ef
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/search_temp.html
@@ -0,0 +1,71 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+  <blockquote><p>Please locate the user who is requesting a temporary smart card.</p></blockquote>
+<form method=post action="read_temp.cgi">
+<div style="font-size:0.8em;">
+    <table>
+      <tr>
+        <td><h3>Name: </h3></td>
+        <td> </td>
+        <td><input type="text" id="name" name="name" value="" autocomplete="off"></td>
+        <input type="hidden" id="name_hidden" name="name_ID"><!-- THE ID OF the country will be inserted into this hidden input --></td>
+         <td> </td>
+      </tr>
+
+      </table>
+</div>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/seturl.html b/dogtag/tps-ui/shared/cgi-bin/sow/seturl.html
new file mode 100755
index 000000000..3a25380b1
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/seturl.html
@@ -0,0 +1,174 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Enrollment</title>
+<script type="text/javascript" src="/esc/sow/js/prototype.js"></script>
+<script type="text/javascript" src="/esc/sow/js/scriptaculous.js?load=effects"></script>
+<script type="text/JavaScript" src="/esc/sow/util.js"></script>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+<script type="text/javascript">
+<!--
+function UserOnCOOLKeyStateError()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function UserOnCOOLKeyFormatComplete()
+{
+  toggleAjaxProgress('ajax-pb', 'off');
+  toggleButton('enrollbtn', 'on');
+  toggleButton('cancel', 'on');
+}
+
+function updateKeyText(text)
+{
+  var f = document.getElementById('keytext');
+  new Effect.Shake(f);
+  var text = document.createTextNode(text);
+  var len= f.childNodes.length;  
+  for (i=0;i<len;i++){
+       f.removeChild(f.childNodes[0]);
+  }
+  f.appendChild(text);
+}
+
+function UserSelectRowByKeyID(keyType, keyID)
+{
+  DoCoolKeySetConfigValue("Operation-" + keyID, 
+           "https://$host:$secure_port/nk_service");
+  DoCoolKeySetConfigValue("TokenType-" + keyID, "userKey");
+  SelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnDoneInitializeBindingTable()
+{
+  // display existing blank smart
+  var arr = GetAvailableCOOLKeys();
+  if (!arr || arr.length < 1)
+    return;
+  var i;
+  for (i=0; i < arr.length; i++)
+  {
+    var keyType = arr[i][0];
+    var keyID = arr[i][1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+    if (keyStatus == "BLANK") {
+      updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    } else if (keyStatus == "UNINITIALIZED") {
+      updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+      UserSelectRowByKeyID(keyType, keyID);
+    }
+  }
+}
+
+function UserOnCOOLKeyStatusUpdate(data)
+{
+  var progress = document.getElementById("progress");
+
+  if(progress)
+      progress.innerHTML = data + "%";
+}
+
+function UserOnCOOLKeyInserted(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  if (keyStatus == "ENROLLED" || keyStatus == "UNINITIALIZED") {
+    updateKeyText('An ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  } else {
+    updateKeyText('A ' + keyStatus + ' smartcard "' + keyID + '" is detected!');
+  }
+  UserSelectRowByKeyID(keyType, keyID);
+}
+
+function UserOnCOOLKeyRemoved(keyType, keyID)
+{
+  updateKeyText('Please insert a blank smartcard now!');
+}
+
+function toggleAjaxProgress(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.style.display = 'none';
+  } else {
+    e.style.display = 'block';
+  }
+}
+
+function toggleButton(id, i)
+{
+  var e = document.getElementById(id);
+  if (i == 'off') {
+    e.disabled = true;
+  } else {
+    e.disabled = false;
+  }
+}
+// -->
+</script>
+</head>
+
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<progressmeter id="progress-id" hidden="true" align = "center"/>
+
+<div id="pb" style="display:none;">
+  <table id="BindingTable" width="200px" align="center">
+    <tr id="HeaderRow">
+    </tr>
+  </table>
+</div>
+<div id="header">
+  <div id="logo">
+     <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+    </div>
+<br/>
+<blockquote>This will burn a phone home URL on the user token.</blockquote>
+<h3><span id="keytext">Please insert new smartcard now!</span></h3>
+    <br/>
+    <table width="100%">
+      <tr>
+<td>
+<div id="ajax-pb" style="display:none;">
+  <img src="/esc/sow/images/indicator.gif">
+  <h2 id="progress" name="progress" value="0%" ></h2>
+</div>
+</td>
+        <td align="right">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Format" onClick="toggleButton('enrollbtn','off');toggleButton('cancel', 'off');toggleAjaxProgress('ajax-pb','on');DoSetURLCOOLKey();">
+          <input type="submit" id="cancel" name="cancel" value="Cancel" onClick="javascript:location.href='/cgi-bin/sow/search.cgi';">
+        </td>
+      </tr>
+    </table>
+  </div>
+</div>
+</body></html>
diff --git a/dogtag/tps-ui/shared/cgi-bin/sow/welcome.html b/dogtag/tps-ui/shared/cgi-bin/sow/welcome.html
new file mode 100755
index 000000000..718dce94b
--- /dev/null
+++ b/dogtag/tps-ui/shared/cgi-bin/sow/welcome.html
@@ -0,0 +1,63 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css">
+
+<title>Security Officer</title>
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+<div id="header">
+  <div id="logo">
+      <h3>Security Officer Station</h3>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+    <div id="topmenu">
+    </div>
+  <blockquote><p>Welcome to the security officer interface, you will be asked to identify yourself with your token. Please click the continue button below.</p></blockquote>
+<form method=post action="https://$host:$secure_port/cgi-bin/sow/main.cgi">
+    <table>
+      <tr>
+      </tr>
+
+      </table>
+
+    <br/>
+<font color="red">$error</font>
+    <br/>
+    <table width="100%">
+      <tr>
+        <td align="right">
+          <input type="submit" id="search" name="search" value="Continue">
+        </td>
+      </tr>
+    </table>
+</form>
+
+  </div>
+</div>
+
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/404.html b/dogtag/tps-ui/shared/docroot/404.html
new file mode 100755
index 000000000..b4181fcf9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/404.html
@@ -0,0 +1,146 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>TPS 404 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tps/admin/console/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tps/admin/console/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TPS Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('404');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The requested resource could not be found but may be available again in the future.');
+document.write('</font></b><br><b><font size="+1" color="RED">');
+document.write('Please check the validity of the URL listed below:');
+document.write('</font></b><br><br>');
+document.write('<center><b><font size="+1"><a href="');
+document.write(url);
+document.write('">');
+document.write(url);
+document.write('</a>');
+document.write('</font></b></center><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/tps-ui/shared/docroot/500.html b/dogtag/tps-ui/shared/docroot/500.html
new file mode 100755
index 000000000..b868922c7
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/500.html
@@ -0,0 +1,139 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<script language=javascript>
+var url = document.URL;
+var protocol = location.protocol;
+var hostname = location.hostname;
+var port = location.port;
+</script>
+
+<head>
+<title>TPS 500 Error!</title>
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<link rel="shortcut icon" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tps/admin/console/img/favicon.ico');
+document.write('" />');
+document.write('<link rel="stylesheet" href="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/css/pki-base.css');
+document.write('" type="text/css" />');
+document.write('<META http-equiv=Content-Type content="text/html; charset=UTF-8">');
+</script>
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+<div id="header">
+<!-- always expand ALL relative paths -->
+<script language=javascript>
+document.write('<a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="');
+document.write(protocol);
+document.write('//');
+document.write(hostname);
+document.write(':');
+document.write(port);
+document.write('/tps/admin/console/img/logo_header.gif');
+document.write('" alt="Dogtag" id="myLogo" /></a>');
+</script>
+    <div id="headertitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TPS Error Page 
+</font><br>
+<p> 
+</font>
+<p>
+<script language=javascript>
+document.write('<center>');
+document.write('<table border="1" cellspacing="0" cellpadding="0">');
+document.write('<tr valign="TOP">');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">HTTP STATUS</font></b></td>');
+document.write('<td bgcolor="grey" align="center"><b><font color="BLACK">DESCRIPTION</font></b></td>');
+document.write('</tr>');
+document.write('<tr valign="TOP">');
+document.write('<td align="center"><b><font size="+3" color="red">');
+document.write('500');
+document.write('</font></b></td>');
+document.write('<td><b><font size="+1" color="RED">');
+document.write('The server encountered an unexpected condition which prevented it from fulfilling the request.<br>');
+document.write('Please consult your local administrator for further assistance. The Certificate System logs may provide further information.');
+document.write('</font></b><br></td>');
+document.write('</tr>');
+document.write('</table>');
+document.write('</center>');
+</script>
+<div id="footer">
+</div>
+<!--
+To prevent Internet Explorer from overriding the display of this custom error
+page by displaying it's own "Friendly HTTP Error Message", always include the
+following 'padding' to ensure that the text size exceeds 512 bytes:
+
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+[IE padding][IE padding][IE padding][IE padding][IE padding][IE padding]
+-->
+</body>
+</html>
+
diff --git a/dogtag/tps-ui/shared/docroot/css/pki-360.css b/dogtag/tps-ui/shared/docroot/css/pki-360.css
new file mode 100644
index 000000000..bdcd7ed3b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/css/pki-360.css
@@ -0,0 +1,941 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+/* 
+color scheme:
+
+light gray:  #e6e6e6
+medium gray:
+dark gray:
+
+link blue: #06c
+
+red: #900
+
+*/
+
+
+/* This establishes background pattern and centering of content area as well
+as font-styles for the site */
+body {
+	margin: 0;
+	padding: 0;
+	color: #333;
+	text-align: center;
+	background: #fff url(/img/bkgrnd_greydots.png) repeat;
+	font-family: "Luxi Sans", "Bitstream Vera Sans", "Lucida Grande", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	}
+	
+td, th { /* for ie55  */
+    font-size: x-small;      
+    /* false value for WinIE4/5 */
+    voice-family: "\"}\"";   
+    /* trick WinIE4/5 into thinking rule is over */
+    voice-family: inherit;   
+    /* recover from trick */
+    font-size: small;
+    /* intended value for better browsers */
+	}
+	
+img {
+	border: 0;
+	}
+	
+a {
+	text-decoration: none;
+	}
+	
+a:link {
+	color: #06c;
+	}
+	
+a:visited {
+	color: #06c;
+	}
+
+/* This is the container for the content that is centered */
+#wrap {
+	margin: 0 20px 10px 20px;
+	padding: 10px 15px;
+	text-align: left;
+	background: #fff;
+/*
+	min-width: 900px;
+*/
+	}
+
+/* The following styles establish the header, top nav bar and systems and
+search areas */	
+#header {
+	height: 31px;	/* changed height added bottom margin  */
+	margin-top: 10px;
+	margin-bottom: 20px;
+	}
+	
+#headertitle {
+	height: 31px;          /* same as header */
+	margin-top: 10px;      /* same as header */
+	margin-right: 100px;   /* "myLogo" margin-left + "logo_header.gif" */
+	margin-bottom: 20px;   /* same as header */
+	font-size: large;
+	font-weight: bold;
+	}
+
+#headerpaddedtitle {
+	height: 31px;          /* same as header */
+	margin-top: 10px;      /* same as header */
+	margin-bottom: 20px;   /* same as header */
+	font-size: large;
+	font-weight: bold;
+	padding-left: 115px;   /* "myLogo" margin-left +
+	                          "logo_header.gif" + 15px */
+	}
+
+img#myLogo {
+	float: left;
+	margin-left: 15px;
+	}
+	
+img#pkiLogo {
+	float: left;
+	}
+	
+#account {
+	float: right;
+	width: 450px;
+	margin-right: 15px;
+	padding-top: 7px;	/* removed margin-bottom, added padding-top  */
+	}
+	
+#account dl {
+	float: right;
+	padding: 0;
+	margin: 0;
+	}
+	
+#account dt {
+	float: left;
+	width: 66px;
+	height: 1.1em;
+	background: url(/img/account_loggedin.gif) 100% 100% no-repeat;
+	}
+	
+#account dd {	/* note changes to dl, dt and dd   */
+	float: left;
+	margin-left: 10px;
+	}
+	
+#account p {
+	float: right;
+	margin: 0 0 0 30px;
+	padding: 0;
+	}
+	
+#account p a {
+	width: 56px;
+	height: 1.1em;
+	background: url(/img/account_signout.gif) 100% 100% no-repeat;
+	display: block;
+	}
+	
+#account span {
+	display: none;
+	}
+
+#bar {
+	margin-bottom: 10px; 
+	background-color: #e6e6e6
+	}
+	
+#bar:after {
+    content: "."; 
+    display: block;
+    height: 0px;	/* took out negative margin and set height to 0  */
+    overflow: hidden;
+    clear: both; 
+    visibility: hidden;
+    }
+
+    /* Holly Hack Targets IE Win only \*/
+    * html #bar {height: 1%;}
+    /* End Holly Hack */
+	
+#systembar {
+	float: right;
+	width: 34%;
+	background: #e6e6e6 url(/img/greybar_tr.gif) 100% 0 no-repeat;
+	}
+	
+#systembarinner {
+	background: url(/img/greybar_br.gif) 100% 100% no-repeat;
+	height: 2.8em;
+	/* text-align: center; */
+	text-align: right;
+	padding-right: 10px;
+	}
+	
+#systembarinner div {
+	color: #000;
+	font-variant: small-caps;
+	padding-top: 5px;
+	}
+	
+#searchbar {
+	float: left;
+	width: 66%;
+	background: #e6e6e6 url(/img/greybar_tl.gif) 0 0 no-repeat;
+	}
+	
+#searchbarinner {
+	padding-left: 10px;
+	background: url(/img/greybar_bl.gif) 0 100% no-repeat;
+	height: 2.8em;
+	/*
+	text-align: left;
+	text-align: center;
+	*/
+	text-align: right;
+
+	}
+	
+#systembarinner form,
+#searchbarinner form {
+	margin: 0;
+	padding-top: 5px;	/* changed to padding-top: 5px  */
+	/*text-align: center;*/
+	}
+/* end header */
+	
+/* The following styles establish the new side nav bar */
+#sidenav {	/* for ie55  */
+	width: 132px;
+	background-color: #999;
+	background-image: url(/img/corner_sidenav_top.gif);
+	background-position: top right;
+	background-repeat: no-repeat;
+	font-family: "Luxi Sans", verdana, arial, sans-serif;	
+	font-size: xx-small;
+    /* false value for WinIE4/5 */
+    voice-family: "\"}\"";   
+    /* trick WinIE4/5 into thinking rule is over */
+    voice-family: inherit;   
+    /* recover from trick */
+    font-size:  x-small;
+    /* intended value for better browsers */
+	font-weight: bold;
+	}
+
+	
+#sidenav ul {
+	background-image: url(/img/corner_sidenav_bottom.gif);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	list-style: none;
+	padding: 10px 0 10px 0;
+	margin: 0;
+	}
+	
+#sidenav ul ul {
+	background: none;
+	/* background-color: #c1c1c1; */
+	background-color: #ccc;
+	margin: 0;
+	padding: 0;
+	border-top: 1px solid #999;
+	}
+	
+#sidenav ul li {
+	border-bottom: 1px solid #a7a7a7;
+	margin: 0;
+	}
+	
+#sidenav ul li:last-child {
+	border-bottom: 1px solid #999;
+	}
+
+#sidenav ul li.sidenav-selected {
+	/*
+	background: #8a8a8a;
+	background: #7b7b7b;
+	*/
+	background: #6c6c6c;
+	/* border-top: 1px solid #999; */
+	}
+
+#sidenav ul li.sidenav-selected span {
+	display: none;
+	}
+	
+#sidenav ul li a {
+	display: block;
+	color: white;
+	text-decoration: none;
+	padding: 3px 5px 3px 15px;
+	margin: 0;
+	}
+	
+#sidenav ul ul li.sidenav-selected {
+	background: #6c6c6c;
+	/* background: #7b7b7b;
+	background: #8a8a8a;
+	*/
+	}
+
+	
+#sidenav ul ul li:last-child {
+	border-bottom: none;
+	}
+	
+#sidenav ul ul li a {
+	padding-left: 30px;
+	color: #555;
+	}
+
+#sidenav ul ul li.sidenav-selected a {
+	padding-left: 30px;
+	color: white;
+	}
+
+
+#content {
+	clear: both;
+	}
+
+/* The following styles establish the legend boxes in the left sidebar */
+.sideleg {
+	width: 132px;
+	background: url(/img/sidelegend_top.gif) 0 0 no-repeat;
+	padding-top: 9px;
+	margin-top: 1em;
+	}
+	
+	
+.sideleg h2 {
+	font-size: x-small;
+	color: #666;
+	border: 1px solid #acacac;
+	border-top: none;
+	padding: 0 0 3px 15px;
+	margin: 0;
+	}
+	
+.sideleg ul {
+	padding: 0 0 9px 0 ;
+	margin: 0;
+	list-style: none;
+	background: url(/img/sidelegend_bottom.gif) 0 100% no-repeat;
+	}
+	
+.sideleg ul li {
+	padding: 12px 0 6px 15px;
+	font-size: x-small;
+	color: #666;
+	border-left: 1px solid #acacac;
+	border-right: 1px solid #acacac; /* removed clear:left  */
+	}
+	
+.sideleg ul li img {
+	float: left;
+	padding-right: 3px;
+	margin-top: -3px;
+	}
+	
+h1 {
+	margin-top: 0;
+	}
+	
+/* existing PKI STYLES - modded - these need to be inserted carefully */
+
+.sidebar {
+	padding-right: 15px;
+    vertical-align: top;
+}
+
+table.iso_dl {
+    border-collapse: collapse;
+}    
+
+table.iso_dl td {
+    padding: 4px;
+}
+
+table.iso_dl th {
+    color: #999;
+    background-color: #eee;
+    border:  1px solid #999;
+    padding: 6px 3px;
+    text-align: right;
+}
+
+table.iso_dl th.first {
+    text-align: left;
+}
+
+th {
+	padding: 4px 6px;
+	color: #fff;
+   /* background-color: #b4b19a; */
+	text-align: left;
+	font-size: small;
+}
+
+
+/* -- YOUR PKI stuff -- */
+table.half-table {
+	background: #b4b19a url(/img/table_corner_tr.gif) 100% 0 no-repeat;
+	padding: 0px;
+	margin: 0px;
+	}
+
+.half-table td {
+	background-color: #fff;
+}	
+
+table.your-pki table.half-table td { 
+  padding: 2px 8px;
+}
+
+table.your-pki table.full-table td { 
+  padding-left: 4px;
+  padding-right: 4px;
+  padding-top: 4px;
+}
+
+table.half-table thead th:first-child { 
+	background: url(/img/table_corner_tl.gif) top left no-repeat;
+	}
+
+
+
+
+/* -- General list stuff -- */
+table.list {
+	font-size: 10px;
+	background: #b4b19a url(/img/table_corner_tr.gif) top right no-repeat;
+	border-bottom: 1px solid #b4b19a;
+}
+
+/* Holly Hack Targets IE Win only \*/
+    * html table.list, * html table.half-table {background-image: none;}
+    /* End Holly Hack */
+
+
+
+table.list thead th:first-child {
+	background: url(/img/table_corner_tl.gif) top left no-repeat;
+	}
+
+table.list-pagination {
+	font-size: smaller;
+}
+
+
+td.first-column {
+	border-left: 1px solid #b4b19a;
+}
+
+td.last-column  {
+	border-right: 1px solid #b4b19a;
+}
+
+td.only-column  {
+	border-right: 1px solid #b4b19a;
+	border-left: 1px solid #b4b19a;
+}
+
+
+.list-checkbox {
+	text-align: center;
+	border-left: 1px solid #b4b19a;
+}
+
+.list-checkbox-header {
+	text-align: center;
+}
+
+.list th a {
+	display: inline;
+	}
+
+.list a:hover {
+	text-decoration: underline;
+}
+
+/* list row classes */
+.list-row-even td{
+	background-color: #F1EBDC;
+}
+.list-row-odd td {
+        background-color: #ffffff;
+}
+.list-row-summary {
+	text-align: right;
+	font-weight: bold;
+	border: 1px solid #ccc;
+	background-color: #eee;
+}
+.list-row-even td, .list-row-odd td, .list-row-summary td {
+	padding: 4px 8px;
+}
+
+.list-horiz-separator hr {
+	border: 0;
+	border-bottom: 1px solid #ccc;
+	padding: 0px;
+}
+
+
+/* default class def for row color toggling */
+.list-row-even-selected {
+        background-color: #dde5ff;
+}
+.list-row-odd-selected {
+        background-color: #dde5ff;
+}
+
+.list-row-odd-selected td, .list-row-even-selected td {
+	border-bottom: 1px solid #ccc;
+	padding: 4px 8px;
+}
+
+/* special column classes */
+th + th {
+	border-left: 0;
+}
+a[name]:hover {
+	color: inherit;
+}
+
+
+
+
+/* --- TABLE TREE VIEW --- */
+tr.table-tree-even td, tr.table-tree-odd td {
+   padding: 10px 15px;
+}
+tr.table-tree-even img,
+tr.table-tree-odd img {
+   margin-left: 4px;
+}
+tr.table-tree-odd {
+   background-color: #F1EBDC;
+}
+tr.table-tree-even {
+   background-color: #fff;
+}
+                                                                                                                                                             
+/* padding for parent+child channels  */
+tr.table-tree-even + tr.table-tree-even td,
+tr.table-tree-odd + tr.table-tree-odd td {
+   padding-top: 0;
+}
+
+
+
+
+/* signin page stuff start */
+#footer {
+        /*
+	border-top: 2px dotted #ccc;
+	padding: 2em 4em 2em 4em;
+	*/
+	padding: 1em;
+	margin: 1em 4em 1em 4em;
+	text-align: center;
+	font-size: 10px;
+	color: #aaa;
+
+	margin-left: auto;
+	margin-right: auto;
+        margin-top: 64px;
+}
+
+h1#pki_welcome {
+	background-image: url(/img/pki_welcome.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	padding-bottom: 5px;
+	height: 20px;
+	}
+	
+h1#pki_welcome2 {
+	background-image: url(/img/pki_welcome2.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	height: 37px;
+	}
+	
+h1#pki_welcome3 {
+	background-image: url(/img/pki_welcome3.gif);
+	background-position: 0 0;
+	background-repeat: no-repeat;
+	height: 40px;
+	}
+	
+h1#pki_welcome span {
+	display: none;
+	}
+	
+h1#pki_welcome2 span {
+	display: none;
+	}
+	
+h1#pki_welcome3 span {
+	display: none;
+	}
+	
+ul.linkage {
+	list-style: none;
+	padding: 8px;
+	margin: 0px;
+	}
+	
+ul.linkage li{
+	background-image: url(/img/bullet_arrowblue.png);
+	background-repeat: no-repeat;
+	background-position: 0 .4em;
+	padding-left: 10px;
+	margin: .4em 0;
+	}
+
+#contentLeft {
+	float: left;
+	margin-top: 20px;
+}
+
+#contentRight {
+	margin: 0 15px 0 295px;
+}
+
+ /**** following styles define the CLEAR BOX W/ROUNDED CORNERS */
+ 
+ .clearBox {
+ 	width: 279px;
+ 	background: url(/img/corner_halflinebox_top.png) top right no-repeat;
+ 	}
+ 	
+ .clearBox {
+ 	padding-top: 7px;
+ 	margin-bottom: 15px;
+ 	}
+ 	
+ .clearBoxInner {
+ 	background: url(/img/corner_halflinebox_bottom.png) bottom left no-repeat;
+ 	}
+ 	
+ .clearBoxInner {
+ 	width: 100%;
+ 	padding-bottom: 7px;
+ 	}
+ 	
+ .clearBoxBody {
+ 	padding: 5px 14px;
+ 	border-left: 1px solid #b4b4b4;
+ 	border-right: 1px solid #b4b4b4;
+ 	}
+ 	
+ .clearBoxBody h2 {
+ 	font-size: small;
+ 	}
+ 	
+div.formrow {
+  	padding: 5px 0;
+  	font-size: x-small;
+  	}
+  	
+div.formrow:after {
+    content: "."; 
+    display: block; 
+    height: 0;
+    overflow: hidden;
+    clear: right; 
+    visibility: hidden;
+    }
+
+    /* Holly Hack Targets IE Win only \*/
+    * html .formrow {height: 1%;}
+    /* End Holly Hack */
+
+div.formrow span.label {
+	float: left;
+	width: 110px;
+	text-align: right;
+	font-weight: bold;
+	padding: .5em 0;
+	}
+
+div.formrow span.formfield {
+	float: right;
+	width: 130px;
+	text-align: left;
+	}
+	
+p#intro {
+	font-size: 1.3em;
+	line-height: 1.2em;
+	color: #000;
+	}
+	
+p.endnote {
+	font-size: smaller;
+	margin-top: 3em;
+	padding-top: 10px;
+	line-height: 1.5em;
+	border-top: 1px solid #333;
+	}
+
+
+/* CONTENT-NAV - begin */
+	
+.content-nav {
+	margin: 0;
+	padding: 0;
+}
+
+.content-nav a:visited {
+    color: #06c;
+}
+		
+.content-nav ul {
+	list-style-type: none;
+	margin: 0;
+	padding: 0;
+	font-size: 10px;
+      	font-family: "Luxi Sans", verdana, arial, sans-serif;
+	}
+		
+.content-nav:after,
+.content-nav ul:after {
+	content: "."; 
+	display: block;
+	height: 1px;
+	margin-top: -1px;
+	overflow: hidden;
+	clear: both; 
+	visibility: hidden;
+	}
+
+/* Holly Hack Targets IE Win only */
+* html .content-nav {height: 1%;}
+* html .content-nav ul {height: 1%;}
+/* End Holly Hack */
+		
+ul.content-nav-rowone,
+ul.content-nav-rowthree {
+	margin-left: 10px;
+	}
+		
+ul.content-nav-rowone {
+	border-bottom: 3px solid #e6e6e6;
+	margin-bottom: -3px;
+	}
+		
+/* Holly Hack Targets IE Win only \*/
+* html ul.content-nav-rowone {margin-right: 8px;}
+* html ul.content-nav-rowone {margin-bottom: -2px;}
+/* End Holly Hack */
+		
+ul.content-nav-rowone li, ul.content-nav-rowthree li {
+	float: left;
+	}
+	
+ul.content-nav-rowone li a, ul.content-nav-rowthree li a {
+	display: block;
+	padding: 4px 8px;
+	}
+		
+ul.content-nav-rowtwo {
+	background: url(/img/contentnav_rowtwo_b.gif) bottom left no-repeat;
+	padding-bottom: 6px;
+	margin-right: 8px;
+	}
+		
+ul.content-nav-rowtwo li {
+	display: inline;
+	padding-left: 18px;
+	}
+		
+a.content-nav-selected-link {
+	color: #000;
+	font-weight: bold;
+	}
+		
+ul.content-nav-rowone li.content-nav-selected {
+	background: url(/img/contentnav_tabr.gif) top right no-repeat;
+	}
+		
+ul.content-nav-rowone a.content-nav-selected-link {
+	background: url(/img/contentnav_tabl.gif) top left no-repeat;
+	}
+		
+ul.content-nav-rowthree li.content-nav-selected {
+	background: url(/img/contentnav_tabr.gif) bottom right no-repeat;
+	}
+		
+ul.content-nav-rowthree a.content-nav-selected-link {
+	background: url(/img/contentnav_tabl.gif) bottom left no-repeat;
+	}
+		
+div.contentnav-row2 {
+	background: #e6e6e6 url(/img/contentnav_rowtwo_t.gif) top left no-repeat;
+	padding: 0px;
+	clear: left;
+	}
+		
+div.contentnav-row2 div.top {
+	background: url(/img/contentnav_rowtwo_t.gif) top right no-repeat;
+	margin-left: 8px;
+	height: 6px;
+	font-size: 0;
+	}
+		
+div.contentnav-row2 div.bottom {
+	background: url(/img/contentnav_rowtwo_b.gif) bottom right no-repeat;
+	}
+		
+/* CONTENTNAV - end */
+
+
+
+
+/************************************************************** MAIN NAVIGATION */
+	
+#mainNavOuter {
+	width: 100%;
+	background-image: url(/img/corner_mainnav_bottom_chopped.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	background-color: #4f52b5;
+	}
+	
+#mainNav {
+	width: 100%;
+	font-weight: bold;
+	font-family: "Luxi Sans", verdana, helvetica, arial, sans-serif;
+	font-size: x-small;
+	}
+	
+	
+/* float clear hack that has been hacked for Moz 1.5x and below */
+#mainNavOuter:after {
+    content: "."; 
+    display: block; 
+    height: 1px;
+    margin-top: -1px;
+    overflow: hidden;
+    clear: both; 
+    visibility: hidden;
+    }
+    /* Holly Hack Targets IE Win only \*/
+    * html .mainNavOuter {height: 1%;}
+    /* End Holly Hack */
+    
+    
+#mainNavInner {
+	width: 100%;
+	height: 7px;
+	background-image: url(/img/corner_mainnav_top_chopped.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul {
+	padding: 0;
+	margin: 0;
+	list-style-type: none;
+	background-image: url(/img/corner_mainnav_tl.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li {
+	background: #b70000;
+	display: block;
+	float: left;
+	padding: 0;
+	margin: 0;
+	}
+	
+#mainNav li#mainFirst-active,
+#mainNav li#main-active,
+#mainNav li#mainLast-active {
+	background-color: #000080;
+	}
+	
+
+/* special casing for left-most top tab */
+#mainNav ul li a.mainFirstLink {
+	background-image: url(/img/corner_mainnav_tl.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainFirst-active a.mainFirstLink {
+	background-image: url(/img/corner_mainnav_tl_hi.png);
+	background-position: top left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li#mainFirst {
+	background-image: url(/img/corner_mainnav_bl.png);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainFirst-active {
+	background-image: url(/img/corner_mainnav_bl_hi.png);
+	background-position: bottom left;
+	background-repeat: no-repeat;
+	}
+
+/* special casing for right-most top tab */	
+#mainNav ul li a.mainLastLink {
+	background-image: url(/img/corner_mainnav_tr.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainLast-active a.mainLastLink {
+	background-image: url(/img/corner_mainnav_tr_hi.png);
+	background-position: top right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li#mainLast {
+	background-image: url(/img/corner_mainnav_br.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav li#mainLast-active {
+	background-image: url(/img/corner_mainnav_br_hi.png);
+	background-position: bottom right;
+	background-repeat: no-repeat;
+	}
+	
+#mainNav ul li a {
+	display: block;
+	float: left;
+	text-decoration: none;
+	color: #fff;
+	padding: 5px 15px;
+	font-size: 11px;
+	text-decoration: none !important;
+	}
+
diff --git a/dogtag/tps-ui/shared/docroot/css/pki-base.css b/dogtag/tps-ui/shared/docroot/css/pki-base.css
new file mode 100644
index 000000000..1892b75dc
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/css/pki-base.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+@import url("pki.css");
+@import url("pki-360.css");
+
+/* The following styles are for ALL browsers, including Netscape
+   Navigator 4.x.  Put more detailed CSS in pki.css. */
+
+
+/* from rob byers */
+
+/* This establishes background pattern and centering of content area as well
+as font-styles for the site */
+body {
+	margin: 0;
+	padding: 0;
+	color: #333;
+	text-align: center;
+	font-family: "Luxi Sans", "Bitstream Vera Sans", "Lucida Grande", "Trebuchet MS", helvetica, verdana, arial, sans-serif;
+	font-size: small;
+	}
+	
+img {
+	border: 0;
+	}
+
+#broken-browser-warning { 
+        text-align: center;
+}
+
+.sidebar {
+	padding: 10px 0 0 0;	/* changed padding parameters */
+	/*border-right: 1px solid #ccc;*/
+        vertical-align: top;
+}
+.sidebar-title {
+	color: #999;
+	font-size: 10px;
+	text-align: center;
+	border-bottom: 1px solid #ccc;
+}
+.sidebar-links {
+	font-size: 10px;
+	margin: 0;
+	padding: 0 0 0 15pt;
+	color: #999;
+}
+.sidebar-title + .sidebar-links {
+	margin-top: -0.5em;
+}
+
+.sidebar-info {
+  padding: 4px 4px;
+}
+.sidebar-info h2 {
+  padding-left: 10px;
+  margin: 4px;
+}
+.legend-row {
+  padding: 0px 2px;
+  white-space: nowrap;
+}
+.legend-row img {
+  vertical-align: middle;
+  margin: 3px 4px;
+  padding: 0;
+}
+
+.tab-row img {
+        vertical-align: bottom;
+}
+
+.bar-undertabs div {
+	background: #900 url("/img/tab-bar.gif") repeat-x bottom;
+        height: 11px;
+        font-size: 1px;
+        margin: 0;
+        padding: 0;
+}
+.bar-status form { 
+        margin: 0;
+}
+
+.bar-status {
+	background-color: #ddd;
+	font-size: 10px;
+	padding: 5px;
+	margin: 0;
+	border: 1px solid #ccc;
+	border-top: none;
+	/*
+	text-align: left;
+	*/
+}
+
+#footer {
+        /*
+	border-top: 2px dotted #ccc;
+	padding: 2em 4em 2em 4em;
+	*/
+	padding: 1em;
+	margin: 1em 4em 1em 4em;
+	text-align: center;
+	font-size: 10px;
+	color: #aaa;
+
+	margin-left: auto;
+	margin-right: auto;
+        margin-top: 64px;
+}
+
+ul#help-url-list ul {
+
+}
+ul#help-url-list li {
+  list-style: none;
+  padding-top: 10px;
+  padding-bottom: 10px;
+}
+
+ul#help-url-list li a {
+  font-weight: bold;
+}
+
+ul#faq-list { 
+  padding-left: 2px;
+  margin-left: 0;
+}
+
+#faq-list li { 
+  list-style: none;
+  margin-left: 10px;
+  margin-top: 10px;
+  margin-bottom: 10px;
+}
+
+#faq-list a {
+}
+
+#faq-details { 
+  margin-left: 1em;
+}
+
+#faq-details a.faq-back-to-top { 
+  float: right;
+}
+
+#faq-details p + h3 { 
+  padding-top: 2em;
+}
+
+div.login-component { 
+  text-align: center;
+}
+
+div.login-box { 
+  border: 1px solid #999;
+  text-align: right;
+  padding: 12px 10px;
+  margin: 4px;
+  background-color: #eee;
+  width: 210px;
+  margin-left: auto;
+  margin-right: auto;
+}
+
+div.login-box form { 
+  margin: 0;
+}
+
+div.login-box div.input-row { 
+  font-weight: bold;
+  font-size: 10px;
+  white-space: nowrap;
+}
+
+div.login-box div.input-row input { 
+  font-weight: normal;
+  vertical-align: middle;
+}
+
+div.filter-input { 
+}
+div.filter-input input { 
+  vertical-align: middle;
+  font-size: 10px;
+}
+
+/*
+ Devel environment only.
+
+b, i, u, font, center, .fixme, blockquote { 
+  background-color: #eaa;
+  text-decoration: line-through;
+}
+*/
diff --git a/dogtag/tps-ui/shared/docroot/css/pki.css b/dogtag/tps-ui/shared/docroot/css/pki.css
new file mode 100644
index 000000000..8149eccf4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/css/pki.css
@@ -0,0 +1,742 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+/* This file is for more detailed compliance (basically any browser
+"better" than NN 4.x */
+
+#broken-browser-warning { 
+  display: none;
+}
+
+
+table.namespaces {
+	font-size: 10px;
+	border: 1px solid #999;
+}
+
+table.list-pagination {
+	font-size: 10px;
+}
+
+.list-empty-message {
+  margin: 0 2%;
+  cursor: text;
+  font-weight:  bold;
+}
+.list-filterbox {
+	font-size: 10px;
+}
+.list-alphabar {
+	text-align: right;
+	font-size: 12px;
+        white-space: nowrap;
+}
+.list-alphabar a {
+        padding: 0px 2px;
+}
+.list-alphabar-enabled {
+        padding: 0px 2px;
+}
+.list-alphabar-disabled {
+        padding: 0px 2px;
+	color:  #aaa;
+        cursor: default;
+}
+.list-box {
+	border: 1px solid #ccc;
+}
+.list-data-number {
+	text-align: right;
+}
+
+
+/* sample reddish toggle class def... */
+.remove-even-selected {
+	background-color: #fcc;
+}
+.remove-odd-selected {
+        background-color: #fcc;
+}
+.remove-even-selected td, .remove-odd-selected td {
+	border-bottom: 1px solid #aaa;
+	padding: 4px;
+}
+
+
+/* sample greenish toggle class def... */
+.green-even-selected {
+	background-color: #e5ffdd;
+}
+.green-odd-selected {
+        background-color: #e5ffdd;
+}
+.green-even-selected td, .green-odd-selected td {
+	border-bottom: 1px solid #ccc;
+	padding: 4px;
+}
+
+
+
+.list-navbuttons {
+	white-space: nowrap;
+}
+.list-infotext {
+	white-space: nowrap;
+	color: #777;
+}
+.list-channel a {
+}
+.list-channel ul {
+	padding: 0;
+	margin: 0;
+}
+.list-channel li {
+	list-style: none;
+}
+.list-channel li + li {
+	padding-top: 0;
+}
+.list-channel li + li li {
+	padding-top: 0;
+}
+.list-channel li li {
+	list-style-image: url("/img/branch.gif");
+	margin-left: 2.5em;
+}
+
+
+
+
+
+
+
+
+
+.invisible-buttons input {
+	font-size: 10px;
+}
+a:hover, .invisible-buttons input:hover {
+	color: #f00;
+}
+
+:visited {
+	color: #3850a9;
+}
+:link {
+	color: #2843c9;
+}
+a { 
+	text-decoration: none;
+}
+a:hover {
+	text-decoration: underline !important;
+}
+a[name] {
+	text-decoration: inherit;
+}
+a[name]:hover {
+	text-decoration: none !important;
+}
+
+.tab-row td {
+	background: #fff url("/img/tab-bar-top.gif") repeat-x bottom;
+}
+
+hr {
+	border: 0;
+	border-bottom: 1px dashed #ccc;
+	padding: 0.5em;
+}
+
+.site-info {
+        border: 2px solid #002244;
+        background-color: #225580;
+        color: white;
+
+        padding: 0.5em;
+        margin-bottom: 0.5em;
+        margin-top: 2px;
+        font-size: 14px;
+        text-align: center;
+}
+
+.site-info a:link {
+        color: #99ddff;
+        font-weight: bold;
+}
+
+.site-info a:visited {
+        color: #99ddff;
+        font-weight: bold;
+}
+
+.site-alert {
+        border: 3px solid #d00;
+	background-color: #924;
+        color: white;
+
+        padding: 0.4em;
+        margin-bottom: 0.5em;
+        margin-top: 2px;
+	text-align: left;
+}
+.local-info {
+        color: #7782aa;
+
+	text-align: left;
+        font-size: 14px;
+}
+.local-alert {
+        color: #d00;
+    padding-top:7px;
+    padding-left:4px;
+	text-align: left;
+        font-size: 14px;
+}
+
+.bar-search {
+	font-size: 10px;
+	text-align: center;
+}
+.bar-logged-out {
+	font-weight: bold;
+	font-size: 10px;
+	text-align: center;
+}
+.bar-login {
+	font-weight: bold;
+	text-align: left;
+}
+.bar-ssm {
+	font-size: 10px;
+	text-align:  right;
+}
+
+button {
+	padding: 2px 5px 2px 5px;
+}
+button:hover {
+	background-color: #eee;
+}
+button:active {
+	padding: 3px 6px 1px 4px;
+}
+a.help-title { 
+  vertical-align: top;
+}
+
+a.help-title img {
+  border: 0;
+  padding: 0;
+  margin: 0;
+  vertical-align: top;
+
+  /* Mozilla and IE extensions */
+  opacity: 0.75;
+}
+a.help-title:hover img {
+  /* Mozilla and IE extensions */
+  opacity: 1.0;
+}
+
+a[name]:hover {
+	color: inherit;
+}
+
+h1, div.toolbar-h1 {
+  margin-top: 0;
+  margin-bottom: 0.5em;
+  font-size: 20px;
+}
+
+h1 img, div.toolbar-h1 img { 
+  vertical-align: middle;
+  padding-top: 2px;
+  padding-bottom: 4px;
+}
+
+h1 a.help-title img, div.toolbar-h1 a.help-title img { 
+  margin: 0;
+  padding: 0;
+  vertical-align: top;
+}
+
+div.toolbar-h1, div.toolbar-h2 { 
+  font-weight: bold;
+  padding: 4px 0;
+}
+
+h2, div.toolbar-h2  {
+  font-size: 1.0em;
+  color: #999;
+  border-bottom: 2px solid #ccc;
+}
+h2 img, div.toolbar-h2 img { 
+  vertical-align: middle;
+}
+h2 a { 
+}
+
+
+h3 {
+  font-size: 1.0em;
+}
+
+.form-center {
+	text-align: center;
+}
+select, input, textarea {
+	font-family: sans-serif;
+	font-size: 100%;
+}
+.indent {
+	margin-left: 1em;
+}
+.iso-md5 {
+	font-family: monospace;
+	text-align: right;
+}
+
+.list-iso th {
+	border-width: 0 0 1px 0;
+}
+.list-iso th + th {
+	border-left: 1px solid #ccc;
+}
+.list-iso td.seperated {
+        border-top: 1px solid #ccc;
+        font-weight: bold;
+}
+.list-iso {
+	font-size: 10px;
+	border: 1px solid #999;
+	padding: 1px;
+}
+.list-iso-item {
+	margin-left: 1em;
+}
+.list-iso-item {
+	color: #555;
+}
+.list-iso-item + .list-iso-item {
+	margin-top: 0.05em;
+}
+.list-iso p + p {
+}
+.a-to-z-bar {
+
+}
+.linkchain {
+	text-align: center;
+	font-size: 12px;
+	color: #555;
+        white-space: nowrap;
+}
+.linkchain a {
+	font-weight: bold;
+}
+.preference {
+	margin: 0 30px 0 30px;
+	text-align: left;
+	font-size: 0.9em;
+	font-weight: bold;
+	color: #444;
+}
+
+
+.schedule-action-interface th {
+	background-color: #fff;
+	padding: 2px;
+	border: none;
+	color: black;
+	text-align: left;
+}
+
+div.toolbar {
+	vertical-align: middle;
+	font-weight: normal;
+	font-size: 12px;
+	color: #999;
+        float: right;
+        margin-top: 9px;
+        white-space: nowrap;
+}
+.toolbar img {
+	border: none;
+	padding: 0 2px 1px 2px;
+	vertical-align: middle;
+}
+.toolbar a {
+	padding: 0 2px;
+	text-decoration: none;
+}
+
+div.up-arrow {
+	vertical-align: middle;
+	font-weight: normal;
+	font-size: 12px;
+	color: #999;
+        float: left;
+        margin: 0 2%;
+        white-space: nowrap;
+}
+.up-arrow img {
+	border: none;
+	padding: 0 2px 4px 2px;
+	vertical-align: middle;
+}
+.up-arrow a {
+	padding: 0 2px;
+	text-decoration: none;
+}
+
+
+.ok-explanation img {
+	border: none;
+	vertical-align: middle;
+	padding: 2px 0 4px 0;
+}
+
+
+.resubscribe-warning img {
+	border: none;
+	vertical-align: middle;
+	padding: 2px 0 4px 0;
+}
+
+.resubscribe-warning-big {
+	margin: 0 2%;
+	cursor: text;
+	color:  #c00;
+}
+.resubscribe-warning-big img {
+	border: none;
+	padding: 0 4px 0 0;
+	vertical-align: middle;
+	float: left;
+}
+
+.required-form-field {
+	font-weight: bold;
+	color:  #c00;
+}
+.ssm-overview th {
+	background-color: #fff;
+	border: none;
+	text-align: center;
+	padding: 6px;
+}
+
+
+table.namespace-control {
+  padding:  4px;
+}
+
+.namespace-control tr {
+	vertical-align:  middle;
+}
+
+.namespace-control td {
+	padding: 4px;
+}
+
+.namespace-control-buttons td {
+	padding:  4px;
+	vertical-align:  middle;
+}
+
+table.details-2-columns {
+	padding: 4px;
+	border: none;
+}
+
+table.details { 
+  margin: 0 2%;
+}
+.details th {
+	padding: 8px;
+        padding-left: 16px;
+	border: none;
+	color: #444;
+	text-align: right;
+	vertical-align: top;
+        border: 1px solid #ddd;
+        border:none;
+        background-color: #eee;
+        -moz-border-radius-topleft: 15px;
+        -moz-border-radius-bottomleft: 15px;
+}
+
+.details th.required-form-field { 
+  border-right: 4px solid #c77;
+}
+
+.details td {
+	vertical-align: top;
+	padding: 4px;
+        padding-left: 2px;
+        padding: 8px;
+        border-bottom: 0;
+}
+
+.details th + td {
+	border-bottom: 1px solid #ddd;
+}
+
+.details td div {
+	text-align: left;
+        margin-bottom: 10px;
+        white-space: nowrap;
+}
+
+.details td table td {
+        margin: 0;
+        padding: 0;
+	border: 0;
+}
+
+.details td table {
+}
+
+table.details td.small-form textarea {
+        font-size: 10px;
+        font-family: monospace;
+}
+
+.details-header {
+	font-weight: bold;
+	color: #444;
+	font-family: helvetica;
+}
+
+.system-status {
+	text-align: center;
+}
+.system-status img {
+	vertical-align: middle;
+	padding-top: 0px;
+	padding-bottom: 2px;
+}
+.system-update-critical {
+	font-weight: bold;
+	color: #900;
+}
+
+.system-status-critical-updates {
+	font-weight: bold;
+	color: #c00;
+}
+.system-status-updates {
+	font-weight: bold;
+	color: #d80;
+}
+.system-status-bugfixes {
+	font-weight: bold;
+	color: #337;
+}
+.system-status-enhancements {
+	font-weight: bold;
+	color: #595;
+}
+.system-status-updates-scheduled {
+	font-weight: bold;
+}
+.system-status-up-to-date {
+	font-weight: bold;
+	color: #68d;
+}
+.system-status-unentitled {
+	font-weight: bold;
+	color: #333;
+}
+.system-status-awol {
+	font-weight: bold;
+	color: #f63;
+}
+
+.system-status-locked {
+	font-weight: bold;
+	color: #f63;
+}
+
+.system-status-kickstart {
+	font-weight: bold;
+	color: #f90;
+}
+
+osa-offline {
+    font-weight: bold;
+     color: #900;
+}
+
+.osa-online {
+    font-weight: bold;
+    color: #68d;
+}
+
+.probe-status-critical {
+        font-weight: bold;
+        color: #c00;
+}
+
+.probe-status-unknown {
+        font-weight: bold;
+        color: #f63;
+}
+
+.work-with-group-header {
+	text-align:  right;
+}
+.work-with-group-header img {
+	border: none;
+}
+
+td.comparison {
+	padding: 10px;
+}
+
+.summary-row {
+	background-color: #f5f5f5;
+}
+
+.feedback-email { 
+  font-weight: bold;
+  color: #900;
+}
+
+.schedule-action-interface { 
+  color: black;
+}
+
+#navlogo { 
+  border: 0;
+  margin: 4px 13px;
+  position: absolute;
+  top: 5px;
+}
+#navtabs {
+  position: absolute;
+  left: 166px;  
+  top: 35px;
+  display: block;
+}
+#navhelp { 
+  position: absolute;
+  right: 10px;
+  top: 15px;
+  border: 0;
+  padding: 15px;
+  padding-top: 0px;
+}
+
+
+.action-summary-errata, .action-summary-package, .action-summary-config { 
+  padding-top: 10px;
+}
+
+.action-summary-errata ul, .action-summary-package ul, .action-summary-config ul { 
+  margin: 0;
+  list-style: none;
+}
+
+div.page-summary {
+  margin: 0 2%;
+  cursor: text;
+}
+
+div.page-summary a { 
+  text-decoration: underline;
+  cursor: pointer
+}
+
+div.marketing-summary {
+  margin: 0 2%;
+  cursor: text;
+}
+
+div.marketing-summary a { 
+  text-decoration: underline;
+  font-weight: bold;
+  cursor: pointer
+}
+
+.search-choices form { 
+  margin: 0;
+  padding: 0;
+}
+.search-choices { 
+  margin-top: 20px;
+}
+
+.search-choices-group { 
+  margin-left: 40px;
+}
+
+.debug-profile { 
+  background-color: #eee;
+  border: 1px solid #ccc;
+  margin: 20px 40px;
+  padding: 8px;
+}
+
+div.buy-now { 
+  text-align: left;	
+  padding-top: 16px;
+}
+
+div.buy-now img { 
+  border: 0;
+}
+
+span.no-details {
+  font-style: italic;
+  color: #777;
+}  
+
+.page-content {
+	padding: 6px 10px 6px 16px;
+        vertical-align: top;
+		width: 100%;
+}
+
+div.pki-embedded-help { 
+  padding: 6px 20px 6px 20px;
+}
+
+.pki-embedded-help-NAVHEADER th { 
+  margin-top: 0;
+  padding-bottom: 1em;
+  font-size: 20px;
+  border: 0;
+  background-color: #fff;
+  color: black;
+  text-align: left;
+}
+
+.pki-embedded-help-NAVHEADER td { 
+  padding: 0 2em;
+}
+
+.pki-embedded-help-TOC { 
+  padding: 0 4em;
+}
+
+code.line-of-code {
+  white-space: nowrap
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/AdminEsc.html b/dogtag/tps-ui/shared/docroot/esc/AdminEsc.html
new file mode 100755
index 000000000..4b2e0ba3b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/AdminEsc.html
@@ -0,0 +1,57 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<head>
+<title>Enterprise Security Administration Page</title>
+
+<link rel=stylesheet href="/style.css" type="text/css">
+
+</head>
+<body>
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="../images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+<br>
+<br>
+<table width=100%>
+<tr>
+  <td class="bodyText">
+Welcome to the Enterprise Security Administration Page.
+</p>
+<p>Below are some useful links that take you directly to some of 
+<br>the useful pages provided by the Enterprise Security program.
+</p>
+  </td>
+ </tr>
+</table>
+<br>
+<li><a class=linkText href="esc.cgi?action=enrollmentpage&screenname=">Key Enrollment Page</a></li>
+<li><a class=linkText href="esc.cgi?action=advancepage&screenname=">Advanced Function Page</a></li>
+<li><a class=linkText href="esc.cgi?action=tokenmanagerpage&screenname=">Token Manager Page</a></li>
+<li><a class=linkText href="esc.cgi?action=settingspage&screenname=">Settings Page</a></li>
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/AdvancePopup.html b/dogtag/tps-ui/shared/docroot/esc/AdvancePopup.html
new file mode 100755
index 000000000..ba2767509
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/AdvancePopup.html
@@ -0,0 +1,1713 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+<head>
+<link rel=stylesheet href="/style.css" type="text/css">
+
+<script language="JavaScript">
+
+//
+// initialize netkey globals
+var netkey;
+var isMSHTML;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+
+"Operation Completed Successfully.",
+    "Server Error.",
+    "Problem communicating with the token.",
+    "Problem communicating with the token.",
+    "Problem resetting token's pin.",
+    "Internal Server Error.",
+    "Internal Server Error",
+    "Token Enrollment Error.",
+    "Problem communicating with the token.",
+    "Internal Server Error",
+    "Error communicating with the Certificate Authority, try again later.",
+    "Internal Server Error.",
+    "Error resetting the token's pin.",
+    "Internal Server Error.",
+    "Authentication Failure, Try Again.",
+    "Internal Server Error",
+    "Token is disabled, contact technical support.",
+    "Problem communicating with the token.",
+    "Internal Server Error.",
+    "Cannot upgrade token software.",
+    "Internal Server Error.",
+    "Problem communicating with the token.",
+    "Invalid token type.",
+    "Invalid token type",
+    "Cannot publish.",
+    "Cannot communicate with token database, try again later.",
+    "Token is disabled, contact techincal support.",
+    "Cannot reset pin value for the token, contact technical support.",
+    "Connection to server lost.",
+    "Cannot create entry for token in database, contact technical support.",
+    "No such token state, contact technical support.",
+    "Invalid lost token reason, contact technical support.",
+    "Token unusable due to compromise,contact technical support.",
+    "No such inactive token, contact technical support.",
+    "Cannot process more than one active token.",
+    "Internal Server Error,contact technical support.",
+    "Key Recovery has been processed.",
+    "Key Recovery failed, contact technical support.",
+    "Cannot operate on token reported lost, contact technical support.",
+    "Key archival error, contact technical support.",
+    "Problem connecting to the TKS, contact technical support.",
+    "Failed to update token database, contact technical support.",
+    "Internal certificate revocation error,contact technical support.",
+    "User does not own this token, contact technical support."
+);
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                if(!isMSHTML)
+                {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                }
+
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+  if(!isMSHTML)
+    {
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+    }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+  if(!isMSHTML)
+  {
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              alert("Error Setting data values: " + e);
+          }
+
+      }
+
+  }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCoolKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCoolKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function ChallengeCOOLKey(keyType, keyID, data)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return ConvertVariantArrayToJScriptArray(netkey.ChallengeCoolKey(keyType, keyID, data));
+  } catch(e) {
+    ReportException("netkey.ChallengeCoolKey() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.ResetCoolKeyPIN(keyType, keyID, screenname, pin,screennamepwd);
+  } catch(e) {
+    ReportException("netkey.ResetCoolKeyPIN() failed! Make sure token is properly Enrolled.", e);
+    return false;
+  }
+  return true;
+}
+function FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.FormatCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function RequestServiceTicket(screenName, serviceName)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.RequestServiceTicket(screenName, serviceName);
+  } catch(e) {
+    ReportException("netkey..RequestServiceTicket() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.cells(index);
+  } else {
+    cell = row.cells[index];
+  }
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+  if (isMSHTML) {
+    node = parent.childNodes(index);
+  } else {
+    node = parent.childNodes[index];
+  }
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+ // cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+  //cell.appendChild(document.createTextNode(reqAuth));
+
+  //cell = GetCell(row,3);
+  //RemoveAllChildNodes(cell);
+  //cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function GetKeyStatusForKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return "UNKNOWN";
+
+  var cell = GetCell(row,1);
+  return GetNode(cell,0).data;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+ // document.getElementById("snametf").value = gScreenName;
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gKeyEnrollmentType == "deviceKey")
+  {
+  //  document.getElementById("snametf").disabled = true;
+  //  document.getElementById("pintf").disabled = true;
+   // document.getElementById("reenterpintf").disabled = true;
+  //  document.getElementById("snamepwd").disabled = true;
+  }
+  else
+  {
+ //   document.getElementById("snametf").disabled = false;
+  //  document.getElementById("pintf").disabled = false;
+  //  document.getElementById("reenterpintf").disabled = false;
+  //  document.getElementById("snamepwd").disabled = false;
+  }
+
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetKeyStatusForKeyID(keyType, keyID);
+
+    var validKey = (keyStatus == "NETKEY" || keyStatus == "HOUSEKEY");
+  //  document.getElementById("challengebtn").disabled = !validKey;
+    document.getElementById("blinkbtn").disabled = false;
+    //document.getElementById("enrollbtn").disabled = false;
+ //   document.getElementById("formatbtn").disabled = false;
+//    document.getElementById("resetpinbtn").disabled = !((keyStatus == "NETKEY") && (gKeyEnrollmentType == "userKey"));
+document.getElementById("resetpinbtn").disabled = !((gKeyEnrollmentType == "userKey"));
+  }
+  else
+  {
+    //document.getElementById("enrollbtn").disabled = true;
+    document.getElementById("resetpinbtn").disabled = true;
+  //  document.getElementById("formatbtn").disabled = true;
+   // document.getElementById("challengebtn").disabled = true;
+    document.getElementById("blinkbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = FindRow(window.event.srcElement);
+  } else {
+    row = FindRow(event.parentNode);
+  }
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+ 
+  if (isMSHTML) {
+     row.onclick = DoSelectRow;
+  }
+
+  // Create the key ID cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  // Create the is auth'ed cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(isAuthed));
+
+  // Create the status bar cell
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    alert("You must provide a valid screen name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    alert("You must provide a valid PIN!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    alert("The PIN values you entered don't match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       alert("You must provide a valid User Password!");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+  {
+    alert("Please select a key.");
+    return;
+  }
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = GetPINValue();
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  null; //GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd = null; // GetScreenNamePwd();
+
+
+    tokencode = GetTokenCode();
+
+    SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+  else
+    SetStatusMessage("Enrolling DeviceKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = GetPINValue() ;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+  else
+  {
+
+      alert("Your key must be enrolled before attempting a Pin Reset.");
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    alert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  alert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  alert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Enrollment for \"" + KeyToUIString(keyType, keyID) + "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("PIN Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Server Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key (" + keyIDStr + ") failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key (" + keyIDStr + ") canceled.";
+
+  alert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var pin = null;
+
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+</script>
+
+</head>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="../images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+  <br>
+  <table id="BindingTable" width="100%"><tbody>
+    <tr id="HeaderRow">
+      <th><p class="titleText">Key ID</p></th>
+      <th><p class="titleText">Key Status</p></th>
+<!--    <th><p class="titleText">Requires Auth</p></th>
+      <th><p class="titleText">Did Auth</p></th>
+-->
+      <th width="100"><p class="titleText">Progress</p></th>
+    </tr>
+  </tbody></table>
+  <form action="esc.cgi">
+    <input type="hidden" id="action" name="action" value="bind"> 
+    <input type="hidden" id="screenname" name="screenname" value="">
+    <input type="hidden" id="challengedata" name="challengedata" value="QVNDIHJvY2tzIHRoZSBwYXJ0eSE="> 
+    <input type="hidden" id="signedchallenge" name="signedchallenge" value="">
+    <input type="hidden" id="signedchallengelength" name="signedchallengelength" value=""> 
+    <input type="hidden" id="nonce" name="nonce" value="">
+    <input type="hidden" id="noncelength" name="noncelength" value=""> 
+    <input type="hidden" id="keytype" name="keytype" value="">
+    <input type="hidden" id="keyid" name="keyid" value="">
+    <input type="hidden" id="keylabel" name="keylabel" value=""> 
+    <table width=100%>
+      <tr> 
+        <td class="bodyText"> 
+          Select enrollment type: <input checked type="radio" id="keytype" name="keytype" value="userKey" onClick="SetEnrollmentType('userKey');">UserKey
+        </td> 
+      </tr> 
+    </table>
+    <table>
+      <tr> 
+        <td><p class="bodyText">Token PIN:</p></td>
+        <td><input type="password" id="pintf" id="pintf" name="pintf" value=""></td>
+        <td><p class="bodyText">Re-Enter PIN:</p></td>
+        <td><input type="password" id="reenterpintf" id="reenterpintf" name="reenterpintf" value=""></td>
+      </tr>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td valign="center" align="left">
+          <input type="button" id="resetpinbtn" name="resetpinbtn" value="Reset PIN" onClick="DoResetSelectedCOOLKeyPIN();">
+        <!--  <input type="button" id="formatbtn" name="formatbtn" value="Format" onClick="DoFormatCOOLKey();"> -->
+      <!--    <input type="button" id="challengebtn" name="challengebtn" value="Challenge" onClick="DoChallengeSelectedKey();"> --> 
+          <input type="button" id="blinkbtn" name="blinkbtn" value="Blink" onClick="DoBlinkCOOLKey();"> 
+          <input type="button" id="canclebtn" name="canclebtn" value="Cancel" onClick="DoCancelOperation();">
+
+        <!--  <input type="button" id="helpbtn" name="helpbtn" value="Help" onClick="DoHelp();"> -->
+        </td>
+      </tr>
+    </table>
+    <table width="100%">
+      <tr>
+      <!--  <td valign="center" align="right">
+          <h5><a href="esc.cgi?">Enterprise Security  Admin Page</a></h5>
+        </td> -->
+      </tr>
+    </table>
+  </form>
+  <table width="100%">
+    <tr>
+      <td valign="center" align="left" style="width: 200px;">
+        <div id="cylon1" class="cylon" style="width: 200px; height: 10px;">
+          <div id="eye1" class="cylonEye" style="top: 0px; left: 0px; width: 28px; height: 8px; visibility: hidden;"></div>
+        </div>
+      </td>
+      <td valign="center" align="left" id="statusMsg"></td>
+    </tr>
+  </table>
+</body></html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/EnrollPopup.html b/dogtag/tps-ui/shared/docroot/esc/EnrollPopup.html
new file mode 100755
index 000000000..fe3b0fdd0
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/EnrollPopup.html
@@ -0,0 +1,1717 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+<head>
+<link rel=stylesheet href="/style.css" type="text/css">
+
+<script language="JavaScript">
+
+//
+// initialize netkey globals
+var netkey;
+var isMSHTML;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+"Operation Completed Successfully.",
+    "Server Error.",
+    "Problem communicating with the token.",
+    "Problem communicating with the token.",
+    "Problem resetting token's pin.",
+    "Internal Server Error.",
+    "Internal Server Error",
+    "Token Enrollment Error.",
+    "Problem communicating with the token.",
+    "Internal Server Error",
+    "Error communicating with the Certificate Authority, try again later.",
+    "Internal Server Error.",
+    "Error resetting the token's pin.",
+    "Internal Server Error.",
+    "Authentication Failure, Try Again.",
+    "Internal Server Error",
+    "Token is disabled, contact technical support.",
+    "Problem communicating with the token.",
+    "Internal Server Error.",
+    "Cannot upgrade token software.",
+    "Internal Server Error.",
+    "Problem communicating with the token.",
+    "Invalid token type.",
+    "Invalid token type",
+    "Cannot publish.",
+    "Cannot communicate with token database, try again later.",
+    "Token is disabled, contact techincal support.",
+    "Cannot reset pin value for the token, contact technical support.",
+    "Connection to server lost.",
+    "Cannot create entry for token in database, contact technical support.",
+    "No such token state, contact technical support.",
+    "Invalid lost token reason, contact technical support.",
+    "Token unusable due to compromise,contact technical support.",
+    "No such inactive token, contact technical support.",
+    "Cannot process more than one active token.",
+    "Internal Server Error,contact technical support.",
+    "Key Recovery has been processed.",
+    "Key Recovery failed, contact technical support.",
+    "Cannot operate on token reported lost, contact technical support.",
+    "Key archival error, contact technical support.",
+    "Problem connecting to the TKS, contact technical support.",
+    "Failed to update token database, contact technical support.",
+    "Internal certificate revocation error,contact technical support.",
+    "User does not own this token, contact technical support." 
+);    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                if(!isMSHTML)
+                {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                }
+
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+  if(!isMSHTML)
+    {
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+    }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+  if(!isMSHTML)
+  {
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              alert("Error Setting data values: " + e);
+          }
+
+      }
+
+  }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function ChallengeCOOLKey(keyType, keyID, data)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return ConvertVariantArrayToJScriptArray(netkey.ChallengeCoolKey(keyType, keyID, data));
+  } catch(e) {
+    ReportException("netkey.ChallengeCoolKey() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.ResetCoolKeyPIN(keyType, keyID, screenname, pin,screennamepwd);
+  } catch(e) {
+    ReportException("netkey.ResetCoolKeyPIN() failed! Make sure token is properly Enrolled.", e);
+    return false;
+  }
+  return true;
+}
+function FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.FormatCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function RequestServiceTicket(screenName, serviceName)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.RequestServiceTicket(screenName, serviceName);
+  } catch(e) {
+    ReportException("netkey..RequestServiceTicket() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.cells(index);
+  } else {
+    cell = row.cells[index];
+  }
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+  if (isMSHTML) {
+    node = parent.childNodes(index);
+  } else {
+    node = parent.childNodes[index];
+  }
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function GetKeyStatusForKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return "UNKNOWN";
+
+  var cell = GetCell(row,1);
+  return GetNode(cell,0).data;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+ // document.getElementById("snametf").value = gScreenName;
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gKeyEnrollmentType == "deviceKey")
+  {
+  //  document.getElementById("snametf").disabled = true;
+  //  document.getElementById("pintf").disabled = true;
+   // document.getElementById("reenterpintf").disabled = true;
+  //  document.getElementById("snamepwd").disabled = true;
+  }
+  else
+  {
+ //   document.getElementById("snametf").disabled = false;
+  //  document.getElementById("pintf").disabled = false;
+  //  document.getElementById("reenterpintf").disabled = false;
+  //  document.getElementById("snamepwd").disabled = false;
+  }
+
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetKeyStatusForKeyID(keyType, keyID);
+
+    var validKey = (keyStatus == "NETKEY" || keyStatus == "HOUSEKEY");
+  //  document.getElementById("challengebtn").disabled = !validKey;
+   // document.getElementById("blinkbtn").disabled = false;
+    document.getElementById("enrollbtn").disabled = false;
+    //document.getElementById("formatbtn").disabled = false;
+//    document.getElementById("resetpinbtn").disabled = !((keyStatus == "NETKEY") && (gKeyEnrollmentType == "userKey"));
+//document.getElementById("resetpinbtn").disabled = !((gKeyEnrollmentType == "userKey"));
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+    //document.getElementById("resetpinbtn").disabled = true;
+    //document.getElementById("formatbtn").disabled = true;
+   // document.getElementById("challengebtn").disabled = true;
+    //document.getElementById("blinkbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = FindRow(window.event.srcElement);
+  } else {
+    row = FindRow(event.parentNode);
+  }
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+ 
+  if (isMSHTML) {
+     row.onclick = DoSelectRow;
+  }
+
+  // Create the key ID cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  // Create the is auth'ed cell.
+ // cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(isAuthed));
+
+  // Create the status bar cell
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    alert("You must provide a valid screen name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    alert("You must provide a valid Token PIN!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    alert("The PIN values you entered don't match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       alert("You must provide a valid User Password!");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    alert("Please select a key.");
+    return;
+  }
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  null; //GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd = null; // GetScreenNamePwd();
+
+
+    tokencode = GetTokenCode();
+
+    SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+  else
+    SetStatusMessage("Enrolling DeviceKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    alert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  alert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  alert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Enrollment for \"" + KeyToUIString(keyType, keyID) + "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("PIN Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Server Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key (" + keyIDStr + ") failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key (" + keyIDStr + ") canceled.";
+
+  alert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+//    screenname = GetScreenNameValue();
+//    if (! screenname)
+ //     return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+//    screennamepwd = GetScreenNamePwd();
+
+//    if(! screennamepwd)
+ //       return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+</script>
+
+</head>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+<table width="100%">
+  <tr>
+    <td>
+<img src="../images/logo.gif">
+    </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+  <br>
+  <table id="BindingTable" width="100%"><tbody>
+    <tr id="HeaderRow">
+      <th><p class="titleText">Key ID</p></th>
+      <th><p class="titleText">Key Status</p></th>
+<!--      <th><p class="titleText">Requires Auth</p></th>
+      <th><p class="titleText">Did Auth</p></th>
+-->
+      <th width="100"><p class="titleText">Progress</p></th>
+    </tr>
+  </tbody></table>
+  <form action="esc.cgi">
+    <input type="hidden" id="action" name="action" value="bind"> 
+    <input type="hidden" id="screenname" name="screenname" value="">
+    <input type="hidden" id="challengedata" name="challengedata" value="QVNDIHJvY2tzIHRoZSBwYXJ0eSE="> 
+    <input type="hidden" id="signedchallenge" name="signedchallenge" value="">
+    <input type="hidden" id="signedchallengelength" name="signedchallengelength" value=""> 
+    <input type="hidden" id="nonce" name="nonce" value="">
+    <input type="hidden" id="noncelength" name="noncelength" value=""> 
+    <input type="hidden" id="keytype" name="keytype" value="">
+    <input type="hidden" id="keyid" name="keyid" value="">
+    <input type="hidden" id="keylabel" name="keylabel" value=""> 
+    <table width=100%>
+      <tr> 
+        <td class="bodyText"> 
+          Select enrollment type: <input checked type="radio" id="keytype" name="keytype" value="userKey" onClick="SetEnrollmentType('userKey');">UserKey
+        </td> 
+      </tr> 
+    </table>
+    <table>
+      <tr> 
+        <td><p class="bodyText">Token PIN:</p></td>
+        <td><input type="password" id="pintf" id="pintf" name="pintf" value=""></td>
+        <td><p class="bodyText">Re-Enter PIN:</p></td>
+        <td><input type="password" id="reenterpintf" id="reenterpintf" name="reenterpintf" value=""></td>
+      </tr>
+    </table>
+    <br>
+    <table width="100%">
+      <tr>
+        <td valign="center" align="left">
+          <input type="button" id="enrollbtn" name="enrollbtn" value="Enroll" onClick="DoEnrollCOOLKey();">
+          <input type="button" id="canclebtn" name="canclebtn" value="Cancel" onClick="DoCancelOperation();">
+        </td>
+      </tr>
+    </table>
+    <table width="100%">
+      <tr>
+      <!--  <td valign="center" align="right">
+          <h5><a href="esc.cgi?">Enterprise Security  Admin Page</a></h5>
+        </td> -->
+      </tr>
+    </table>
+  </form>
+  <table width="100%">
+    <tr>
+      <td valign="center" align="left" style="width: 200px;">
+        <div id="cylon1" class="cylon" style="width: 200px; height: 10px;">
+          <div id="eye1" class="cylonEye" style="top: 0px; left: 0px; width: 28px; height: 8px; visibility: hidden;"></div>
+        </div>
+      </td>
+      <td valign="center" align="left" id="statusMsg"></td>
+    </tr>
+  </table>
+</body></html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/GenericAuth.html b/dogtag/tps-ui/shared/docroot/esc/GenericAuth.html
new file mode 100755
index 000000000..7891a0cc3
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/GenericAuth.html
@@ -0,0 +1,536 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(../images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/SettingsEsc.html b/dogtag/tps-ui/shared/docroot/esc/SettingsEsc.html
new file mode 100755
index 000000000..328df5792
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/SettingsEsc.html
@@ -0,0 +1,737 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<head>
+
+<link rel=stylesheet href="/style.css" type="text/css">
+
+<script lang="JavaScript">
+//
+// initialize netkey globals
+var netkey;
+var gNotify = null;
+var isMSHTML;
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+
+    gNotify = new jsNotify;
+
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+
+////////////////////////////////////////////////////////////////
+//
+// Host will be responsible for generating the gBindingsArray.
+//
+////////////////////////////////////////////////////////////////
+
+var gBindingsArray = [
+  <!-- SECURECOOL_BINDINGS_ARRAY -->
+];
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+var gKeyBusyArray = [ ];
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function LoadBindingsIntoTable()
+{
+  var table = document.getElementById("KeyTable");
+
+  if (table)
+  {
+    var i;
+    for (i=0; i < gBindingsArray.length; i++)
+    {
+      CreateTableRow(table, gBindingsArray[i][0], gBindingsArray[i][1], false,
+                     gBindingsArray[i][2], true);
+    }
+  }
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("KeyTable");
+    if (table)
+    {
+      // The assumption here is that if the key isn't already
+      // listed in the table, then it must be a new unbound key!
+
+      row = CreateTableRow(table, keyType, keyID, true, keyID, false);
+    }
+
+    if (!row)
+      return null;
+  }
+  else if (IsKeyBound(keyType, keyID))
+    SetKeyIsVisible(row, true);
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkCoolKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+}
+
+function InitializeBindingTable()
+{
+  LoadBindingsIntoTable();
+  UpdateBindingTableAvailability();
+}
+
+function IsKeyBound(keyType, keyID)
+{
+  
+  for (i=0; i < gBindingsArray.length; i++)
+  {
+    if (keyType == gBindingsArray[i][0] && keyID == gBindingsArray[i][1])
+      return true;
+  }
+
+  return false;
+}
+
+function COOLKeyIsBusy(keyType, keyID)
+{
+  for (i=0; i < gKeyBusyArray.length; i++)
+  {
+    if (keyType == gKeyBusyArray[i][0] && keyID == gKeyBusyArray[i][1])
+      return true;
+  }
+
+  return false;
+}
+
+function AddKeyToBusyArray(keyType, keyID)
+{
+  // If key is already in our array, nothing to do.
+  if (COOLKeyIsBusy(keyType, keyID))
+    return;
+
+  gKeyBusyArray.push(new Array(keyType, keyID));
+}
+
+function RemoveKeyFromBusyArray(keyType, keyID)
+{
+  for (i=0; i < gKeyBusyArray.length; i++)
+  {
+    if (keyType == gKeyBusyArray[i][0] && keyID == gKeyBusyArray[i][1])
+      gKeyBusyArray.splice(i, 1);
+  }
+}
+
+function SetKeyIsVisible(row, isVisible)
+{
+  if (!row) return;
+  var cell = row.cells(0);
+  if (!cell) return;
+
+  var v = "inherit";
+  if (!isVisible)
+    v = "hidden";
+  cell.firstChild.style.visibility = v;
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+function CreateTableRow(table, keyType, keyID, isAvailable, label, isSecured)
+{
+  
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (label == keyID)
+    label = keyIDStr;
+
+  // Add a tooltip to the row so that it displays more info.
+  var title = keyType + " - " + keyIDStr;
+  if (isSecured && label)
+    title += " - " + label;
+  row.setAttribute("title", title);
+
+  // Create the isAvailable cell:
+  cell = InsertCell(row);
+  cell.setAttribute("align", "center");
+  var a = document.createElement("a");
+  a.setAttribute("href", "javascript:DoBlinkCOOLKey(" + keyType + ", '" + keyID + "');");
+  if (! isAvailable)
+    a.style.visibility = "hidden";
+  var img = document.createElement("img");
+  img.setAttribute("src", "../images/NetKey-Small.gif");
+  a.appendChild(img);
+  cell.appendChild(a);
+
+  // Create the label cell. Make sure we truncate long
+  // labels so that they fit nicely into the window.
+  cell = InsertCell(row);
+  if (label.length > 24)
+    label = label.substr(0, 24) + "...";
+  cell.appendChild(document.createTextNode(label));
+
+  // Create the action cell:
+  cell = InsertCell(row);
+  a = document.createElement("a");
+  if (isSecured)
+  {
+  //  a.setAttribute("href", "javascript:UnbindCOOLKey(" + keyType + ", '" + keyID + "');");
+    a.appendChild(document.createTextNode("Release"));
+  }
+  else
+  {
+  //  a.setAttribute("href", "javascript:BindCOOLKey(" + keyType + ", '" + keyID + "');");
+    a.appendChild(document.createTextNode("Secure"));
+  }
+  cell.appendChild(a);
+
+  // Create the secured cell:
+  cell = InsertCell(row);
+  cell.setAttribute("align", "center");
+  img = document.createElement("img");
+  img.setAttribute("src", "../images/PadLock.gif");
+  if (!isSecured)
+  img.style.visibility = "hidden";
+  cell.appendChild(img);
+
+  return row;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.GetCOOLKeyStatus(keyType, keyID)
+//
+//       - Returns an integer describing the status of the COOLKey. Possible
+//         values are:
+//
+//           0 // Unavailable
+//           1 // AppletNotFound
+//           2 // Uninitialized
+//           3 // Unknown
+//           4 // Available
+//           5 // EnrollmentInProgress
+//           6 // UnblockInProgress
+//           7 // PINResetInProgress
+//           8 // RenewInProgress
+//           9 // FormatInProgress
+//          10 // BlinkInProgress
+//
+//     netkey.GetCOOLKeyPolicy(keyType, keyID)
+//
+//       - Retrieves the Certificate Policy Extension Object Identifier (OID)
+//         as a string. This can be useful for distinguishing between types of
+//         COOLKeys. The list of currently defined OIDS are:
+//
+//             Bronze Member - Phase 1:     OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1
+//             Silver Member - Phase 2:     OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2
+//             Gold Associate - Phase 2:    OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3
+//             Platinum MyDoctor - Phase 2: OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4
+//
+//     netkey.GetCOOLKeyRequiresAuthentication(keyType, keyID)
+//
+//       - Returns a bool value that indicates whether or not the COOLKey
+//         requires a PIN to access crypto functionality.
+//
+//     netkey.AuthenticateCOOLKey(keyType, keyID, pin)
+//
+//       - Attempts to authenticates to the COOLKey using the supplied
+//         pin string.
+//
+//     netkey.InitCOOLKey(keyType, keyID, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass null values for both screenName and pin, otherwise, the key.
+//         is formatted as a NetKey.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+//     netkey.RequestServiceTicket(screenName, serviceName)
+//
+//       - Makes an async ticket request for a specific service.
+//         The ticket is returned via the OnTicketRequestSuccess()
+//         callback.
+//
+//     netkey.CancelServiceTicketRequest(screenName, serviceName)
+//
+//       - Cancels a specific service ticket request that may be pending.
+//
+////////////////////////////////////////////////////////////////
+
+function BindCOOLKey(keyType, keyID)
+{
+  if (COOLKeyIsBusy(keyType, keyID))
+  {
+    alert("COOLKey '" + keyID + "' is busy!");
+    return;
+  }
+
+  document.forms[0].action.value = "setlabelpage";
+  document.forms[0].keytype.value = keyType;
+  document.forms[0].keyid.value = keyID;
+  document.forms[0].submit();
+}
+
+function UnbindCOOLKey(keyType, keyID)
+{
+  if (COOLKeyIsBusy(keyType, keyID))
+  {
+    alert("COOLKey '" + keyID + "' is busy!");
+    return;
+  }
+
+  document.forms[0].action.value = "unbindprogresspage";
+  document.forms[0].keytype.value = keyType;
+  document.forms[0].keyid.value = keyID;
+  document.forms[0].submit();
+}
+
+function PurchaseMoreKeys()
+{
+}
+
+function LoadHelp()
+{
+  alert("- Click on the key icon for a specific key to make it blink.\n");
+}
+
+function DoBlinkCOOLKey(keyType, keyID)
+{
+  if (!keyID)
+    return;
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+}
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  refresh();
+}
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("KeyTable");
+  if (row && table)
+  {
+    if (IsKeyBound(keyType, keyID))
+      SetKeyIsVisible(row, false);
+    else
+      RemoveRow(table, row)
+  }
+
+  refresh();
+}
+
+function OnCOOLKeyBusyStart(keyType, keyID)
+{
+  AddKeyToBusyArray(keyType, keyID);
+}
+
+function OnCOOLKeyBusyEnd(keyType, keyID)
+{
+  RemoveKeyFromBusyArray(keyType, keyID);
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+////////////////////////////////////////////////////////////////////////////
+//
+// Notification functions called directly from ASC native code. These
+// functions will only be called if they exist in the current running
+// JavaScript context.
+//
+//   OnCOOLKeyStateChange(keyType, keyID, keyState, data)
+//
+//     - Called when the state of the COOLKey changes. Values for key
+//
+//     keyState   Description             data
+//     -------------------------------------------------------
+//       1000     Key Inserted            <none>
+//       1001     Key Removed             <none>
+//       1002     Enrollment Start        <0=Phase1, 1=Phase2>
+//       1003     Enrollment Complete     <none>
+//       1004     Enrollment Error        Integer Error Code
+//       1005     Unblock Start           <none>
+//       1006     Unblock Complete        <none>
+//       1007     Unblock Error           Integer Error Code
+//       1008     PIN Reset Start         <none>
+//       1009     PIN Reset Complete      <none>
+//       1010     PIN Reset Error         Integer Error Code
+//       1011     Renew Start             <none>
+//       1012     Renew Complete          <none>
+//       1013     Renew Error             Integer Error Code
+//       1014     Format Start            <none>
+//       1015     Format Complete         <none>
+//       1016     Format Error            Integer Error Code
+//       1017     Blink Start             <none>
+//       1018     Blink Complete          <none>
+//       1019     Blink Error             Integer Error Code
+//       1020     Operation Cancelled     Integer Error Code
+//
+//    OnTicketRequestSuccess(serviceName, ticket, authenticator)
+//
+//      - Called when a service ticket request made with 
+//        netkey.RequestServiceTicket() completes successfully.
+//        ticket is the Base64 encoded Kerberos ticket. authenticator
+//        is the Base64 encoded authenticator.
+//
+//    OnTicketRequestException(serviceName, errCode, errSubSystem, errMsg)
+//
+//      - Called when a service ticket request made with
+//        netkey.RequestServiceTicket() fails. serviceName is the service
+//        name used when the request was made. errCode is the error code
+//        defined by CLC. errSubSystem is the sub system defined by CLC.
+//        errMsg is the string containing the error message to display. This
+//        string is provided by UAS or CLC.
+//
+////////////////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data)
+{
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+    case 1005: // UnblockStart
+    case 1008: // PINResetStart
+    case 1011: // RenewStart
+    case 1014: // FormatStart
+      OnCOOLKeyBusyStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+    case 1004: // EnrollmentError
+    case 1006: // UnblockComplete
+    case 1007: // UnblockError
+    case 1009: // PINResetComplete
+    case 1010: // PINResetError
+    case 1012: // RenewComplete
+    case 1013: // RenewError
+    case 1015: // FormatComplete
+    case 1016: // FormatError
+      OnCOOLKeyBusyEnd(keyType, keyID);
+      break;
+  }
+}
+
+</script>
+</head>
+<body onLoad="InitializeBindingTable();" onUnload="cleanup();">
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="../images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+<form method="post" action="esc.cgi">
+<input type="hidden" name="action" value="settingspage">
+<input type="hidden" name="screenname" value="<!-- SECURECOOL_SCREENNAME -->">
+<input type="hidden" name="keytype" value="">
+<input type="hidden" name="keyid" value="">
+<table class="PageHeader">
+</table>
+<table class="ContentTable">
+<tbody>
+<tr><td colspan="2">
+<b>Coolkey</b> (Enterprise Security Key) helps users perform various cryptographic operations.
+<br>
+Your Coolkey(s) and any other Coolkey(s) plugged into this computer are shown here. 
+<br>
+<br>
+<div class="TableTitle">Coolkey(s)   <!-- SECURECOOL_SCREENNAME --></div>
+</td></tr>
+<tr>
+  <td width="55%" valign="top">
+  <table id="KeyTable">
+  <tbody>
+    <tr class="KeyTableHeader">
+      <th></th>
+      <th><p class="titleText">Name</p></th>
+      <th></th>
+      <th><p class="titleText">Secured</p></th>
+    </tr>
+  </tbody>
+  </table>
+  </td>
+</tr>
+</tbody>
+</table>
+</form>
+</body>
+</html>
+
diff --git a/dogtag/tps-ui/shared/docroot/esc/TokenManager.html b/dogtag/tps-ui/shared/docroot/esc/TokenManager.html
new file mode 100755
index 000000000..8538316d4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/TokenManager.html
@@ -0,0 +1,1705 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+
+<head>
+<link rel=stylesheet href="/style.css" type="text/css">
+
+<script language="JavaScript">
+
+//
+// initialize netkey globals
+var netkey;
+var isMSHTML;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+//
+// Determine if we are running MSHTML or GECKO
+//
+if (navigator.userAgent.indexOf("MSIE") != -1) {
+  isMSHTML = true;
+} else {
+  isMSHTML = false;
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          alert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+if (!isMSHTML) {
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+  }
+} else {
+  // MSHTML only initialization
+  netkey = external;
+}
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+  if (!isMSHTML) {
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     alert("Can't get UniversalXPConnect: " + e);
+    }
+  }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+
+"Operation Completed Successfully.",
+    "Server Error.",
+    "Problem communicating with the token.",
+    "Problem communicating with the token.",
+    "Problem resetting token's pin.",
+    "Internal Server Error.",
+    "Internal Server Error",
+    "Token Enrollment Error.",
+    "Problem communicating with the token.",
+    "Internal Server Error",
+    "Error communicating with the Certificate Authority, try again later.",
+    "Internal Server Error.",
+    "Error resetting the token's pin.",
+    "Internal Server Error.",
+    "Authentication Failure, Try Again.",
+    "Internal Server Error",
+    "Token is disabled, contact technical support.",
+    "Problem communicating with the token.",
+    "Internal Server Error.",
+    "Cannot upgrade token software.",
+    "Internal Server Error.",
+    "Problem communicating with the token.",
+    "Invalid token type.",
+    "Invalid token type",
+    "Cannot publish.",
+    "Cannot communicate with token database, try again later.",
+    "Token is disabled, contact techincal support.",
+    "Cannot reset pin value for the token, contact technical support.",
+    "Connection to server lost.",
+    "Cannot create entry for token in database, contact technical support.",
+    "No such token state, contact technical support.",
+    "Invalid lost token reason, contact technical support.",
+    "Token unusable due to compromise,contact technical support.",
+    "No such inactive token, contact technical support.",
+    "Cannot process more than one active token.",
+    "Internal Server Error,contact technical support.",
+    "Key Recovery has been processed.",
+    "Key Recovery failed, contact technical support.",
+    "Cannot operate on token reported lost, contact technical support.",
+    "Key archival error, contact technical support.",
+    "Problem connecting to the TKS, contact technical support.",
+    "Failed to update token database, contact technical support.",
+    "Internal certificate revocation error,contact technical support.",
+    "User does not own this token, contact technical support."
+);
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                if(!isMSHTML)
+                {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                }
+
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+  if(!isMSHTML)
+    {
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                alert("Error Setting data values: " + e);
+            }
+        }
+    }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+  if(!isMSHTML)
+  {
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              alert("Error Setting data values: " + e);
+          }
+
+      }
+
+  }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  alert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetESCKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetESCKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetESCKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetESCKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    } else {
+      keyArr = ConvertVariantArrayToJScriptArray(netkey.GetAvailableCoolKeys());
+
+      var i;
+      for (i=0; i < keyArr.length; i++)
+        keyArr[i] = ConvertVariantArrayToJScriptArray(keyArr[i]);
+    }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableESCKeys() failed!", e);
+    return [];
+  }
+}
+
+function ChallengeCOOLKey(keyType, keyID, data)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return ConvertVariantArrayToJScriptArray(netkey.ChallengeCoolKey(keyType, keyID, data));
+  } catch(e) {
+    ReportException("netkey.ChallengeESCKey() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollESCKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetESCKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.ResetCoolKeyPIN(keyType, keyID, screenname, pin,screennamepwd);
+  } catch(e) {
+    ReportException("netkey.ResetESCKeyPIN() failed! Make sure token is properly Enrolled.", e);
+    return false;
+  }
+  return true;
+}
+function FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.FormatESCKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelESCKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function BlinkCOOLKey(keyType, keyID, rate, duration)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.BlinkCoolKey(keyType, keyID, rate, duration);
+  } catch(e) {
+    ReportException("netkey.BlinkESCKey() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function RequestServiceTicket(screenName, serviceName)
+{
+  try {
+    if (!isMSHTML) {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    }
+    netkey.RequestServiceTicket(screenName, serviceName);
+  } catch(e) {
+    ReportException("netkey..RequestServiceTicket() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+  if (isMSHTML) {
+    row.removeNode(row);
+  } else {
+    table.deleteRow(row.rowIndex);
+  }
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.cells(index);
+  } else {
+    cell = row.cells[index];
+  }
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+  if (isMSHTML) {
+    node = parent.childNodes(index);
+  } else {
+    node = parent.childNodes[index];
+  }
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = table.insertRow();
+  } else {
+    row = table.insertRow(table.rows.length);
+  }
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+  if (isMSHTML) {
+    cell = row.insertCell();
+  } else {
+    cell = row.insertCell(row.cells.length);
+  }
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+ // cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  //cell = GetCell(row,3);
+  //RemoveAllChildNodes(cell);
+  //cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function GetKeyStatusForKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return "UNKNOWN";
+
+  var cell = GetCell(row,1);
+  return GetNode(cell,0).data;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+ // document.getElementById("snametf").value = gScreenName;
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gKeyEnrollmentType == "deviceKey")
+  {
+  //  document.getElementById("snametf").disabled = true;
+  //  document.getElementById("pintf").disabled = true;
+   // document.getElementById("reenterpintf").disabled = true;
+  //  document.getElementById("snamepwd").disabled = true;
+  }
+  else
+  {
+ //   document.getElementById("snametf").disabled = false;
+  //  document.getElementById("pintf").disabled = false;
+  //  document.getElementById("reenterpintf").disabled = false;
+  //  document.getElementById("snamepwd").disabled = false;
+  }
+
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetKeyStatusForKeyID(keyType, keyID);
+
+    var validKey = (keyStatus == "NETKEY" || keyStatus == "HOUSEKEY");
+  //  document.getElementById("challengebtn").disabled = !validKey;
+    document.getElementById("blinkbtn").disabled = false;
+//    document.getElementById("enrollbtn").disabled = false;
+    document.getElementById("formatbtn").disabled = false;
+//    document.getElementById("resetpinbtn").disabled = !((keyStatus == "NETKEY") && (gKeyEnrollmentType == "userKey"));
+//document.getElementById("resetpinbtn").disabled = !((gKeyEnrollmentType == "userKey"));
+  }
+  else
+  {
+    //document.getElementById("enrollbtn").disabled = true;
+   // document.getElementById("resetpinbtn").disabled = true;
+    document.getElementById("formatbtn").disabled = true;
+   // document.getElementById("challengebtn").disabled = true;
+    document.getElementById("blinkbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+  if (isMSHTML) {
+    row = FindRow(window.event.srcElement);
+  } else {
+    row = FindRow(event.parentNode);
+  }
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+
+ 
+  if (isMSHTML) {
+     row.onclick = DoSelectRow;
+  }
+
+  // Create the key ID cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(reqAuth));
+
+  // Create the is auth'ed cell.
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode(isAuthed));
+
+  // Create the status bar cell
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ASC native code.
+//
+// ASC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//     netkey.ChallengeCOOLKey(keyType, keyID, data)
+//
+//       - Signs some data with the specified key, and returns the results
+//         in an AcviteX Variant SafeArray. Before accessing any data in
+//         this array, you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray(). The elements in the
+//         array are as follows:
+//
+//             array[0] --> Length of the signed challenge data in binary form.
+//             array[1] --> The signed challenge data as hex.
+//             array[0] --> Length of the nonce data in binary form.
+//             array[0] --> The nonce data as hex.
+//
+//     netkey.BlinkCOOLKey(keyType, keyID, rate, duration)
+//
+//       - Make a specific key blink at a given rate for a given duration.
+//         rate and duration are specified in milliseconds.
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    alert("You must provide a valid screen name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    alert("You must provide a valid PIN!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    alert("The PIN values you entered don't match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       alert("You must provide a valid User Password!");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+  {
+    alert("Please select a key.");
+    return;
+  }
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  null; //GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd = null; // GetScreenNamePwd();
+
+
+    tokencode = GetTokenCode();
+
+    SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+  else
+    SetStatusMessage("Enrolling DeviceKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+ // if(!Validate())
+  //   return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+ // if(!Validate())
+  //   return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    alert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  alert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  alert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Enrollment for \"" + KeyToUIString(keyType, keyID) + "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("PIN Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  alert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Server Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key (" + keyIDStr + ") failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key (" + keyIDStr + ") failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key (" + keyIDStr + ") canceled.";
+
+  alert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+//    screenname = GetScreenNameValue();
+//    if (! screenname)
+ //     return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+//    screennamepwd = GetScreenNamePwd();
+
+//    if(! screennamepwd)
+ //       return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+</script>
+
+</head>
+<body onload="InitializeBindingTable();" onunload=cleanup()>
+
+<table width="100%">
+  <tr>
+    <td>
+<img src="../images/logo.gif">     </td>
+    <td>
+      <p class="headerText"><a href="esc.cgi?screenname=">Enterprise Security Client</a></p>
+    </td>
+  <tr>
+</table>
+
+  <br>
+  <table id="BindingTable" width="100%"><tbody>
+    <tr id="HeaderRow">
+      <th><p class="titleText">Key ID</p></th>
+      <th><p class="titleText">Key Status</p></th>
+<!--      <th><p class="titleText">Requires Auth</p></th>
+      <th><p class="titleText">Did Auth</p></th>
+
+-->
+      <th width="100"><p class="titleText">Progress</p></th>
+    </tr>
+  </tbody></table>
+  <form action="esc.cgi">
+    <input type="hidden" id="action" name="action" value="bind"> 
+    <input type="hidden" id="screenname" name="screenname" value="">
+    <input type="hidden" id="challengedata" name="challengedata" value="QVNDIHJvY2tzIHRoZSBwYXJ0eSE="> 
+    <input type="hidden" id="signedchallenge" name="signedchallenge" value="">
+    <input type="hidden" id="signedchallengelength" name="signedchallengelength" value=""> 
+    <input type="hidden" id="nonce" name="nonce" value="">
+    <input type="hidden" id="noncelength" name="noncelength" value=""> 
+    <input type="hidden" id="keytype" name="keytype" value="">
+    <input type="hidden" id="keyid" name="keyid" value="">
+    <input type="hidden" id="keylabel" name="keylabel" value=""> 
+    <br>
+    <table width="100%">
+      <tr>
+        <td valign="center" align="left">
+          <input type="button" id="formatbtn" name="formatbtn" value="Format" onClick="DoFormatCOOLKey();">
+      <!--    <input type="button" id="challengebtn" name="challengebtn" value="Challenge" onClick="DoChallengeSelectedKey();"> --> 
+          <input type="button" id="blinkbtn" name="blinkbtn" value="Blink" onClick="DoBlinkCOOLKey();">  
+
+          <input type="button" id="canclebtn" name="canclebtn" value="Cancel" onClick="DoCancelOperation();">
+
+
+        <!--  <input type="button" id="helpbtn" name="helpbtn" value="Help" onClick="DoHelp();"> -->
+        </td>
+      </tr>
+    </table>
+    <table width="100%">
+      <tr>
+      <!--  <td valign="center" align="right">
+          <h5><a href="esc.cgi?">Enterprise Security  Admin Page</a></h5>
+        </td> -->
+      </tr>
+    </table>
+  </form>
+  <table width="100%">
+    <tr>
+      <td valign="center" align="left" style="width: 200px;">
+        <div id="cylon1" class="cylon" style="width: 200px; height: 10px;">
+          <div id="eye1" class="cylonEye" style="top: 0px; left: 0px; width: 28px; height: 8px; visibility: hidden;"></div>
+        </div>
+      </td>
+      <td valign="center" align="left" id="statusMsg"></td>
+    </tr>
+  </table>
+</body></html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/TokenPin.html b/dogtag/tps-ui/shared/docroot/esc/TokenPin.html
new file mode 100755
index 000000000..54bb8e8c0
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/TokenPin.html
@@ -0,0 +1,76 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<html>
+<head>
+<style>
+body {
+  background-color: rgb(32%,71%,75%);
+  font-family: "Arial";
+  font-size: 8pt; }
+</style>
+
+<script language = "Javascript">
+function DoSubmitData()
+{
+    var pin = document.getElementById("tokenpin").value;
+
+    var pin_confirm = document.getElementById("tokenpincf").value;
+
+    if(!pin || !pin_confirm )
+    {
+        alert("Please Enter Valid  Token Pin and confirmation value!");
+
+        return;
+    }
+    var parent = window.opener;
+
+    if(parent)
+    {
+        parent.COOLKeySetTokenPin(pin);
+
+    }
+    window.close();
+}
+</script>
+</head>
+<body>
+<b>Please Enter Your Token Pin:</b>
+<form>
+<table>
+<TR>
+<TD align="left">
+<font size=-2>Token Pin:</font><BR>
+<INPUT input type="password" id="tokenpin"  name="tokenpin" value="" size=25><BR>
+</TD>
+</TR>
+<TR>
+<TD align="left">
+<font size=-2>Token Pin:(Confirm)</font><br>
+<INPUT type="password"  id="tokenpincf"  name="tokenpincf" value="" size=25><BR>
+</TD>
+</TR>
+<BR>
+<TR>
+<TD>
+<INPUT type ="button" id="Submit" value="Submit" onClick="DoSubmitData();"
+</TD>
+</TR>
+</table>
+</form>
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/demo/EnrollSuccess.html b/dogtag/tps-ui/shared/docroot/esc/demo/EnrollSuccess.html
new file mode 100644
index 000000000..bcd3e34d0
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/demo/EnrollSuccess.html
@@ -0,0 +1,51 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/demo/style.css" type="text/css"> 
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body  leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
+<table width="100%" border="0" cellspacing="0" cellpadding="0" class="logobar">
+  <tr> 
+    <td bgcolor="#000000">&nbsp;&nbsp;&nbsp;<img src="/demo/logo.jpg" width="250" height="50"></td>
+  </tr>
+</table>
+
+<p class="bodyText" >
+Congratulations! You have successfully Enrolled your Veracity Investments Security Smartcard! Now that you have enrolled, you will be able to use your smartcard to allow you and only you to log onto the Vercacity Investments On-Line Account Manager. 
+
+</p>
+<p class="bodyText">
+
+Begin your journey into the world of safe and secure account access by logging on to the Veracity Investments On-Line Account Manager.
+
+</p>
+
+<!--
+<a href="https://veracity.test.com/login.cgi?">Veracity Investments Account Manager</a></p>
+
+-->
+ 
+</body>
+
+</html>
+
diff --git a/dogtag/tps-ui/shared/docroot/esc/demo/GenericAuth.html b/dogtag/tps-ui/shared/docroot/esc/demo/GenericAuth.html
new file mode 100755
index 000000000..38ccd3262
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/demo/GenericAuth.html
@@ -0,0 +1,537 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(../images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/demo/logo.jpg b/dogtag/tps-ui/shared/docroot/esc/demo/logo.jpg
new file mode 100644
index 000000000..7cb31affc
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/demo/logo.jpg
diff --git a/dogtag/tps-ui/shared/docroot/esc/demo/style.css b/dogtag/tps-ui/shared/docroot/esc/demo/style.css
new file mode 100755
index 000000000..bcd289bdb
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/demo/style.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+body {
+background-color: grey;
+        font-family: arial;
+        font-size: 7p
+
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+};
+
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+h2 {
+  font-size: 12pt;
+}
+
+.logobar {
+
+  background-color:black;
+  font-family: "Arial";
+  font-size: 7p;
+
+}
+
+.headerText {
+  font-family: "Arial";
+  font-size: 14pt;
+  font-weight: bold; 
+  color: white;
+}
+
+.titleText {
+  font-family: "Arial";
+  font-size: 10pt;
+}
+
+.bodyText {
+  font-family: "Arial";
+  font-size: 10pt;
+  color: white;
+}
+
+.formText {
+  font-family: "Arial";
+  font-size: 9pt;
+  color: black;
+
+}
+
+.linkText {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+#BindingTable {
+  background-color: #ffffff ;
+  font-size: 7pt;
+}
+
+#BindingTable th {
+  color: rgb(0, 0, 0);
+  background-color:  #fffffe;
+  font-size: 7pt;
+}
+
+#BindingTable tr {
+  background-color: #fffffe;
+  font-size: 7pt;
+}
+
+tr [COOLKeyPresent="yes"]{
+  background-color: rgb(255, 0, 0);
+}
+
+.cylon {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+}
+
+.cylonEye {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+}
+
+#statusMsg {
+  font-weight: bold;
+}
+
+.ProgressMeter {
+  position: relative;
+  padding: 0px;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+  text-align: center;
+}
+
+.ProgressBar {
+  position: absolute;
+  z-index: 0;
+  top: 0px;
+  left: 0px;
+  border-right: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+  margin: 0px;
+}
+
+.ProgressBarStatus {
+  position: relative;
+  z-index: 10;
+  margin: 0px;
+  padding: 0px;
+
+}
+
+.KeyTableHeader {
+  color: rgb(0,0, 0);
+  background-color: #ffffff;
+  text-align: left;
+}
+                                                                                
+#KeyTable td {
+  background-color: #ffffff;
+  padding-left: 3px;
+  padding-right: 3px;
+};
+                                                                                
+.TableDescriptionPanel {
+  background-color: #ffffff);
+  margin-right: 5px;
+  margin-left: 5px;
+  margin-bottom: 0px;
+  margin-bottom: 5px;
+  padding: 5px;
+}
+                                                                                
+.PurchasePanel {
+  width: 100%;
+  text-align: center;
+  padding-top: 5px;
+  padding-bottom: 5px;
+}
+                                                                                
+.NeedQuestionText {
+  font-size: 16pt;
+  font-weight: bold;
+}
+
+.COOLHeaderText {
+  font-family: "Arial";
+  font-size: 20pt;
+  font-weight: bold;
+}
+                                                                                
+.ContentTable {
+  background-color: #ffffff;
+  margin: 0px;
+}
+                                                                                
+form {
+  margin: 0px;
+  padding: 0px;
+};
+                                                                                
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+                                                                                
+table {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+.TableTitle {
+  font-size: 12pt;
+  font-weight: bold;
+}
+
+.PageHeader {
+  width: 100%;
+  border-bottom: solid black 1px;
+  vertical-align: center;
+  background-color: #ffffff;
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/demo/util.js b/dogtag/tps-ui/shared/docroot/esc/demo/util.js
new file mode 100755
index 000000000..d5707e0f4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/demo/util.js
@@ -0,0 +1,1503 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact Veracify Investments Technical Support at 1-555-555-VERACI";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Veracify Investments");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid Veracify Account Name!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Veracify Key Password!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Veracify Key Password values you entered do not match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid Veracify Account Number !");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/demo/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/home/EnrollSuccess.html b/dogtag/tps-ui/shared/docroot/esc/home/EnrollSuccess.html
new file mode 100644
index 000000000..0148daba9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/home/EnrollSuccess.html
@@ -0,0 +1,46 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/home/style.css" type="text/css"> 
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body  leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
+<table width="100%" border="0" cellspacing="0" cellpadding="0" class="logobar">
+  <tr> 
+    <td bgcolor="#000000">&nbsp;&nbsp;&nbsp;<img src="/esc/home/logo.jpg" width="250" height="50"></td>
+  </tr>
+</table>
+
+<p class="bodyText" >
+Congratulations! You have successfully Enrolled your Smartcard! Now that you have enrolled, you will be able to use your smartcard to allow you and only you to log onto the available Smartcard-protected services.
+
+</p>
+<p class="bodyText">
+
+Begin your journey into the world of safe and secure account access by logging on to the available Smartcard-protected services.
+
+</p>
+
+</body>
+
+</html>
+
diff --git a/dogtag/tps-ui/shared/docroot/esc/home/GenericAuth.html b/dogtag/tps-ui/shared/docroot/esc/home/GenericAuth.html
new file mode 100755
index 000000000..9b28a1145
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/home/GenericAuth.html
@@ -0,0 +1,538 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(../images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/home/logo.jpg b/dogtag/tps-ui/shared/docroot/esc/home/logo.jpg
new file mode 100644
index 000000000..7cb31affc
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/home/logo.jpg
diff --git a/dogtag/tps-ui/shared/docroot/esc/home/style.css b/dogtag/tps-ui/shared/docroot/esc/home/style.css
new file mode 100755
index 000000000..bcd289bdb
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/home/style.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+body {
+background-color: grey;
+        font-family: arial;
+        font-size: 7p
+
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+};
+
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+h2 {
+  font-size: 12pt;
+}
+
+.logobar {
+
+  background-color:black;
+  font-family: "Arial";
+  font-size: 7p;
+
+}
+
+.headerText {
+  font-family: "Arial";
+  font-size: 14pt;
+  font-weight: bold; 
+  color: white;
+}
+
+.titleText {
+  font-family: "Arial";
+  font-size: 10pt;
+}
+
+.bodyText {
+  font-family: "Arial";
+  font-size: 10pt;
+  color: white;
+}
+
+.formText {
+  font-family: "Arial";
+  font-size: 9pt;
+  color: black;
+
+}
+
+.linkText {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+#BindingTable {
+  background-color: #ffffff ;
+  font-size: 7pt;
+}
+
+#BindingTable th {
+  color: rgb(0, 0, 0);
+  background-color:  #fffffe;
+  font-size: 7pt;
+}
+
+#BindingTable tr {
+  background-color: #fffffe;
+  font-size: 7pt;
+}
+
+tr [COOLKeyPresent="yes"]{
+  background-color: rgb(255, 0, 0);
+}
+
+.cylon {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+}
+
+.cylonEye {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+}
+
+#statusMsg {
+  font-weight: bold;
+}
+
+.ProgressMeter {
+  position: relative;
+  padding: 0px;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+  text-align: center;
+}
+
+.ProgressBar {
+  position: absolute;
+  z-index: 0;
+  top: 0px;
+  left: 0px;
+  border-right: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+  margin: 0px;
+}
+
+.ProgressBarStatus {
+  position: relative;
+  z-index: 10;
+  margin: 0px;
+  padding: 0px;
+
+}
+
+.KeyTableHeader {
+  color: rgb(0,0, 0);
+  background-color: #ffffff;
+  text-align: left;
+}
+                                                                                
+#KeyTable td {
+  background-color: #ffffff;
+  padding-left: 3px;
+  padding-right: 3px;
+};
+                                                                                
+.TableDescriptionPanel {
+  background-color: #ffffff);
+  margin-right: 5px;
+  margin-left: 5px;
+  margin-bottom: 0px;
+  margin-bottom: 5px;
+  padding: 5px;
+}
+                                                                                
+.PurchasePanel {
+  width: 100%;
+  text-align: center;
+  padding-top: 5px;
+  padding-bottom: 5px;
+}
+                                                                                
+.NeedQuestionText {
+  font-size: 16pt;
+  font-weight: bold;
+}
+
+.COOLHeaderText {
+  font-family: "Arial";
+  font-size: 20pt;
+  font-weight: bold;
+}
+                                                                                
+.ContentTable {
+  background-color: #ffffff;
+  margin: 0px;
+}
+                                                                                
+form {
+  margin: 0px;
+  padding: 0px;
+};
+                                                                                
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+                                                                                
+table {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+.TableTitle {
+  font-size: 12pt;
+  font-weight: bold;
+}
+
+.PageHeader {
+  width: 100%;
+  border-bottom: solid black 1px;
+  vertical-align: center;
+  background-color: #ffffff;
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/home/util.js b/dogtag/tps-ui/shared/docroot/esc/home/util.js
new file mode 100755
index 000000000..6e03a94af
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/home/util.js
@@ -0,0 +1,1502 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact your Technical Support";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Smart Card Manager");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid LDAP User ID!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Key Password!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Key Password values you entered do not match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid LDAP User ID !");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/home/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/BannerBackground.gif b/dogtag/tps-ui/shared/docroot/esc/images/BannerBackground.gif
new file mode 100755
index 000000000..55d41f6ea
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/BannerBackground.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/CancelButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/CancelButton.gif
new file mode 100755
index 000000000..5b2f7e53a
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/CancelButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/CloseButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/CloseButton.gif
new file mode 100755
index 000000000..f0a8230a1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/CloseButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/ContinueButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/ContinueButton.gif
new file mode 100755
index 000000000..3a6867258
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/ContinueButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/HelpButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/HelpButton.gif
new file mode 100755
index 000000000..43e55dce2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/HelpButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/NetKey-Small.gif b/dogtag/tps-ui/shared/docroot/esc/images/NetKey-Small.gif
new file mode 100755
index 000000000..6fed0d5ce
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/NetKey-Small.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/NetKeyInsert.gif b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyInsert.gif
new file mode 100755
index 000000000..4fb74b2b7
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyInsert.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/NetKeyLogo.gif b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyLogo.gif
new file mode 100755
index 000000000..53af00410
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyLogo.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/NetKeyPair.gif b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyPair.gif
new file mode 100755
index 000000000..b1ff91b5e
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyPair.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/NetKeyProgress.gif b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyProgress.gif
new file mode 100755
index 000000000..aaadf358f
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyProgress.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/NetKeyQuestionMark.gif b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyQuestionMark.gif
new file mode 100755
index 000000000..b12a77908
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/NetKeyQuestionMark.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/OKButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/OKButton.gif
new file mode 100755
index 000000000..64d69e440
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/OKButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/PadLock.gif b/dogtag/tps-ui/shared/docroot/esc/images/PadLock.gif
new file mode 100755
index 000000000..5e4e044c8
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/PadLock.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/PurchaseButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/PurchaseButton.gif
new file mode 100755
index 000000000..beb0dacab
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/PurchaseButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/ReactivateButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/ReactivateButton.gif
new file mode 100755
index 000000000..86de2eb68
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/ReactivateButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/ReleaseButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/ReleaseButton.gif
new file mode 100755
index 000000000..7ab79be8c
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/ReleaseButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/SecureButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/SecureButton.gif
new file mode 100755
index 000000000..fc37f2a77
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/SecureButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/SuspendButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/SuspendButton.gif
new file mode 100755
index 000000000..24ac0337a
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/SuspendButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/TryAgainButton.gif b/dogtag/tps-ui/shared/docroot/esc/images/TryAgainButton.gif
new file mode 100755
index 000000000..e71934677
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/TryAgainButton.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/bg.jpg b/dogtag/tps-ui/shared/docroot/esc/images/bg.jpg
new file mode 100755
index 000000000..56a4af048
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/bg.jpg
diff --git a/dogtag/tps-ui/shared/docroot/esc/images/logo.gif b/dogtag/tps-ui/shared/docroot/esc/images/logo.gif
new file mode 100644
index 000000000..2d1ea5579
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/images/logo.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/EnrollSuccess.html b/dogtag/tps-ui/shared/docroot/esc/so/EnrollSuccess.html
new file mode 100644
index 000000000..aa2cd7907
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/EnrollSuccess.html
@@ -0,0 +1,46 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/esc/so/style.css" type="text/css"> 
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+</head>
+
+<body  leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">
+<div id="header">
+  <div id="logo">
+      <center><h3><!--<img align=bottom src="/esc/sow/images/logo.gif">-->Security Officer Station</h3></center>
+  </div>
+</div>
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+<blockquote><strong>Congratulations!</strong> You have successfully Enrolled your Security Officer Smartcard! Now that you have enrolled, you will be able to access the Security Officer Workstation.</blockquote>
+<br/>
+
+</div>
+</div>
+</body>
+
+</html>
+
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/GenericAuth.html b/dogtag/tps-ui/shared/docroot/esc/so/GenericAuth.html
new file mode 100755
index 000000000..9b28a1145
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/GenericAuth.html
@@ -0,0 +1,538 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(../images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/images/indicator.gif b/dogtag/tps-ui/shared/docroot/esc/so/images/indicator.gif
new file mode 100755
index 000000000..5dafb9cb7
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/images/indicator.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/images/logo.gif b/dogtag/tps-ui/shared/docroot/esc/so/images/logo.gif
new file mode 100755
index 000000000..2d1ea5579
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/images/logo.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/logo.jpg b/dogtag/tps-ui/shared/docroot/esc/so/logo.jpg
new file mode 100644
index 000000000..7cb31affc
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/logo.jpg
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/style.css b/dogtag/tps-ui/shared/docroot/esc/so/style.css
new file mode 100755
index 000000000..bcd289bdb
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/style.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+body {
+background-color: grey;
+        font-family: arial;
+        font-size: 7p
+
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+};
+
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+h2 {
+  font-size: 12pt;
+}
+
+.logobar {
+
+  background-color:black;
+  font-family: "Arial";
+  font-size: 7p;
+
+}
+
+.headerText {
+  font-family: "Arial";
+  font-size: 14pt;
+  font-weight: bold; 
+  color: white;
+}
+
+.titleText {
+  font-family: "Arial";
+  font-size: 10pt;
+}
+
+.bodyText {
+  font-family: "Arial";
+  font-size: 10pt;
+  color: white;
+}
+
+.formText {
+  font-family: "Arial";
+  font-size: 9pt;
+  color: black;
+
+}
+
+.linkText {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+#BindingTable {
+  background-color: #ffffff ;
+  font-size: 7pt;
+}
+
+#BindingTable th {
+  color: rgb(0, 0, 0);
+  background-color:  #fffffe;
+  font-size: 7pt;
+}
+
+#BindingTable tr {
+  background-color: #fffffe;
+  font-size: 7pt;
+}
+
+tr [COOLKeyPresent="yes"]{
+  background-color: rgb(255, 0, 0);
+}
+
+.cylon {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+}
+
+.cylonEye {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+}
+
+#statusMsg {
+  font-weight: bold;
+}
+
+.ProgressMeter {
+  position: relative;
+  padding: 0px;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+  text-align: center;
+}
+
+.ProgressBar {
+  position: absolute;
+  z-index: 0;
+  top: 0px;
+  left: 0px;
+  border-right: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+  margin: 0px;
+}
+
+.ProgressBarStatus {
+  position: relative;
+  z-index: 10;
+  margin: 0px;
+  padding: 0px;
+
+}
+
+.KeyTableHeader {
+  color: rgb(0,0, 0);
+  background-color: #ffffff;
+  text-align: left;
+}
+                                                                                
+#KeyTable td {
+  background-color: #ffffff;
+  padding-left: 3px;
+  padding-right: 3px;
+};
+                                                                                
+.TableDescriptionPanel {
+  background-color: #ffffff);
+  margin-right: 5px;
+  margin-left: 5px;
+  margin-bottom: 0px;
+  margin-bottom: 5px;
+  padding: 5px;
+}
+                                                                                
+.PurchasePanel {
+  width: 100%;
+  text-align: center;
+  padding-top: 5px;
+  padding-bottom: 5px;
+}
+                                                                                
+.NeedQuestionText {
+  font-size: 16pt;
+  font-weight: bold;
+}
+
+.COOLHeaderText {
+  font-family: "Arial";
+  font-size: 20pt;
+  font-weight: bold;
+}
+                                                                                
+.ContentTable {
+  background-color: #ffffff;
+  margin: 0px;
+}
+                                                                                
+form {
+  margin: 0px;
+  padding: 0px;
+};
+                                                                                
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+                                                                                
+table {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+.TableTitle {
+  font-size: 12pt;
+  font-weight: bold;
+}
+
+.PageHeader {
+  width: 100%;
+  border-bottom: solid black 1px;
+  vertical-align: center;
+  background-color: #ffffff;
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/so/util.js b/dogtag/tps-ui/shared/docroot/esc/so/util.js
new file mode 100755
index 000000000..ccd81ee84
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/so/util.js
@@ -0,0 +1,1513 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact your Technical Support";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "soKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Smart Card Manager");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+  if (UserOnDoneInitializeBindingTable) {
+    UserOnDoneInitializeBindingTable();
+  }
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid LDAP User ID!");
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Key Password!");
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Key Password values you entered do not match!");
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid LDAP User ID !");
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "soKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+
+  if(!Validate())
+     return;
+
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  if (UserOnCOOLKeyStateError) {
+    UserOnCOOLKeyStateError(); // call user-level
+  }
+
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "soKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      if(UserOnCOOLKeyStatusUpdate)
+          UserOnCOOLKeyStatusUpdate(data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/so/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/EnrollSuccess.html b/dogtag/tps-ui/shared/docroot/esc/sow/EnrollSuccess.html
new file mode 100644
index 000000000..544cb2fb9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/EnrollSuccess.html
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<link rel=stylesheet href="/esc/sow/style.css" type="text/css"> 
+<title>Success!</title>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel="stylesheet" href="/esc/sow/css/style.css" media="screen" type="text/css">
+</head>
+
+<body>
+
+
+<div id="header">
+  <div id="logo">
+      <center><h3><!--<img align=bottom src="/esc/sow/images/logo.gif">-->Security Officer Station</h3></center>
+  </div>
+</div>
+
+
+<div id="content">
+  <div id="maintext">
+     <div id="topmenu">
+    | <a href="/cgi-bin/sow/main.cgi">Main</a> |
+     </div>
+<blockquote><strong>Congratulations!</strong> This user has successfully enrolled the Smartcard! Now that this user has enrolled, he/she will be able to use the smartcard to log onto all available Smartcard-protected services.</blockquote>
+<br/>
+
+</div>
+</div>
+
+</body>
+
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/GenericAuth.html b/dogtag/tps-ui/shared/docroot/esc/sow/GenericAuth.html
new file mode 100755
index 000000000..9b28a1145
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/GenericAuth.html
@@ -0,0 +1,538 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2009 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+<head>
+<style>
+
+body {
+background: #ffffff url(../images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7pt;
+
+}
+
+h1
+{
+   text-align: left;
+
+   font-weight: bold;
+
+   font-size: 13pt;
+
+
+}
+
+
+h2 {
+
+    text-align: left;
+    font-size: 10pt; 
+
+    font-weight: lighter;
+}
+
+</style>
+<script language = "Javascript">
+
+var test_ui = "id=USER_ID&name=User ID&desc=User ID&type=string&option=option1,option2,option3&&id=USER_PWD&name=User Password&desc=User Password&type=password&option=&&id=USER_PIN&name=PIN&desc=One time PIN received via mail&type=password&option=";
+
+var theForm = null;
+var curKeyID = null;
+var curKeyType = 0; 
+
+
+var gTitle = null;
+var gDescription = null;
+
+
+
+function ConfirmPassword(password_element)
+{
+
+  if(!password_element)
+      return 0;
+
+  password_id = password_element.id;
+
+  if(!password_id)
+     return 0;
+
+  confirm_id = "RE_" + password_element.id;
+
+  var size = theForm.length;
+
+  if(theForm)
+  {
+      for(i = 0; i < size ; i++)
+      {
+         var cur_element = theForm.elements[i];
+  
+         if(cur_element.id == confirm_id)
+         {
+             if(cur_element.value != password_element.value)
+             {
+                 alert("Value " + password_element.name + " must match " + cur_element.name);
+                 return 0;
+
+             }
+             else
+             {
+                 return 1;
+             } 
+
+         } 
+
+      }
+
+  }
+
+  return 1;
+}
+
+function Validate()
+{
+    if(theForm)
+    {
+         var size = theForm.length;
+ 
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             if(element.type == "text" )
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0; 
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 if(element.value == "")
+                 {
+                     alert("Please enter value for " + element.name);
+                     return 0;
+                 }
+
+                 if(!ConfirmPassword(element))
+                 {
+                     return 0;
+                 }
+
+             } 
+         } 
+   
+    }
+
+    return 1;
+}
+
+function FormSubmit()
+{
+    var result = Validate();
+
+    var thisParent = window.opener;
+
+    if(!parent)
+    {
+        alert("No parent window.");
+        window.close(); 
+        return; 
+    }
+  
+    if(!result)
+    {
+        return;
+    }
+
+    if(theForm)
+    {
+         var size = theForm.length;
+         for( i = 0; i < size ; i++)
+         {
+             var element = theForm.elements[i];
+
+             var value = element.value;
+
+             if(element.type == "text" )
+             {
+                 var id = element.id;
+                 value = element.value;
+
+                 if(thisParent)
+                 {
+                     //alert("about to set data value key " + curKeyID + " id " + id + " value " + value);
+                     thisParent.COOLKeySetDataValue(curKeyType,curKeyID,id,value);
+
+                 }
+             }
+
+             if(element.type == "password")
+             {
+                 var p_id = new String(element.id);
+
+                 if(p_id.indexOf("RE_") == -1)
+                 {                   
+                     if(thisParent)
+                     {
+                         thisParent.COOLKeySetDataValue(curKeyType,curKeyID,p_id,value); 
+                     }
+                 }
+             }
+         }
+
+     }
+   
+     window.close(); 
+}
+
+function GetUIObjectList(uiData)
+{
+    var  str = new String(uiData);
+    var splits = str.split("&&");
+
+//    alert("Get " + splits + " len " + splits.length);
+
+    var params = new Array();
+    var size = splits.length;
+
+    for(i = 0 ; i <  size ; i++)
+    {
+       params[i] = splits[i].split("&");
+    }
+
+    size = params.length;
+    var name_value_objects = new Array();
+
+    for(i = 0 ; i < size; i++)
+    {
+         var name_values = new Array();
+
+         pISize = params[i].length;
+         for(j = 0 ;  j < pISize ; j ++)
+         {
+             var pair = params[i][j].split("=");
+
+             //alert(" pair " + pair[0] + " pair1 " + pair[1]);
+
+             if(pair[0] == "option")
+             {
+                 var options = pair[1].split(",");
+             }
+
+             name_values[pair[0]] = pair[1];
+         }
+
+         name_value_objects[i] = name_values;
+    }
+
+    return name_value_objects;
+
+}
+
+function AddBRToNode(theNode)
+{
+
+   if(!theNode)
+       return;
+
+   var br = document.createElement("br");
+
+   theNode.appendChild(br);
+
+}
+
+function AddTextToNode(theNode,theText)
+{
+
+    if(!theNode || !theText)
+        return;
+
+
+    var text = document.createTextNode(theText);
+
+    theNode.appendChild(text);
+      
+
+
+
+}
+function AddTextToDocument(theText)
+{
+    if(!theText)
+         return;
+
+     var p = document.createElement("p");
+
+     if(p)
+     {
+         p.appendChild(document.createTextNode(theText));
+     } 
+
+     document.body.appendChild(p);
+}
+
+function CreateForm()
+{
+    var form = document.createElement("form");
+    document.body.appendChild(form);
+    return form;
+}
+
+function CreateTable()
+{
+  var table = document.createElement("table");
+  document.body.appendChild(table);
+  tbody = document.createElement("tbody");
+  table.appendChild(tbody);
+
+  return table;
+}
+
+function AddRowToTable(table)
+{
+    if(!table)
+        return null;
+
+    var tr = document.createElement("tr");
+    (table.tBodies[0]).appendChild(tr);
+
+    return tr; 
+}
+
+function AddColumnToRow(row)
+{
+  if(!row)
+     return null;
+
+  var td = document.createElement("td");
+  row.appendChild(td);
+
+  return td;
+}
+
+function AddTextToColumn(column,text)
+{
+   if(!column || !text)
+       return;
+
+   var text_node = document.createTextNode(text);
+   column.appendChild(text_node);
+
+   return text_node;
+}
+
+function AddInputField(type,id, name,value)
+{
+    var    field = document.createElement("input");
+   
+    if(!field)
+        return null;
+  
+    field.type =  type;   
+    field.id =id;
+    field.name =name;
+    field.value =value;
+
+    return field;
+}
+
+function ConstructUI(aKeyType,aKeyID,uiData)
+{
+
+    //alert("Construct UI data " + uiData);
+    var name_value_objects = GetUIObjectList(uiData);
+    var len = name_value_objects.length;
+
+    gTitle = document.createElement("h1");
+
+    gDescription = document.createElement("h2");
+
+
+    document.body.appendChild(gTitle);
+
+
+    document.body.appendChild(gDescription);
+
+
+    form = CreateForm(); 
+    theForm = form;
+    curKeyID = aKeyID;
+    curKeyType = aKeyType;
+
+    table = CreateTable();
+
+    form.appendChild(table);
+
+    for(i = 0 ; i < len ; i ++)
+    {
+        curParameter = name_value_objects[i];
+
+        if(curParameter)
+        {
+
+            title = curParameter["title"];
+
+
+            if(title)
+            {
+                //alert("title " + title);
+
+                AddTextToNode(gTitle,title);
+ 
+
+            }
+
+            description = curParameter["description"];
+
+            if(description)
+            {
+               AddBRToNode(document.body);
+               AddBRToNode(document.body);
+
+               AddTextToNode(gDescription,description);
+
+               AddBRToNode(document.body);
+
+            }
+
+            id   = curParameter["id"];
+            name = curParameter["name"];
+            type = curParameter["type"];
+            desc = curParameter["desc"]; 
+
+            //alert(" id " + id + " name " + name + " type " + type + " desc " + desc); 
+
+            if(id)
+            {
+               if(table)
+               {
+                   row = AddRowToTable(table);
+               }
+
+               if(row)
+               {
+                   column = AddColumnToRow(row);
+               }
+
+               if(column)
+               {
+                    AddTextToColumn(column,name);
+               }
+
+               if(type == "string" || type == "integer")
+               {
+                   field = AddInputField("text",id,name,"");
+               }
+
+               re_field = null;
+ 
+               if(type == "password")
+               {
+                   field = AddInputField("password",id,name,"");
+               }
+
+               if(type == "hidden")
+               {
+                   field = AddInputField("hidden",id,name,"");
+               } 
+
+               if(field)
+               {
+                   field_col = AddColumnToRow(row);                
+                   if(field_col)
+                   {
+                       field_col.appendChild(field);
+                   }
+               }
+
+               if(re_field)
+               {
+                 re_text = AddColumnToRow(row);
+
+                 if(re_text)
+                 {
+                     AddTextToColumn(re_text,"Confirm " + name);
+                     re_field_col = AddColumnToRow(row);
+                     if(re_field_col)
+                     {
+                         re_field_col.appendChild(re_field);
+                     }
+                   
+                 } 
+
+               }
+           }
+
+        }
+
+    }
+
+    var last_row = AddRowToTable(table);
+
+    if(last_row)
+    {
+        var button_field = AddColumnToRow(last_row);
+
+        if(button_field)
+        {
+           var button = AddInputField("button","Submit","Submit","Submit");
+            button.onclick = FormSubmit;
+            button_field.appendChild(button);
+
+        }
+
+    } 
+}
+
+function UiLoad()
+{
+
+
+   var thisParent = window.opener;
+
+
+   if(!thisParent)
+   {
+        alert("Auth dialog has no parent!");
+        return;
+   }
+
+   var keyID =  this.name;
+
+   var ui = thisParent.getUIForKey(keyID); 
+
+   var type = thisParent.getTypeForKey(keyID);
+
+   //alert("UiLoad " + ui);
+
+   if(ui)
+   {
+       ConstructUI(type,keyID,ui);
+   }
+}
+
+</script>
+</head>
+<body onload = "UiLoad()"> 
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/css/style.css b/dogtag/tps-ui/shared/docroot/esc/sow/css/style.css
new file mode 100644
index 000000000..c60e713d2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/css/style.css
@@ -0,0 +1,277 @@
+html, body {
+	margin: 0; padding: 0;
+	text-align: center;
+	background-color: #A1B3C9;
+}
+
+h1,h3,h3 {
+	margin: 0; padding: 0;
+}
+
+#content {
+	width: 450px;
+/*
+	width: 760px;
+*/
+	text-align: center;
+	margin: auto;
+}
+
+#header{
+
+/*
+	width: 760px;
+	height: 50px;
+*/
+	width: 300px;
+	height: 30px;
+	text-align: left;
+	margin: auto;
+	}
+	
+#logo{
+	float: left;
+	height: auto;
+/*
+	width: 250px;
+*/
+	width: 450px;
+	margin: 5px;
+	padding-top: 10px;
+	padding-right: 0px;
+	padding-bottom: 0px;
+	font-size:1.5em;
+/*
+	padding-left: 10px;
+*/
+	padding-left: 5px;
+}
+	
+#topmenu{
+	width: 450px;
+	top: 5px;
+/*
+	width: 400px;
+	margin-left: 310px;
+*/
+	margin-left: 0px;
+	padding-top: 5px;
+	padding-right: 0px;
+	font-size:1.5em;
+/*
+	padding-left: 30px;
+*/
+	padding-left: 0px;
+	font-family:"Lucida Grande","Lucida Sans Unicode",arial,sans-serif;
+	font-size:1.0em;
+	color:#DBDFEE;
+	
+}
+
+#topmenu a{
+	text-decoration:none;
+	color:#DBDFEE;
+	
+}
+
+#topmenu a:hover{
+	color:#ffffff;
+	background-color:#939FB2;
+	
+}
+
+
+#content {
+/*
+	margin-top: 40px;
+*/
+	margin-top: 10px;
+	padding-bottom: 40px;
+}
+
+
+#maintext {
+	width: 450px;
+/*
+	width: 520px;
+	margin-left: 20px;
+*/
+	margin-left: 5px;
+	text-align:justify;
+} 
+
+#maintext a{
+	text-decoration:none;
+	color:#ffffff;
+	border-bottom:1px dotted #ffffff;
+}
+
+#maintext a:hover{
+	color:#ffffff;
+	background-color:#939FB2;
+	
+}
+
+#rightcol {
+/*
+	width: 168px;
+*/
+	width: 0px;
+	position: absolute;
+	top: 140px;
+	margin-left: 575px;
+	background: url(/esc/sow/images/right_bg.gif) no-repeat;
+}
+
+
+#introduction{
+	float:right;
+	width:150px;
+	padding: 8px 8px 8px 8px;
+	margin:auto;
+	
+	text-align:center;
+	line-height:1.5em;
+	color:#ffffff;
+	font-size:0.8em;
+	font-family:"Lucida Grande","Lucida Sans Unicode",arial,sans-serif;
+	letter-spacing:0px;
+}
+
+#introduction ul, #introduction li {
+	text-align:center;
+	list-style: none;
+	margin: 0;
+	padding: 0;
+}
+
+
+#introduction  a{
+	text-decoration:none;
+	color:#ffffff;
+	border-bottom: none;
+}
+
+#introduction a:hover{
+	color:#ffffff;
+	background-color:#939FB2;
+	
+}
+
+#introduction h3{
+	text-align: center;
+	position:static;
+}
+
+
+html, body {
+	font: .85em/1.6em Arial, Helvetica, sans-serif;
+/*
+	font: .95em/1.6em Arial, Helvetica, sans-serif;
+	color: #FFFFFF;
+*/
+}
+
+
+p {
+	margin-bottom: 1em;
+}
+
+#footer 
+{
+	width: 100%;
+	height: 60px;
+	clear: both;
+	padding-top: 8px;
+	text-align: center;
+	border-top: 1px solid #C6D4E6;
+	color: #000000;
+	font-size: .75em;
+	background-color: #414243;
+	background-image: url(/esc/sow/images/footer.gif);
+}
+
+#footer a {
+	color: #888888;
+	text-decoration:none;
+
+}
+
+#footer p {color: #888888;}
+
+html, body {
+	background: #A1B3C9 url(/esc/sow/images/bg_grad.gif) repeat-x;
+}
+
+#content {background: url(/esc/sow/images/main_grad.gif) repeat-x;}
+
+html>body #content {
+	margin-top: 40px;
+}
+
+h1{
+	font-family:"Trebuchet MS",arial,sans-serif;
+	font-size:2.6em;
+	font-weight:normal;
+	background:#fff url(/esc/sow/images/booksmall.gif) no-repeat bottom left;
+	padding:0 0 10px 50px;
+	margin:20px 5px 5px 5px;
+}
+
+h2{
+	font-family:"Lucida Grande","Lucida Sans Unicode",arial,sans-serif;
+	font-size:1.2em;
+	margin:auto;
+	text-transform:capitalize;
+	padding:0 2px;
+}
+
+h3{
+	color: #ffffff;
+	font-family:geneva,arial,sans-serif;
+	font-weight:normal;
+	text-transform:uppercase;
+	word-spacing:4px;
+	letter-spacing:3px;
+	font-size:0.9em;
+	font-weight:bold;
+	padding:0 2px;
+	margin:0;
+}
+
+.heading{
+	color: #ffffff;
+	font-family:geneva,arial,sans-serif;
+	font-weight:normal;
+	text-transform:uppercase;
+	word-spacing:4px;
+	letter-spacing:3px;
+	font-size:0.9em;
+	font-weight:bold;
+	padding:0 2px;
+	margin:0;
+}
+
+blockquote 
+{	
+	border-left: 4px #c7d2ea solid;
+	padding:  0 0 0 10px;
+/*
+	margin: 10px 20px 10px 20px;
+*/
+	margin: 5px 20px 10px 20px;
+	letter-spacing: 0px;
+	white-space:inherit;
+	font-size:1.3em;
+}
+
+h4 
+{
+	font-weight: bold;
+	font-size: 25px;
+	text-transform: capitalize;
+	color: #DBDFEE;
+	margin: 0;
+	padding: 0;
+	letter-spacing: 3px;
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/images/indicator.gif b/dogtag/tps-ui/shared/docroot/esc/sow/images/indicator.gif
new file mode 100755
index 000000000..5dafb9cb7
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/images/indicator.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/images/logo.gif b/dogtag/tps-ui/shared/docroot/esc/sow/images/logo.gif
new file mode 100644
index 000000000..2d1ea5579
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/images/logo.gif
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/js/ajax-dynamic-list.js b/dogtag/tps-ui/shared/docroot/esc/sow/js/ajax-dynamic-list.js
new file mode 100755
index 000000000..4c89ede8a
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/js/ajax-dynamic-list.js
@@ -0,0 +1,288 @@
+/************************************************************************************************************
+Ajax dynamic list
+Copyright (C) 2006  DTHMLGoodies.com, Alf Magne Kalleland
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+
+Dhtmlgoodies.com., hereby disclaims all copyright interest in this script
+written by Alf Magne Kalleland.
+
+Alf Magne Kalleland, 2006
+Owner of DHTMLgoodies.com
+	
+************************************************************************************************************/	
+
+	var ajaxBox_offsetX = 0;
+	var ajaxBox_offsetY = 0;
+	var ajax_list_externalFile = 'ajax-list.cgi';	// Path to external file
+	var minimumLettersBeforeLookup = 1;	// Number of letters entered before a lookup is performed.
+	
+	var ajax_list_objects = new Array();
+	var ajax_list_cachedLists = new Array();
+	var ajax_list_activeInput = false;
+	var ajax_list_activeItem;
+	var ajax_list_optionDivFirstItem = false;
+	var ajax_list_currentLetters = new Array();
+	var ajax_optionDiv = false;
+	var ajax_optionDiv_iframe = false;
+
+	var ajax_list_MSIE = false;
+	if(navigator.userAgent.indexOf('MSIE')>=0 && navigator.userAgent.indexOf('Opera')<0)ajax_list_MSIE=true;
+	
+	var currentListIndex = 0;
+	
+	function ajax_getTopPos(inputObj)
+	{
+		
+	  var returnValue = inputObj.offsetTop;
+	  while((inputObj = inputObj.offsetParent) != null){
+	  	returnValue += inputObj.offsetTop;
+	  }
+	  return returnValue;
+	}
+	function ajax_list_cancelEvent()
+	{
+		return false;
+	}
+	
+	function ajax_getLeftPos(inputObj)
+	{
+	  var returnValue = inputObj.offsetLeft;
+	  while((inputObj = inputObj.offsetParent) != null)returnValue += inputObj.offsetLeft;
+	  
+	  return returnValue;
+	}
+	
+	function ajax_option_setValue(e,inputObj)
+	{
+		if(!inputObj)inputObj=this;
+		var tmpValue = inputObj.innerHTML;
+		if(ajax_list_MSIE)tmpValue = inputObj.innerText;else tmpValue = inputObj.textContent;
+		if(!tmpValue)tmpValue = inputObj.innerHTML;
+		ajax_list_activeInput.value = tmpValue;
+		if(document.getElementById(ajax_list_activeInput.name + '_hidden'))document.getElementById(ajax_list_activeInput.name + '_hidden').value = inputObj.id; 
+		ajax_options_hide();
+	}
+	
+	function ajax_options_hide()
+	{
+		ajax_optionDiv.style.display='none';	
+		if(ajax_optionDiv_iframe)ajax_optionDiv_iframe.style.display='none';
+	}
+
+	function ajax_options_rollOverActiveItem(item,fromKeyBoard)
+	{
+		if(ajax_list_activeItem)ajax_list_activeItem.className='optionDiv';
+		item.className='optionDivSelected';
+		ajax_list_activeItem = item;
+		
+		if(fromKeyBoard){
+			if(ajax_list_activeItem.offsetTop>ajax_optionDiv.offsetHeight){
+				ajax_optionDiv.scrollTop = ajax_list_activeItem.offsetTop - ajax_optionDiv.offsetHeight + ajax_list_activeItem.offsetHeight + 2 ;
+			}
+			if(ajax_list_activeItem.offsetTop<ajax_optionDiv.scrollTop)
+			{
+				ajax_optionDiv.scrollTop = 0;	
+			}
+		}
+	}
+	
+	function ajax_option_list_buildList(letters,paramToExternalFile)
+	{
+		
+		ajax_optionDiv.innerHTML = '';
+		ajax_list_activeItem = false;
+		if(ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()].length<=1){
+			ajax_options_hide();
+			return;			
+		}
+		
+		
+		
+		ajax_list_optionDivFirstItem = false;
+		var optionsAdded = false;
+		for(var no=0;no<ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()].length;no++){
+			if(ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()][no].length==0)continue;
+			optionsAdded = true;
+			var div = document.createElement('DIV');
+			var items = ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()][no].split(/###/gi);
+			
+			if(ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()].length==1 && ajax_list_activeInput.value == items[0]){
+				ajax_options_hide();
+				return;						
+			}
+			
+			
+			div.innerHTML = items[items.length-1];
+			div.id = items[0];
+			div.className='optionDiv';
+			div.onmouseover = function(){ ajax_options_rollOverActiveItem(this,false) }
+			div.onclick = ajax_option_setValue;
+			if(!ajax_list_optionDivFirstItem)ajax_list_optionDivFirstItem = div;
+			ajax_optionDiv.appendChild(div);
+		}	
+		if(optionsAdded){
+			ajax_optionDiv.style.display='block';
+			if(ajax_optionDiv_iframe)ajax_optionDiv_iframe.style.display='';
+		}
+					
+	}
+	
+	function ajax_option_list_showContent(ajaxIndex,inputObj,paramToExternalFile,whichIndex)
+	{
+		if(whichIndex!=currentListIndex)return;
+		var letters = inputObj.value;
+		var content = ajax_list_objects[ajaxIndex].response;
+		var elements = content.split('|');
+		ajax_list_cachedLists[paramToExternalFile][letters.toLowerCase()] = elements;
+		ajax_option_list_buildList(letters,paramToExternalFile);
+		
+	}
+	
+	function ajax_option_resize(inputObj)
+	{
+		ajax_optionDiv.style.top = (ajax_getTopPos(inputObj) + inputObj.offsetHeight + ajaxBox_offsetY) + 'px';
+		ajax_optionDiv.style.left = (ajax_getLeftPos(inputObj) + ajaxBox_offsetX) + 'px';
+		if(ajax_optionDiv_iframe){
+			ajax_optionDiv_iframe.style.left = ajax_optionDiv.style.left;
+			ajax_optionDiv_iframe.style.top = ajax_optionDiv.style.top;			
+		}		
+		
+	}
+	
+	function ajax_showOptions(inputObj,paramToExternalFile,e)
+	{
+		if(e.keyCode==13 || e.keyCode==9)return;
+		if(ajax_list_currentLetters[inputObj.name]==inputObj.value)return;
+		if(!ajax_list_cachedLists[paramToExternalFile])ajax_list_cachedLists[paramToExternalFile] = new Array();
+		ajax_list_currentLetters[inputObj.name] = inputObj.value;
+		if(!ajax_optionDiv){
+			ajax_optionDiv = document.createElement('DIV');
+			ajax_optionDiv.id = 'ajax_listOfOptions';	
+			document.body.appendChild(ajax_optionDiv);
+			
+			if(ajax_list_MSIE){
+				ajax_optionDiv_iframe = document.createElement('IFRAME');
+				ajax_optionDiv_iframe.border='0';
+				ajax_optionDiv_iframe.style.width = ajax_optionDiv.clientWidth + 'px';
+				ajax_optionDiv_iframe.style.height = ajax_optionDiv.clientHeight + 'px';
+				ajax_optionDiv_iframe.id = 'ajax_listOfOptions_iframe';
+				
+				document.body.appendChild(ajax_optionDiv_iframe);
+			}
+			
+			var allInputs = document.getElementsByTagName('INPUT');
+			for(var no=0;no<allInputs.length;no++){
+				if(!allInputs[no].onkeyup)allInputs[no].onfocus = ajax_options_hide;
+			}			
+			var allSelects = document.getElementsByTagName('SELECT');
+			for(var no=0;no<allSelects.length;no++){
+				allSelects[no].onfocus = ajax_options_hide;
+			}
+
+			var oldonkeydown=document.body.onkeydown;
+			if(typeof oldonkeydown!='function'){
+				document.body.onkeydown=ajax_option_keyNavigation;
+			}else{
+				document.body.onkeydown=function(){
+					oldonkeydown();
+				ajax_option_keyNavigation() ;}
+			}
+			var oldonresize=document.body.onresize;
+			if(typeof oldonresize!='function'){
+				document.body.onresize=function() {ajax_option_resize(inputObj); };
+			}else{
+				document.body.onresize=function(){oldonresize();
+				ajax_option_resize(inputObj) ;}
+			}
+				
+		}
+		
+		if(inputObj.value.length<minimumLettersBeforeLookup){
+			ajax_options_hide();
+			return;
+		}
+				
+
+		ajax_optionDiv.style.top = (ajax_getTopPos(inputObj) + inputObj.offsetHeight + ajaxBox_offsetY) + 'px';
+		ajax_optionDiv.style.left = (ajax_getLeftPos(inputObj) + ajaxBox_offsetX) + 'px';
+		if(ajax_optionDiv_iframe){
+			ajax_optionDiv_iframe.style.left = ajax_optionDiv.style.left;
+			ajax_optionDiv_iframe.style.top = ajax_optionDiv.style.top;			
+		}
+		
+		ajax_list_activeInput = inputObj;
+		ajax_optionDiv.onselectstart =  ajax_list_cancelEvent;
+		currentListIndex++;
+		if(ajax_list_cachedLists[paramToExternalFile][inputObj.value.toLowerCase()]){
+			ajax_option_list_buildList(inputObj.value,paramToExternalFile,currentListIndex);			
+		}else{
+			ajax_optionDiv.innerHTML = '';
+			var ajaxIndex = ajax_list_objects.length;
+			ajax_list_objects[ajaxIndex] = new sack();
+			var url = ajax_list_externalFile + '?' + paramToExternalFile + '=1&letters=' + inputObj.value.replace(" ","+");
+			ajax_list_objects[ajaxIndex].requestFile = url;	// Specifying which file to get
+			ajax_list_objects[ajaxIndex].onCompletion = function(){ ajax_option_list_showContent(ajaxIndex,inputObj,paramToExternalFile,currentListIndex); };	// Specify function that will be executed after file has been found
+			ajax_list_objects[ajaxIndex].runAJAX();		// Execute AJAX function		
+		}
+		
+			
+	}
+	
+	function ajax_option_keyNavigation(e)
+	{
+		if(document.all)e = event;
+		
+		if(!ajax_optionDiv)return;
+		if(ajax_optionDiv.style.display=='none')return;
+		
+		if(e.keyCode==38){	// Up arrow
+			if(!ajax_list_activeItem)return;
+			if(ajax_list_activeItem && !ajax_list_activeItem.previousSibling)return;
+			ajax_options_rollOverActiveItem(ajax_list_activeItem.previousSibling,true);
+		}
+		
+		if(e.keyCode==40){	// Down arrow
+			if(!ajax_list_activeItem){
+				ajax_options_rollOverActiveItem(ajax_list_optionDivFirstItem,true);
+			}else{
+				if(!ajax_list_activeItem.nextSibling)return;
+				ajax_options_rollOverActiveItem(ajax_list_activeItem.nextSibling,true);
+			}
+		}
+		
+		if(e.keyCode==13 || e.keyCode==9){	// Enter key or tab key
+			if(ajax_list_activeItem && ajax_list_activeItem.className=='optionDivSelected')ajax_option_setValue(false,ajax_list_activeItem);
+			if(e.keyCode==13)return false; else return true;
+		}
+		if(e.keyCode==27){	// Escape key
+			ajax_options_hide();			
+		}
+	}
+	
+	
+	document.documentElement.onclick = autoHideList;
+	
+	function autoHideList(e)
+	{
+		if(document.all)e = event;
+		
+		if (e.target) source = e.target;
+			else if (e.srcElement) source = e.srcElement;
+			if (source.nodeType == 3) // defeat Safari bug
+				source = source.parentNode;		
+		if(source.tagName.toLowerCase()!='input' && source.tagName.toLowerCase()!='textarea')ajax_options_hide();
+		
+	}
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/js/ajax.js b/dogtag/tps-ui/shared/docroot/esc/sow/js/ajax.js
new file mode 100755
index 000000000..fc342fdd1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/js/ajax.js
@@ -0,0 +1,193 @@
+/* Simple AJAX Code-Kit (SACK) v1.6.1 */
+/* �2005 Gregory Wild-Smith */
+/* www.twilightuniverse.com */
+/* Software licenced under a modified X11 licence,
+   see documentation or authors website for more details */
+
+function sack(file) {
+	this.xmlhttp = null;
+
+	this.resetData = function() {
+		this.method = "POST";
+  		this.queryStringSeparator = "?";
+		this.argumentSeparator = "&";
+		this.URLString = "";
+		this.encodeURIString = true;
+  		this.execute = false;
+  		this.element = null;
+		this.elementObj = null;
+		this.requestFile = file;
+		this.vars = new Object();
+		this.responseStatus = new Array(2);
+  	};
+
+	this.resetFunctions = function() {
+  		this.onLoading = function() { };
+  		this.onLoaded = function() { };
+  		this.onInteractive = function() { };
+  		this.onCompletion = function() { };
+  		this.onError = function() { };
+		this.onFail = function() { };
+	};
+
+	this.reset = function() {
+		this.resetFunctions();
+		this.resetData();
+	};
+
+	this.createAJAX = function() {
+		try {
+			this.xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
+		} catch (e1) {
+			try {
+				this.xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
+			} catch (e2) {
+				this.xmlhttp = null;
+			}
+		}
+
+		if (! this.xmlhttp) {
+			if (typeof XMLHttpRequest != "undefined") {
+				this.xmlhttp = new XMLHttpRequest();
+			} else {
+				this.failed = true;
+			}
+		}
+	};
+
+	this.setVar = function(name, value){
+		this.vars[name] = Array(value, false);
+	};
+
+	this.encVar = function(name, value, returnvars) {
+		if (true == returnvars) {
+			return Array(encodeURIComponent(name), encodeURIComponent(value));
+		} else {
+			this.vars[encodeURIComponent(name)] = Array(encodeURIComponent(value), true);
+		}
+	}
+
+	this.processURLString = function(string, encode) {
+		encoded = encodeURIComponent(this.argumentSeparator);
+		regexp = new RegExp(this.argumentSeparator + "|" + encoded);
+		varArray = string.split(regexp);
+		for (i = 0; i < varArray.length; i++){
+			urlVars = varArray[i].split("=");
+			if (true == encode){
+				this.encVar(urlVars[0], urlVars[1]);
+			} else {
+				this.setVar(urlVars[0], urlVars[1]);
+			}
+		}
+	}
+
+	this.createURLString = function(urlstring) {
+		if (this.encodeURIString && this.URLString.length) {
+			this.processURLString(this.URLString, true);
+		}
+
+		if (urlstring) {
+			if (this.URLString.length) {
+				this.URLString += this.argumentSeparator + urlstring;
+			} else {
+				this.URLString = urlstring;
+			}
+		}
+
+		// prevents caching of URLString
+		this.setVar("rndval", new Date().getTime());
+
+		urlstringtemp = new Array();
+		for (key in this.vars) {
+			if (false == this.vars[key][1] && true == this.encodeURIString) {
+				encoded = this.encVar(key, this.vars[key][0], true);
+				delete this.vars[key];
+				this.vars[encoded[0]] = Array(encoded[1], true);
+				key = encoded[0];
+			}
+
+			urlstringtemp[urlstringtemp.length] = key + "=" + this.vars[key][0];
+		}
+		if (urlstring){
+			this.URLString += this.argumentSeparator + urlstringtemp.join(this.argumentSeparator);
+		} else {
+			this.URLString += urlstringtemp.join(this.argumentSeparator);
+		}
+	}
+
+	this.runResponse = function() {
+		eval(this.response);
+	}
+
+	this.runAJAX = function(urlstring) {
+		if (this.failed) {
+			this.onFail();
+		} else {
+			this.createURLString(urlstring);
+			if (this.element) {
+				this.elementObj = document.getElementById(this.element);
+			}
+			if (this.xmlhttp) {
+				var self = this;
+				if (this.method == "GET") {
+					totalurlstring = this.requestFile + this.queryStringSeparator + this.URLString;
+					this.xmlhttp.open(this.method, totalurlstring, true);
+				} else {
+					this.xmlhttp.open(this.method, this.requestFile, true);
+					try {
+						this.xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")
+					} catch (e) { }
+				}
+
+				this.xmlhttp.onreadystatechange = function() {
+					switch (self.xmlhttp.readyState) {
+						case 1:
+							self.onLoading();
+							break;
+						case 2:
+							self.onLoaded();
+							break;
+						case 3:
+							self.onInteractive();
+							break;
+						case 4:
+							self.response = self.xmlhttp.responseText;
+							self.responseXML = self.xmlhttp.responseXML;
+							self.responseStatus[0] = self.xmlhttp.status;
+							self.responseStatus[1] = self.xmlhttp.statusText;
+
+							if (self.execute) {
+								self.runResponse();
+							}
+
+							if (self.elementObj) {
+								elemNodeName = self.elementObj.nodeName;
+								elemNodeName.toLowerCase();
+								if (elemNodeName == "input"
+								|| elemNodeName == "select"
+								|| elemNodeName == "option"
+								|| elemNodeName == "textarea") {
+									self.elementObj.value = self.response;
+								} else {
+									self.elementObj.innerHTML = self.response;
+								}
+							}
+							if (self.responseStatus[0] == "200") {
+								self.onCompletion();
+							} else {
+								self.onError();
+							}
+
+							self.URLString = "";
+							break;
+					}
+				};
+
+				this.xmlhttp.send(this.URLString);
+			}
+		}
+	};
+
+	this.reset();
+	this.createAJAX();
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/js/effects.js b/dogtag/tps-ui/shared/docroot/esc/sow/js/effects.js
new file mode 100755
index 000000000..d3940a82b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/js/effects.js
@@ -0,0 +1,903 @@
+// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// Contributors:
+//  Justin Palmer (http://encytemedia.com/)
+//  Mark Pilgrim (http://diveintomark.org/)
+//  Martin Bialasinki
+// 
+// See scriptaculous.js for full license.  
+
+/* ------------- element ext -------------- */  
+ 
+// converts rgb() and #xxx to #xxxxxx format,  
+// returns self (or first argument) if not convertable  
+String.prototype.parseColor = function() {  
+  var color = '#';  
+  if(this.slice(0,4) == 'rgb(') {  
+    var cols = this.slice(4,this.length-1).split(',');  
+    var i=0; do { color += parseInt(cols[i]).toColorPart() } while (++i<3);  
+  } else {  
+    if(this.slice(0,1) == '#') {  
+      if(this.length==4) for(var i=1;i<4;i++) color += (this.charAt(i) + this.charAt(i)).toLowerCase();  
+      if(this.length==7) color = this.toLowerCase();  
+    }  
+  }  
+  return(color.length==7 ? color : (arguments[0] || this));  
+}
+
+Element.collectTextNodes = function(element) {  
+  return $A($(element).childNodes).collect( function(node) {
+    return (node.nodeType==3 ? node.nodeValue : 
+      (node.hasChildNodes() ? Element.collectTextNodes(node) : ''));
+  }).flatten().join('');
+}
+
+Element.collectTextNodesIgnoreClass = function(element, className) {  
+  return $A($(element).childNodes).collect( function(node) {
+    return (node.nodeType==3 ? node.nodeValue : 
+      ((node.hasChildNodes() && !Element.hasClassName(node,className)) ? 
+        Element.collectTextNodes(node) : ''));
+  }).flatten().join('');
+}
+
+Element.setStyle = function(element, style) {
+  element = $(element);
+  for(k in style) element.style[k.camelize()] = style[k];
+}
+
+Element.setContentZoom = function(element, percent) {  
+  Element.setStyle(element, {fontSize: (percent/100) + 'em'});   
+  if(navigator.appVersion.indexOf('AppleWebKit')>0) window.scrollBy(0,0);  
+}
+
+Element.getOpacity = function(element){  
+  var opacity;
+  if (opacity = Element.getStyle(element, 'opacity'))  
+    return parseFloat(opacity);  
+  if (opacity = (Element.getStyle(element, 'filter') || '').match(/alpha\(opacity=(.*)\)/))  
+    if(opacity[1]) return parseFloat(opacity[1]) / 100;  
+  return 1.0;  
+}
+
+Element.setOpacity = function(element, value){  
+  element= $(element);  
+  if (value == 1){
+    Element.setStyle(element, { opacity: 
+      (/Gecko/.test(navigator.userAgent) && !/Konqueror|Safari|KHTML/.test(navigator.userAgent)) ? 
+      0.999999 : null });
+    if(/MSIE/.test(navigator.userAgent))  
+      Element.setStyle(element, {filter: Element.getStyle(element,'filter').replace(/alpha\([^\)]*\)/gi,'')});  
+  } else {  
+    if(value < 0.00001) value = 0;  
+    Element.setStyle(element, {opacity: value});
+    if(/MSIE/.test(navigator.userAgent))  
+     Element.setStyle(element, 
+       { filter: Element.getStyle(element,'filter').replace(/alpha\([^\)]*\)/gi,'') +
+                 'alpha(opacity='+value*100+')' });  
+  }   
+}  
+ 
+Element.getInlineOpacity = function(element){  
+  return $(element).style.opacity || '';
+}  
+
+Element.childrenWithClassName = function(element, className) {  
+  return $A($(element).getElementsByTagName('*')).select(
+    function(c) { return Element.hasClassName(c, className) });
+}
+
+Array.prototype.call = function() {
+  var args = arguments;
+  this.each(function(f){ f.apply(this, args) });
+}
+
+/*--------------------------------------------------------------------------*/
+
+var Effect = {
+  tagifyText: function(element) {
+    var tagifyStyle = 'position:relative';
+    if(/MSIE/.test(navigator.userAgent)) tagifyStyle += ';zoom:1';
+    element = $(element);
+    $A(element.childNodes).each( function(child) {
+      if(child.nodeType==3) {
+        child.nodeValue.toArray().each( function(character) {
+          element.insertBefore(
+            Builder.node('span',{style: tagifyStyle},
+              character == ' ' ? String.fromCharCode(160) : character), 
+              child);
+        });
+        Element.remove(child);
+      }
+    });
+  },
+  multiple: function(element, effect) {
+    var elements;
+    if(((typeof element == 'object') || 
+        (typeof element == 'function')) && 
+       (element.length))
+      elements = element;
+    else
+      elements = $(element).childNodes;
+      
+    var options = Object.extend({
+      speed: 0.1,
+      delay: 0.0
+    }, arguments[2] || {});
+    var masterDelay = options.delay;
+
+    $A(elements).each( function(element, index) {
+      new effect(element, Object.extend(options, { delay: index * options.speed + masterDelay }));
+    });
+  },
+  PAIRS: {
+    'slide':  ['SlideDown','SlideUp'],
+    'blind':  ['BlindDown','BlindUp'],
+    'appear': ['Appear','Fade']
+  },
+  toggle: function(element, effect) {
+    element = $(element);
+    effect = (effect || 'appear').toLowerCase();
+    var options = Object.extend({
+      queue: { position:'end', scope:(element.id || 'global') }
+    }, arguments[2] || {});
+    Effect[Element.visible(element) ? 
+      Effect.PAIRS[effect][1] : Effect.PAIRS[effect][0]](element, options);
+  }
+};
+
+var Effect2 = Effect; // deprecated
+
+/* ------------- transitions ------------- */
+
+Effect.Transitions = {}
+
+Effect.Transitions.linear = function(pos) {
+  return pos;
+}
+Effect.Transitions.sinoidal = function(pos) {
+  return (-Math.cos(pos*Math.PI)/2) + 0.5;
+}
+Effect.Transitions.reverse  = function(pos) {
+  return 1-pos;
+}
+Effect.Transitions.flicker = function(pos) {
+  return ((-Math.cos(pos*Math.PI)/4) + 0.75) + Math.random()/4;
+}
+Effect.Transitions.wobble = function(pos) {
+  return (-Math.cos(pos*Math.PI*(9*pos))/2) + 0.5;
+}
+Effect.Transitions.pulse = function(pos) {
+  return (Math.floor(pos*10) % 2 == 0 ? 
+    (pos*10-Math.floor(pos*10)) : 1-(pos*10-Math.floor(pos*10)));
+}
+Effect.Transitions.none = function(pos) {
+  return 0;
+}
+Effect.Transitions.full = function(pos) {
+  return 1;
+}
+
+/* ------------- core effects ------------- */
+
+Effect.ScopedQueue = Class.create();
+Object.extend(Object.extend(Effect.ScopedQueue.prototype, Enumerable), {
+  initialize: function() {
+    this.effects  = [];
+    this.interval = null;
+  },
+  _each: function(iterator) {
+    this.effects._each(iterator);
+  },
+  add: function(effect) {
+    var timestamp = new Date().getTime();
+    
+    var position = (typeof effect.options.queue == 'string') ? 
+      effect.options.queue : effect.options.queue.position;
+    
+    switch(position) {
+      case 'front':
+        // move unstarted effects after this effect  
+        this.effects.findAll(function(e){ return e.state=='idle' }).each( function(e) {
+            e.startOn  += effect.finishOn;
+            e.finishOn += effect.finishOn;
+          });
+        break;
+      case 'end':
+        // start effect after last queued effect has finished
+        timestamp = this.effects.pluck('finishOn').max() || timestamp;
+        break;
+    }
+    
+    effect.startOn  += timestamp;
+    effect.finishOn += timestamp;
+    this.effects.push(effect);
+    if(!this.interval) 
+      this.interval = setInterval(this.loop.bind(this), 40);
+  },
+  remove: function(effect) {
+    this.effects = this.effects.reject(function(e) { return e==effect });
+    if(this.effects.length == 0) {
+      clearInterval(this.interval);
+      this.interval = null;
+    }
+  },
+  loop: function() {
+    var timePos = new Date().getTime();
+    this.effects.invoke('loop', timePos);
+  }
+});
+
+Effect.Queues = {
+  instances: $H(),
+  get: function(queueName) {
+    if(typeof queueName != 'string') return queueName;
+    
+    if(!this.instances[queueName])
+      this.instances[queueName] = new Effect.ScopedQueue();
+      
+    return this.instances[queueName];
+  }
+}
+Effect.Queue = Effect.Queues.get('global');
+
+Effect.DefaultOptions = {
+  transition: Effect.Transitions.sinoidal,
+  duration:   1.0,   // seconds
+  fps:        25.0,  // max. 25fps due to Effect.Queue implementation
+  sync:       false, // true for combining
+  from:       0.0,
+  to:         1.0,
+  delay:      0.0,
+  queue:      'parallel'
+}
+
+Effect.Base = function() {};
+Effect.Base.prototype = {
+  position: null,
+  start: function(options) {
+    this.options      = Object.extend(Object.extend({},Effect.DefaultOptions), options || {});
+    this.currentFrame = 0;
+    this.state        = 'idle';
+    this.startOn      = this.options.delay*1000;
+    this.finishOn     = this.startOn + (this.options.duration*1000);
+    this.event('beforeStart');
+    if(!this.options.sync)
+      Effect.Queues.get(typeof this.options.queue == 'string' ? 
+        'global' : this.options.queue.scope).add(this);
+  },
+  loop: function(timePos) {
+    if(timePos >= this.startOn) {
+      if(timePos >= this.finishOn) {
+        this.render(1.0);
+        this.cancel();
+        this.event('beforeFinish');
+        if(this.finish) this.finish(); 
+        this.event('afterFinish');
+        return;  
+      }
+      var pos   = (timePos - this.startOn) / (this.finishOn - this.startOn);
+      var frame = Math.round(pos * this.options.fps * this.options.duration);
+      if(frame > this.currentFrame) {
+        this.render(pos);
+        this.currentFrame = frame;
+      }
+    }
+  },
+  render: function(pos) {
+    if(this.state == 'idle') {
+      this.state = 'running';
+      this.event('beforeSetup');
+      if(this.setup) this.setup();
+      this.event('afterSetup');
+    }
+    if(this.state == 'running') {
+      if(this.options.transition) pos = this.options.transition(pos);
+      pos *= (this.options.to-this.options.from);
+      pos += this.options.from;
+      this.position = pos;
+      this.event('beforeUpdate');
+      if(this.update) this.update(pos);
+      this.event('afterUpdate');
+    }
+  },
+  cancel: function() {
+    if(!this.options.sync)
+      Effect.Queues.get(typeof this.options.queue == 'string' ? 
+        'global' : this.options.queue.scope).remove(this);
+    this.state = 'finished';
+  },
+  event: function(eventName) {
+    if(this.options[eventName + 'Internal']) this.options[eventName + 'Internal'](this);
+    if(this.options[eventName]) this.options[eventName](this);
+  },
+  inspect: function() {
+    return '#<Effect:' + $H(this).inspect() + ',options:' + $H(this.options).inspect() + '>';
+  }
+}
+
+Effect.Parallel = Class.create();
+Object.extend(Object.extend(Effect.Parallel.prototype, Effect.Base.prototype), {
+  initialize: function(effects) {
+    this.effects = effects || [];
+    this.start(arguments[1]);
+  },
+  update: function(position) {
+    this.effects.invoke('render', position);
+  },
+  finish: function(position) {
+    this.effects.each( function(effect) {
+      effect.render(1.0);
+      effect.cancel();
+      effect.event('beforeFinish');
+      if(effect.finish) effect.finish(position);
+      effect.event('afterFinish');
+    });
+  }
+});
+
+Effect.Opacity = Class.create();
+Object.extend(Object.extend(Effect.Opacity.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    // make this work on IE on elements without 'layout'
+    if(/MSIE/.test(navigator.userAgent) && (!this.element.hasLayout))
+      Element.setStyle(this.element, {zoom: 1});
+    var options = Object.extend({
+      from: Element.getOpacity(this.element) || 0.0,
+      to:   1.0
+    }, arguments[1] || {});
+    this.start(options);
+  },
+  update: function(position) {
+    Element.setOpacity(this.element, position);
+  }
+});
+
+Effect.Move = Class.create();
+Object.extend(Object.extend(Effect.Move.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    var options = Object.extend({
+      x:    0,
+      y:    0,
+      mode: 'relative'
+    }, arguments[1] || {});
+    this.start(options);
+  },
+  setup: function() {
+    // Bug in Opera: Opera returns the "real" position of a static element or
+    // relative element that does not have top/left explicitly set.
+    // ==> Always set top and left for position relative elements in your stylesheets 
+    // (to 0 if you do not need them) 
+    Element.makePositioned(this.element);
+    this.originalLeft = parseFloat(Element.getStyle(this.element,'left') || '0');
+    this.originalTop  = parseFloat(Element.getStyle(this.element,'top')  || '0');
+    if(this.options.mode == 'absolute') {
+      // absolute movement, so we need to calc deltaX and deltaY
+      this.options.x = this.options.x - this.originalLeft;
+      this.options.y = this.options.y - this.originalTop;
+    }
+  },
+  update: function(position) {
+    Element.setStyle(this.element, {
+      left: this.options.x  * position + this.originalLeft + 'px',
+      top:  this.options.y  * position + this.originalTop  + 'px'
+    });
+  }
+});
+
+// for backwards compatibility
+Effect.MoveBy = function(element, toTop, toLeft) {
+  return new Effect.Move(element, 
+    Object.extend({ x: toLeft, y: toTop }, arguments[3] || {}));
+};
+
+Effect.Scale = Class.create();
+Object.extend(Object.extend(Effect.Scale.prototype, Effect.Base.prototype), {
+  initialize: function(element, percent) {
+    this.element = $(element)
+    var options = Object.extend({
+      scaleX: true,
+      scaleY: true,
+      scaleContent: true,
+      scaleFromCenter: false,
+      scaleMode: 'box',        // 'box' or 'contents' or {} with provided values
+      scaleFrom: 100.0,
+      scaleTo:   percent
+    }, arguments[2] || {});
+    this.start(options);
+  },
+  setup: function() {
+    this.restoreAfterFinish = this.options.restoreAfterFinish || false;
+    this.elementPositioning = Element.getStyle(this.element,'position');
+    
+    this.originalStyle = {};
+    ['top','left','width','height','fontSize'].each( function(k) {
+      this.originalStyle[k] = this.element.style[k];
+    }.bind(this));
+      
+    this.originalTop  = this.element.offsetTop;
+    this.originalLeft = this.element.offsetLeft;
+    
+    var fontSize = Element.getStyle(this.element,'font-size') || '100%';
+    ['em','px','%'].each( function(fontSizeType) {
+      if(fontSize.indexOf(fontSizeType)>0) {
+        this.fontSize     = parseFloat(fontSize);
+        this.fontSizeType = fontSizeType;
+      }
+    }.bind(this));
+    
+    this.factor = (this.options.scaleTo - this.options.scaleFrom)/100;
+    
+    this.dims = null;
+    if(this.options.scaleMode=='box')
+      this.dims = [this.element.offsetHeight, this.element.offsetWidth];
+    if(/^content/.test(this.options.scaleMode))
+      this.dims = [this.element.scrollHeight, this.element.scrollWidth];
+    if(!this.dims)
+      this.dims = [this.options.scaleMode.originalHeight,
+                   this.options.scaleMode.originalWidth];
+  },
+  update: function(position) {
+    var currentScale = (this.options.scaleFrom/100.0) + (this.factor * position);
+    if(this.options.scaleContent && this.fontSize)
+      Element.setStyle(this.element, {fontSize: this.fontSize * currentScale + this.fontSizeType });
+    this.setDimensions(this.dims[0] * currentScale, this.dims[1] * currentScale);
+  },
+  finish: function(position) {
+    if (this.restoreAfterFinish) Element.setStyle(this.element, this.originalStyle);
+  },
+  setDimensions: function(height, width) {
+    var d = {};
+    if(this.options.scaleX) d.width = width + 'px';
+    if(this.options.scaleY) d.height = height + 'px';
+    if(this.options.scaleFromCenter) {
+      var topd  = (height - this.dims[0])/2;
+      var leftd = (width  - this.dims[1])/2;
+      if(this.elementPositioning == 'absolute') {
+        if(this.options.scaleY) d.top = this.originalTop-topd + 'px';
+        if(this.options.scaleX) d.left = this.originalLeft-leftd + 'px';
+      } else {
+        if(this.options.scaleY) d.top = -topd + 'px';
+        if(this.options.scaleX) d.left = -leftd + 'px';
+      }
+    }
+    Element.setStyle(this.element, d);
+  }
+});
+
+Effect.Highlight = Class.create();
+Object.extend(Object.extend(Effect.Highlight.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    var options = Object.extend({ startcolor: '#ffff99' }, arguments[1] || {});
+    this.start(options);
+  },
+  setup: function() {
+    // Prevent executing on elements not in the layout flow
+    if(Element.getStyle(this.element, 'display')=='none') { this.cancel(); return; }
+    // Disable background image during the effect
+    this.oldStyle = {
+      backgroundImage: Element.getStyle(this.element, 'background-image') };
+    Element.setStyle(this.element, {backgroundImage: 'none'});
+    if(!this.options.endcolor)
+      this.options.endcolor = Element.getStyle(this.element, 'background-color').parseColor('#ffffff');
+    if(!this.options.restorecolor)
+      this.options.restorecolor = Element.getStyle(this.element, 'background-color');
+    // init color calculations
+    this._base  = $R(0,2).map(function(i){ return parseInt(this.options.startcolor.slice(i*2+1,i*2+3),16) }.bind(this));
+    this._delta = $R(0,2).map(function(i){ return parseInt(this.options.endcolor.slice(i*2+1,i*2+3),16)-this._base[i] }.bind(this));
+  },
+  update: function(position) {
+    Element.setStyle(this.element,{backgroundColor: $R(0,2).inject('#',function(m,v,i){
+      return m+(Math.round(this._base[i]+(this._delta[i]*position)).toColorPart()); }.bind(this)) });
+  },
+  finish: function() {
+    Element.setStyle(this.element, Object.extend(this.oldStyle, {
+      backgroundColor: this.options.restorecolor
+    }));
+  }
+});
+
+Effect.ScrollTo = Class.create();
+Object.extend(Object.extend(Effect.ScrollTo.prototype, Effect.Base.prototype), {
+  initialize: function(element) {
+    this.element = $(element);
+    this.start(arguments[1] || {});
+  },
+  setup: function() {
+    Position.prepare();
+    var offsets = Position.cumulativeOffset(this.element);
+    if(this.options.offset) offsets[1] += this.options.offset;
+    var max = window.innerHeight ? 
+      window.height - window.innerHeight :
+      document.body.scrollHeight - 
+        (document.documentElement.clientHeight ? 
+          document.documentElement.clientHeight : document.body.clientHeight);
+    this.scrollStart = Position.deltaY;
+    this.delta = (offsets[1] > max ? max : offsets[1]) - this.scrollStart;
+  },
+  update: function(position) {
+    Position.prepare();
+    window.scrollTo(Position.deltaX, 
+      this.scrollStart + (position*this.delta));
+  }
+});
+
+/* ------------- combination effects ------------- */
+
+Effect.Fade = function(element) {
+  var oldOpacity = Element.getInlineOpacity(element);
+  var options = Object.extend({
+  from: Element.getOpacity(element) || 1.0,
+  to:   0.0,
+  afterFinishInternal: function(effect) { with(Element) { 
+    if(effect.options.to!=0) return;
+    hide(effect.element);
+    setStyle(effect.element, {opacity: oldOpacity}); }}
+  }, arguments[1] || {});
+  return new Effect.Opacity(element,options);
+}
+
+Effect.Appear = function(element) {
+  var options = Object.extend({
+  from: (Element.getStyle(element, 'display') == 'none' ? 0.0 : Element.getOpacity(element) || 0.0),
+  to:   1.0,
+  beforeSetup: function(effect) { with(Element) {
+    setOpacity(effect.element, effect.options.from);
+    show(effect.element); }}
+  }, arguments[1] || {});
+  return new Effect.Opacity(element,options);
+}
+
+Effect.Puff = function(element) {
+  element = $(element);
+  var oldStyle = { opacity: Element.getInlineOpacity(element), position: Element.getStyle(element, 'position') };
+  return new Effect.Parallel(
+   [ new Effect.Scale(element, 200, 
+      { sync: true, scaleFromCenter: true, scaleContent: true, restoreAfterFinish: true }), 
+     new Effect.Opacity(element, { sync: true, to: 0.0 } ) ], 
+     Object.extend({ duration: 1.0, 
+      beforeSetupInternal: function(effect) { with(Element) {
+        setStyle(effect.effects[0].element, {position: 'absolute'}); }},
+      afterFinishInternal: function(effect) { with(Element) {
+         hide(effect.effects[0].element);
+         setStyle(effect.effects[0].element, oldStyle); }}
+     }, arguments[1] || {})
+   );
+}
+
+Effect.BlindUp = function(element) {
+  element = $(element);
+  Element.makeClipping(element);
+  return new Effect.Scale(element, 0, 
+    Object.extend({ scaleContent: false, 
+      scaleX: false, 
+      restoreAfterFinish: true,
+      afterFinishInternal: function(effect) { with(Element) {
+        [hide, undoClipping].call(effect.element); }} 
+    }, arguments[1] || {})
+  );
+}
+
+Effect.BlindDown = function(element) {
+  element = $(element);
+  var oldHeight = Element.getStyle(element, 'height');
+  var elementDimensions = Element.getDimensions(element);
+  return new Effect.Scale(element, 100, 
+    Object.extend({ scaleContent: false, 
+      scaleX: false,
+      scaleFrom: 0,
+      scaleMode: {originalHeight: elementDimensions.height, originalWidth: elementDimensions.width},
+      restoreAfterFinish: true,
+      afterSetup: function(effect) { with(Element) {
+        makeClipping(effect.element);
+        setStyle(effect.element, {height: '0px'});
+        show(effect.element); 
+      }},  
+      afterFinishInternal: function(effect) { with(Element) {
+        undoClipping(effect.element);
+        setStyle(effect.element, {height: oldHeight});
+      }}
+    }, arguments[1] || {})
+  );
+}
+
+Effect.SwitchOff = function(element) {
+  element = $(element);
+  var oldOpacity = Element.getInlineOpacity(element);
+  return new Effect.Appear(element, { 
+    duration: 0.4,
+    from: 0,
+    transition: Effect.Transitions.flicker,
+    afterFinishInternal: function(effect) {
+      new Effect.Scale(effect.element, 1, { 
+        duration: 0.3, scaleFromCenter: true,
+        scaleX: false, scaleContent: false, restoreAfterFinish: true,
+        beforeSetup: function(effect) { with(Element) {
+          [makePositioned,makeClipping].call(effect.element);
+        }},
+        afterFinishInternal: function(effect) { with(Element) {
+          [hide,undoClipping,undoPositioned].call(effect.element);
+          setStyle(effect.element, {opacity: oldOpacity});
+        }}
+      })
+    }
+  });
+}
+
+Effect.DropOut = function(element) {
+  element = $(element);
+  var oldStyle = {
+    top: Element.getStyle(element, 'top'),
+    left: Element.getStyle(element, 'left'),
+    opacity: Element.getInlineOpacity(element) };
+  return new Effect.Parallel(
+    [ new Effect.Move(element, {x: 0, y: 100, sync: true }), 
+      new Effect.Opacity(element, { sync: true, to: 0.0 }) ],
+    Object.extend(
+      { duration: 0.5,
+        beforeSetup: function(effect) { with(Element) {
+          makePositioned(effect.effects[0].element); }},
+        afterFinishInternal: function(effect) { with(Element) {
+          [hide, undoPositioned].call(effect.effects[0].element);
+          setStyle(effect.effects[0].element, oldStyle); }} 
+      }, arguments[1] || {}));
+}
+
+Effect.Shake = function(element) {
+  element = $(element);
+  var oldStyle = {
+    top: Element.getStyle(element, 'top'),
+    left: Element.getStyle(element, 'left') };
+	  return new Effect.Move(element, 
+	    { x:  20, y: 0, duration: 0.05, afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x: -40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x:  40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x: -40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x:  40, y: 0, duration: 0.1,  afterFinishInternal: function(effect) {
+	  new Effect.Move(effect.element,
+	    { x: -20, y: 0, duration: 0.05, afterFinishInternal: function(effect) { with(Element) {
+        undoPositioned(effect.element);
+        setStyle(effect.element, oldStyle);
+  }}}) }}) }}) }}) }}) }});
+}
+
+Effect.SlideDown = function(element) {
+  element = $(element);
+  Element.cleanWhitespace(element);
+  // SlideDown need to have the content of the element wrapped in a container element with fixed height!
+  var oldInnerBottom = Element.getStyle(element.firstChild, 'bottom');
+  var elementDimensions = Element.getDimensions(element);
+  return new Effect.Scale(element, 100, Object.extend({ 
+    scaleContent: false, 
+    scaleX: false, 
+    scaleFrom: 0,
+    scaleMode: {originalHeight: elementDimensions.height, originalWidth: elementDimensions.width},
+    restoreAfterFinish: true,
+    afterSetup: function(effect) { with(Element) {
+      makePositioned(effect.element);
+      makePositioned(effect.element.firstChild);
+      if(window.opera) setStyle(effect.element, {top: ''});
+      makeClipping(effect.element);
+      setStyle(effect.element, {height: '0px'});
+      show(element); }},
+    afterUpdateInternal: function(effect) { with(Element) {
+      setStyle(effect.element.firstChild, {bottom:
+        (effect.dims[0] - effect.element.clientHeight) + 'px' }); }},
+    afterFinishInternal: function(effect) { with(Element) {
+      undoClipping(effect.element); 
+      undoPositioned(effect.element.firstChild);
+      undoPositioned(effect.element);
+      setStyle(effect.element.firstChild, {bottom: oldInnerBottom}); }}
+    }, arguments[1] || {})
+  );
+}
+  
+Effect.SlideUp = function(element) {
+  element = $(element);
+  Element.cleanWhitespace(element);
+  var oldInnerBottom = Element.getStyle(element.firstChild, 'bottom');
+  return new Effect.Scale(element, 0, 
+   Object.extend({ scaleContent: false, 
+    scaleX: false, 
+    scaleMode: 'box',
+    scaleFrom: 100,
+    restoreAfterFinish: true,
+    beforeStartInternal: function(effect) { with(Element) {
+      makePositioned(effect.element);
+      makePositioned(effect.element.firstChild);
+      if(window.opera) setStyle(effect.element, {top: ''});
+      makeClipping(effect.element);
+      show(element); }},  
+    afterUpdateInternal: function(effect) { with(Element) {
+      setStyle(effect.element.firstChild, {bottom:
+        (effect.dims[0] - effect.element.clientHeight) + 'px' }); }},
+    afterFinishInternal: function(effect) { with(Element) {
+        [hide, undoClipping].call(effect.element); 
+        undoPositioned(effect.element.firstChild);
+        undoPositioned(effect.element);
+        setStyle(effect.element.firstChild, {bottom: oldInnerBottom}); }}
+   }, arguments[1] || {})
+  );
+}
+
+// Bug in opera makes the TD containing this element expand for a instance after finish 
+Effect.Squish = function(element) {
+  return new Effect.Scale(element, window.opera ? 1 : 0, 
+    { restoreAfterFinish: true,
+      beforeSetup: function(effect) { with(Element) {
+        makeClipping(effect.element); }},  
+      afterFinishInternal: function(effect) { with(Element) {
+        hide(effect.element); 
+        undoClipping(effect.element); }}
+  });
+}
+
+Effect.Grow = function(element) {
+  element = $(element);
+  var options = Object.extend({
+    direction: 'center',
+    moveTransistion: Effect.Transitions.sinoidal,
+    scaleTransition: Effect.Transitions.sinoidal,
+    opacityTransition: Effect.Transitions.full
+  }, arguments[1] || {});
+  var oldStyle = {
+    top: element.style.top,
+    left: element.style.left,
+    height: element.style.height,
+    width: element.style.width,
+    opacity: Element.getInlineOpacity(element) };
+
+  var dims = Element.getDimensions(element);    
+  var initialMoveX, initialMoveY;
+  var moveX, moveY;
+  
+  switch (options.direction) {
+    case 'top-left':
+      initialMoveX = initialMoveY = moveX = moveY = 0; 
+      break;
+    case 'top-right':
+      initialMoveX = dims.width;
+      initialMoveY = moveY = 0;
+      moveX = -dims.width;
+      break;
+    case 'bottom-left':
+      initialMoveX = moveX = 0;
+      initialMoveY = dims.height;
+      moveY = -dims.height;
+      break;
+    case 'bottom-right':
+      initialMoveX = dims.width;
+      initialMoveY = dims.height;
+      moveX = -dims.width;
+      moveY = -dims.height;
+      break;
+    case 'center':
+      initialMoveX = dims.width / 2;
+      initialMoveY = dims.height / 2;
+      moveX = -dims.width / 2;
+      moveY = -dims.height / 2;
+      break;
+  }
+  
+  return new Effect.Move(element, {
+    x: initialMoveX,
+    y: initialMoveY,
+    duration: 0.01, 
+    beforeSetup: function(effect) { with(Element) {
+      hide(effect.element);
+      makeClipping(effect.element);
+      makePositioned(effect.element);
+    }},
+    afterFinishInternal: function(effect) {
+      new Effect.Parallel(
+        [ new Effect.Opacity(effect.element, { sync: true, to: 1.0, from: 0.0, transition: options.opacityTransition }),
+          new Effect.Move(effect.element, { x: moveX, y: moveY, sync: true, transition: options.moveTransition }),
+          new Effect.Scale(effect.element, 100, {
+            scaleMode: { originalHeight: dims.height, originalWidth: dims.width }, 
+            sync: true, scaleFrom: window.opera ? 1 : 0, transition: options.scaleTransition, restoreAfterFinish: true})
+        ], Object.extend({
+             beforeSetup: function(effect) { with(Element) {
+               setStyle(effect.effects[0].element, {height: '0px'});
+               show(effect.effects[0].element); }},
+             afterFinishInternal: function(effect) { with(Element) {
+               [undoClipping, undoPositioned].call(effect.effects[0].element); 
+               setStyle(effect.effects[0].element, oldStyle); }}
+           }, options)
+      )
+    }
+  });
+}
+
+Effect.Shrink = function(element) {
+  element = $(element);
+  var options = Object.extend({
+    direction: 'center',
+    moveTransistion: Effect.Transitions.sinoidal,
+    scaleTransition: Effect.Transitions.sinoidal,
+    opacityTransition: Effect.Transitions.none
+  }, arguments[1] || {});
+  var oldStyle = {
+    top: element.style.top,
+    left: element.style.left,
+    height: element.style.height,
+    width: element.style.width,
+    opacity: Element.getInlineOpacity(element) };
+
+  var dims = Element.getDimensions(element);
+  var moveX, moveY;
+  
+  switch (options.direction) {
+    case 'top-left':
+      moveX = moveY = 0;
+      break;
+    case 'top-right':
+      moveX = dims.width;
+      moveY = 0;
+      break;
+    case 'bottom-left':
+      moveX = 0;
+      moveY = dims.height;
+      break;
+    case 'bottom-right':
+      moveX = dims.width;
+      moveY = dims.height;
+      break;
+    case 'center':  
+      moveX = dims.width / 2;
+      moveY = dims.height / 2;
+      break;
+  }
+  
+  return new Effect.Parallel(
+    [ new Effect.Opacity(element, { sync: true, to: 0.0, from: 1.0, transition: options.opacityTransition }),
+      new Effect.Scale(element, window.opera ? 1 : 0, { sync: true, transition: options.scaleTransition, restoreAfterFinish: true}),
+      new Effect.Move(element, { x: moveX, y: moveY, sync: true, transition: options.moveTransition })
+    ], Object.extend({            
+         beforeStartInternal: function(effect) { with(Element) {
+           [makePositioned, makeClipping].call(effect.effects[0].element) }},
+         afterFinishInternal: function(effect) { with(Element) {
+           [hide, undoClipping, undoPositioned].call(effect.effects[0].element);
+           setStyle(effect.effects[0].element, oldStyle); }}
+       }, options)
+  );
+}
+
+Effect.Pulsate = function(element) {
+  element = $(element);
+  var options    = arguments[1] || {};
+  var oldOpacity = Element.getInlineOpacity(element);
+  var transition = options.transition || Effect.Transitions.sinoidal;
+  var reverser   = function(pos){ return transition(1-Effect.Transitions.pulse(pos)) };
+  reverser.bind(transition);
+  return new Effect.Opacity(element, 
+    Object.extend(Object.extend({  duration: 3.0, from: 0,
+      afterFinishInternal: function(effect) { Element.setStyle(effect.element, {opacity: oldOpacity}); }
+    }, options), {transition: reverser}));
+}
+
+Effect.Fold = function(element) {
+  element = $(element);
+  var oldStyle = {
+    top: element.style.top,
+    left: element.style.left,
+    width: element.style.width,
+    height: element.style.height };
+  Element.makeClipping(element);
+  return new Effect.Scale(element, 5, Object.extend({   
+    scaleContent: false,
+    scaleX: false,
+    afterFinishInternal: function(effect) {
+    new Effect.Scale(element, 1, { 
+      scaleContent: false, 
+      scaleY: false,
+      afterFinishInternal: function(effect) { with(Element) {
+        [hide, undoClipping].call(effect.element); 
+        setStyle(effect.element, oldStyle);
+      }} });
+  }}, arguments[1] || {}));
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/js/lightbox.js b/dogtag/tps-ui/shared/docroot/esc/sow/js/lightbox.js
new file mode 100755
index 000000000..11856b208
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/js/lightbox.js
@@ -0,0 +1,689 @@
+// -----------------------------------------------------------------------------------
+//
+//	Lightbox v2.02
+//	by Lokesh Dhakar - http://www.huddletogether.com
+//	3/31/06
+//
+//	For more information on this script, visit:
+//	http://huddletogether.com/projects/lightbox2/
+//
+//	Licensed under the Creative Commons Attribution 2.5 License - http://creativecommons.org/licenses/by/2.5/
+//	
+//	Credit also due to those who have helped, inspired, and made their code available to the public.
+//	Including: Scott Upton(uptonic.com), Peter-Paul Koch(quirksmode.org), Thomas Fuchs(mir.aculo.us), and others.
+//
+//
+// -----------------------------------------------------------------------------------
+/*
+
+	Table of Contents
+	-----------------
+	Configuration
+	Global Variables
+
+	Extending Built-in Objects	
+	- Object.extend(Element)
+	- Array.prototype.removeDuplicates()
+	- Array.prototype.empty()
+
+	Lightbox Class Declaration
+	- initialize()
+	- start()
+	- changeImage()
+	- resizeImageContainer()
+	- showImage()
+	- updateDetails()
+	- updateNav()
+	- enableKeyboardNav()
+	- disableKeyboardNav()
+	- keyboardAction()
+	- preloadNeighborImages()
+	- end()
+	
+	Miscellaneous Functions
+	- getPageScroll()
+	- getPageSize()
+	- getKey()
+	- listenKey()
+	- showSelectBoxes()
+	- hideSelectBoxes()
+	- pause()
+	- initLightbox()
+	
+	Function Calls
+	- addLoadEvent(initLightbox)
+	
+*/
+// -----------------------------------------------------------------------------------
+
+//
+//	Configuration
+//
+var fileLoadingImage = "/sow/images/loading.gif";		
+var fileBottomNavCloseImage = "/sow/images/closelabel.gif";
+
+var resizeSpeed = 7;	// controls the speed of the image resizing (1=slowest and 10=fastest)
+
+var borderSize = 10;	//if you adjust the padding in the CSS, you will need to update this variable
+
+// -----------------------------------------------------------------------------------
+
+//
+//	Global Variables
+//
+var imageArray = new Array;
+var activeImage;
+
+if(resizeSpeed > 10){ resizeSpeed = 10;}
+if(resizeSpeed < 1){ resizeSpeed = 1;}
+resizeDuration = (11 - resizeSpeed) * 0.15;
+
+// -----------------------------------------------------------------------------------
+
+//
+//	Additional methods for Element added by SU, Couloir
+//	- further additions by Lokesh Dhakar (huddletogether.com)
+//
+Object.extend(Element, {
+	getWidth: function(element) {
+	   	element = $(element);
+	   	return element.offsetWidth; 
+	},
+	setWidth: function(element,w) {
+	   	element = $(element);
+    	element.style.width = w +"px";
+	},
+	setHeight: function(element,h) {
+   		element = $(element);
+    	element.style.height = h +"px";
+	},
+	setTop: function(element,t) {
+	   	element = $(element);
+    	element.style.top = t +"px";
+	},
+	setSrc: function(element,src) {
+    	element = $(element);
+    	element.src = src; 
+	},
+	setHref: function(element,href) {
+    	element = $(element);
+    	element.href = href; 
+	},
+	setInnerHTML: function(element,content) {
+		element = $(element);
+		element.innerHTML = content;
+	}
+});
+
+// -----------------------------------------------------------------------------------
+
+//
+//	Extending built-in Array object
+//	- array.removeDuplicates()
+//	- array.empty()
+//
+Array.prototype.removeDuplicates = function () {
+	for(i = 1; i < this.length; i++){
+		if(this[i][0] == this[i-1][0]){
+			this.splice(i,1);
+		}
+	}
+}
+
+// -----------------------------------------------------------------------------------
+
+Array.prototype.empty = function () {
+	for(i = 0; i <= this.length; i++){
+		this.shift();
+	}
+}
+
+// -----------------------------------------------------------------------------------
+
+//
+//	Lightbox Class Declaration
+//	- initialize()
+//	- start()
+//	- changeImage()
+//	- resizeImageContainer()
+//	- showImage()
+//	- updateDetails()
+//	- updateNav()
+//	- enableKeyboardNav()
+//	- disableKeyboardNav()
+//	- keyboardNavAction()
+//	- preloadNeighborImages()
+//	- end()
+//
+//	Structuring of code inspired by Scott Upton (http://www.uptonic.com/)
+//
+var Lightbox = Class.create();
+
+Lightbox.prototype = {
+	
+	// initialize()
+	// Constructor runs on completion of the DOM loading. Loops through anchor tags looking for 
+	// 'lightbox' references and applies onclick events to appropriate links. The 2nd section of
+	// the function inserts html at the bottom of the page which is used to display the shadow 
+	// overlay and the image container.
+	//
+	initialize: function() {	
+		if (!document.getElementsByTagName){ return; }
+		var anchors = document.getElementsByTagName('a');
+
+		// loop through all anchor tags
+		for (var i=0; i<anchors.length; i++){
+			var anchor = anchors[i];
+			
+			var relAttribute = String(anchor.getAttribute('rel'));
+			
+			// use the string.match() method to catch 'lightbox' references in the rel attribute
+			if (anchor.getAttribute('href') && (relAttribute.toLowerCase().match('lightbox'))){
+				anchor.onclick = function () {myLightbox.start(this); return false;}
+			}
+		}
+
+		// The rest of this code inserts html at the bottom of the page that looks similar to this:
+		//
+		//	<div id="overlay"></div>
+		//	<div id="lightbox">
+		//		<div id="outerImageContainer">
+		//			<div id="imageContainer">
+		//				<img id="lightboxImage">
+		//				<div style="" id="hoverNav">
+		//					<a href="#" id="prevLink"></a>
+		//					<a href="#" id="nextLink"></a>
+		//				</div>
+		//				<div id="loading">
+		//					<a href="#" id="loadingLink">
+		//						<img src="images/loading.gif">
+		//					</a>
+		//				</div>
+		//			</div>
+		//		</div>
+		//		<div id="imageDataContainer">
+		//			<div id="imageData">
+		//				<div id="imageDetails">
+		//					<span id="caption"></span>
+		//					<span id="numberDisplay"></span>
+		//				</div>
+		//				<div id="bottomNav">
+		//					<a href="#" id="bottomNavClose">
+		//						<img src="images/close.gif">
+		//					</a>
+		//				</div>
+		//			</div>
+		//		</div>
+		//	</div>
+
+
+		var objBody = document.getElementsByTagName("body").item(0);
+		
+		var objOverlay = document.createElement("div");
+		objOverlay.setAttribute('id','overlay');
+		objOverlay.style.display = 'none';
+		objOverlay.onclick = function() { myLightbox.end(); return false; }
+		objBody.appendChild(objOverlay);
+		
+		var objLightbox = document.createElement("div");
+		objLightbox.setAttribute('id','lightbox');
+		objLightbox.style.display = 'none';
+		objBody.appendChild(objLightbox);
+	
+		var objOuterImageContainer = document.createElement("div");
+		objOuterImageContainer.setAttribute('id','outerImageContainer');
+		objLightbox.appendChild(objOuterImageContainer);
+
+		var objImageContainer = document.createElement("div");
+		objImageContainer.setAttribute('id','imageContainer');
+		objOuterImageContainer.appendChild(objImageContainer);
+	
+		var objLightboxImage = document.createElement("img");
+		objLightboxImage.setAttribute('id','lightboxImage');
+		objImageContainer.appendChild(objLightboxImage);
+	
+		var objHoverNav = document.createElement("div");
+		objHoverNav.setAttribute('id','hoverNav');
+		objImageContainer.appendChild(objHoverNav);
+	
+		var objPrevLink = document.createElement("a");
+		objPrevLink.setAttribute('id','prevLink');
+		objPrevLink.setAttribute('href','#');
+		objHoverNav.appendChild(objPrevLink);
+		
+		var objNextLink = document.createElement("a");
+		objNextLink.setAttribute('id','nextLink');
+		objNextLink.setAttribute('href','#');
+		objHoverNav.appendChild(objNextLink);
+	
+		var objLoading = document.createElement("div");
+		objLoading.setAttribute('id','loading');
+		objImageContainer.appendChild(objLoading);
+	
+		var objLoadingLink = document.createElement("a");
+		objLoadingLink.setAttribute('id','loadingLink');
+		objLoadingLink.setAttribute('href','#');
+		objLoadingLink.onclick = function() { myLightbox.end(); return false; }
+		objLoading.appendChild(objLoadingLink);
+	
+		var objLoadingImage = document.createElement("img");
+		objLoadingImage.setAttribute('src', fileLoadingImage);
+		objLoadingLink.appendChild(objLoadingImage);
+
+		var objImageDataContainer = document.createElement("div");
+		objImageDataContainer.setAttribute('id','imageDataContainer');
+		objImageDataContainer.className = 'clearfix';
+		objLightbox.appendChild(objImageDataContainer);
+
+		var objImageData = document.createElement("div");
+		objImageData.setAttribute('id','imageData');
+		objImageDataContainer.appendChild(objImageData);
+	
+		var objImageDetails = document.createElement("div");
+		objImageDetails.setAttribute('id','imageDetails');
+		objImageData.appendChild(objImageDetails);
+	
+		var objCaption = document.createElement("span");
+		objCaption.setAttribute('id','caption');
+		objImageDetails.appendChild(objCaption);
+	
+		var objNumberDisplay = document.createElement("span");
+		objNumberDisplay.setAttribute('id','numberDisplay');
+		objImageDetails.appendChild(objNumberDisplay);
+		
+		var objBottomNav = document.createElement("div");
+		objBottomNav.setAttribute('id','bottomNav');
+		objImageData.appendChild(objBottomNav);
+	
+		var objBottomNavCloseLink = document.createElement("a");
+		objBottomNavCloseLink.setAttribute('id','bottomNavClose');
+		objBottomNavCloseLink.setAttribute('href','#');
+		objBottomNavCloseLink.onclick = function() { myLightbox.end(); return false; }
+		objBottomNav.appendChild(objBottomNavCloseLink);
+	
+		var objBottomNavCloseImage = document.createElement("img");
+		objBottomNavCloseImage.setAttribute('src', fileBottomNavCloseImage);
+		objBottomNavCloseLink.appendChild(objBottomNavCloseImage);
+	},
+	
+	//
+	//	start()
+	//	Display overlay and lightbox. If image is part of a set, add siblings to imageArray.
+	//
+	start: function(imageLink) {	
+
+		hideSelectBoxes();
+
+		// stretch overlay to fill page and fade in
+		var arrayPageSize = getPageSize();
+		Element.setHeight('overlay', arrayPageSize[1]);
+		new Effect.Appear('overlay', { duration: 0.2, from: 0.0, to: 0.8 });
+
+		imageArray = [];
+		imageNum = 0;		
+
+		if (!document.getElementsByTagName){ return; }
+		var anchors = document.getElementsByTagName('a');
+
+		// if image is NOT part of a set..
+		if((imageLink.getAttribute('rel') == 'lightbox')){
+			// add single image to imageArray
+			imageArray.push(new Array(imageLink.getAttribute('href'), imageLink.getAttribute('title')));			
+		} else {
+		// if image is part of a set..
+
+			// loop through anchors, find other images in set, and add them to imageArray
+			for (var i=0; i<anchors.length; i++){
+				var anchor = anchors[i];
+				if (anchor.getAttribute('href') && (anchor.getAttribute('rel') == imageLink.getAttribute('rel'))){
+					imageArray.push(new Array(anchor.getAttribute('href'), anchor.getAttribute('title')));
+				}
+			}
+			imageArray.removeDuplicates();
+			while(imageArray[imageNum][0] != imageLink.getAttribute('href')) { imageNum++;}
+		}
+
+		// calculate top offset for the lightbox and display 
+		var arrayPageSize = getPageSize();
+		var arrayPageScroll = getPageScroll();
+		var lightboxTop = arrayPageScroll[1] + (arrayPageSize[3] / 15);
+
+		Element.setTop('lightbox', lightboxTop);
+		Element.show('lightbox');
+		
+		this.changeImage(imageNum);
+	},
+
+	//
+	//	changeImage()
+	//	Hide most elements and preload image in preparation for resizing image container.
+	//
+	changeImage: function(imageNum) {	
+		
+		activeImage = imageNum;	// update global var
+
+		// hide elements during transition
+		Element.show('loading');
+		Element.hide('lightboxImage');
+		Element.hide('hoverNav');
+		Element.hide('prevLink');
+		Element.hide('nextLink');
+		Element.hide('imageDataContainer');
+		Element.hide('numberDisplay');		
+		
+		imgPreloader = new Image();
+		
+		// once image is preloaded, resize image container
+		imgPreloader.onload=function(){
+			Element.setSrc('lightboxImage', imageArray[activeImage][0]);
+			myLightbox.resizeImageContainer(imgPreloader.width, imgPreloader.height);
+		}
+		imgPreloader.src = imageArray[activeImage][0];
+	},
+
+	//
+	//	resizeImageContainer()
+	//
+	resizeImageContainer: function( imgWidth, imgHeight) {
+
+		// get current height and width
+		this.wCur = Element.getWidth('outerImageContainer');
+		this.hCur = Element.getHeight('outerImageContainer');
+
+		// scalars based on change from old to new
+		this.xScale = ((imgWidth  + (borderSize * 2)) / this.wCur) * 100;
+		this.yScale = ((imgHeight  + (borderSize * 2)) / this.hCur) * 100;
+
+		// calculate size difference between new and old image, and resize if necessary
+		wDiff = (this.wCur - borderSize * 2) - imgWidth;
+		hDiff = (this.hCur - borderSize * 2) - imgHeight;
+
+		if(!( hDiff == 0)){ new Effect.Scale('outerImageContainer', this.yScale, {scaleX: false, duration: resizeDuration, queue: 'front'}); }
+		if(!( wDiff == 0)){ new Effect.Scale('outerImageContainer', this.xScale, {scaleY: false, delay: resizeDuration, duration: resizeDuration}); }
+
+		// if new and old image are same size and no scaling transition is necessary, 
+		// do a quick pause to prevent image flicker.
+		if((hDiff == 0) && (wDiff == 0)){
+			if (navigator.appVersion.indexOf("MSIE")!=-1){ pause(250); } else { pause(100);} 
+		}
+
+		Element.setHeight('prevLink', imgHeight);
+		Element.setHeight('nextLink', imgHeight);
+		Element.setWidth( 'imageDataContainer', imgWidth + (borderSize * 2));
+
+		this.showImage();
+	},
+	
+	//
+	//	showImage()
+	//	Display image and begin preloading neighbors.
+	//
+	showImage: function(){
+		Element.hide('loading');
+		new Effect.Appear('lightboxImage', { duration: 0.5, queue: 'end', afterFinish: function(){	myLightbox.updateDetails(); } });
+		this.preloadNeighborImages();
+	},
+
+	//
+	//	updateDetails()
+	//	Display caption, image number, and bottom nav.
+	//
+	updateDetails: function() {
+	
+		Element.show('caption');
+		Element.setInnerHTML( 'caption', imageArray[activeImage][1]);
+		
+		// if image is part of set display 'Image x of x' 
+		if(imageArray.length > 1){
+			Element.show('numberDisplay');
+			Element.setInnerHTML( 'numberDisplay', "Image " + eval(activeImage + 1) + " of " + imageArray.length);
+		}
+
+		new Effect.Parallel(
+			[ new Effect.SlideDown( 'imageDataContainer', { sync: true, duration: resizeDuration + 0.25, from: 0.0, to: 1.0 }), 
+			  new Effect.Appear('imageDataContainer', { sync: true, duration: 1.0 }) ], 
+			{ duration: 0.65, afterFinish: function() { myLightbox.updateNav();} } 
+		);
+	},
+
+	//
+	//	updateNav()
+	//	Display appropriate previous and next hover navigation.
+	//
+	updateNav: function() {
+
+		Element.show('hoverNav');				
+
+		// if not first image in set, display prev image button
+		if(activeImage != 0){
+			Element.show('prevLink');
+			document.getElementById('prevLink').onclick = function() {
+				myLightbox.changeImage(activeImage - 1); return false;
+			}
+		}
+
+		// if not last image in set, display next image button
+		if(activeImage != (imageArray.length - 1)){
+			Element.show('nextLink');
+			document.getElementById('nextLink').onclick = function() {
+				myLightbox.changeImage(activeImage + 1); return false;
+			}
+		}
+		
+		this.enableKeyboardNav();
+	},
+
+	//
+	//	enableKeyboardNav()
+	//
+	enableKeyboardNav: function() {
+		document.onkeydown = this.keyboardAction; 
+	},
+
+	//
+	//	disableKeyboardNav()
+	//
+	disableKeyboardNav: function() {
+		document.onkeydown = '';
+	},
+
+	//
+	//	keyboardAction()
+	//
+	keyboardAction: function(e) {
+		if (e == null) { // ie
+			keycode = event.keyCode;
+		} else { // mozilla
+			keycode = e.which;
+		}
+
+		key = String.fromCharCode(keycode).toLowerCase();
+		
+		if((key == 'x') || (key == 'o') || (key == 'c')){	// close lightbox
+			myLightbox.end();
+		} else if(key == 'p'){	// display previous image
+			if(activeImage != 0){
+				myLightbox.disableKeyboardNav();
+				myLightbox.changeImage(activeImage - 1);
+			}
+		} else if(key == 'n'){	// display next image
+			if(activeImage != (imageArray.length - 1)){
+				myLightbox.disableKeyboardNav();
+				myLightbox.changeImage(activeImage + 1);
+			}
+		}
+
+
+	},
+
+	//
+	//	preloadNeighborImages()
+	//	Preload previous and next images.
+	//
+	preloadNeighborImages: function(){
+
+		if((imageArray.length - 1) > activeImage){
+			preloadNextImage = new Image();
+			preloadNextImage.src = imageArray[activeImage + 1][0];
+		}
+		if(activeImage > 0){
+			preloadPrevImage = new Image();
+			preloadPrevImage.src = imageArray[activeImage - 1][0];
+		}
+	
+	},
+
+	//
+	//	end()
+	//
+	end: function() {
+		this.disableKeyboardNav();
+		Element.hide('lightbox');
+		new Effect.Fade('overlay', { duration: 0.2});
+		showSelectBoxes();
+	}
+}
+
+// -----------------------------------------------------------------------------------
+
+//
+// getPageScroll()
+// Returns array with x,y page scroll values.
+// Core code from - quirksmode.org
+//
+function getPageScroll(){
+
+	var yScroll;
+
+	if (self.pageYOffset) {
+		yScroll = self.pageYOffset;
+	} else if (document.documentElement && document.documentElement.scrollTop){	 // Explorer 6 Strict
+		yScroll = document.documentElement.scrollTop;
+	} else if (document.body) {// all other Explorers
+		yScroll = document.body.scrollTop;
+	}
+
+	arrayPageScroll = new Array('',yScroll) 
+	return arrayPageScroll;
+}
+
+// -----------------------------------------------------------------------------------
+
+//
+// getPageSize()
+// Returns array with page width, height and window width, height
+// Core code from - quirksmode.org
+// Edit for Firefox by pHaez
+//
+function getPageSize(){
+	
+	var xScroll, yScroll;
+	
+	if (window.innerHeight && window.scrollMaxY) {	
+		xScroll = document.body.scrollWidth;
+		yScroll = window.innerHeight + window.scrollMaxY;
+	} else if (document.body.scrollHeight > document.body.offsetHeight){ // all but Explorer Mac
+		xScroll = document.body.scrollWidth;
+		yScroll = document.body.scrollHeight;
+	} else { // Explorer Mac...would also work in Explorer 6 Strict, Mozilla and Safari
+		xScroll = document.body.offsetWidth;
+		yScroll = document.body.offsetHeight;
+	}
+	
+	var windowWidth, windowHeight;
+	if (self.innerHeight) {	// all except Explorer
+		windowWidth = self.innerWidth;
+		windowHeight = self.innerHeight;
+	} else if (document.documentElement && document.documentElement.clientHeight) { // Explorer 6 Strict Mode
+		windowWidth = document.documentElement.clientWidth;
+		windowHeight = document.documentElement.clientHeight;
+	} else if (document.body) { // other Explorers
+		windowWidth = document.body.clientWidth;
+		windowHeight = document.body.clientHeight;
+	}	
+	
+	// for small pages with total height less then height of the viewport
+	if(yScroll < windowHeight){
+		pageHeight = windowHeight;
+	} else { 
+		pageHeight = yScroll;
+	}
+
+	// for small pages with total width less then width of the viewport
+	if(xScroll < windowWidth){	
+		pageWidth = windowWidth;
+	} else {
+		pageWidth = xScroll;
+	}
+
+
+	arrayPageSize = new Array(pageWidth,pageHeight,windowWidth,windowHeight) 
+	return arrayPageSize;
+}
+
+// -----------------------------------------------------------------------------------
+
+//
+// getKey(key)
+// Gets keycode. If 'x' is pressed then it hides the lightbox.
+//
+function getKey(e){
+	if (e == null) { // ie
+		keycode = event.keyCode;
+	} else { // mozilla
+		keycode = e.which;
+	}
+	key = String.fromCharCode(keycode).toLowerCase();
+	
+	if(key == 'x'){
+	}
+}
+
+// -----------------------------------------------------------------------------------
+
+//
+// listenKey()
+//
+function listenKey () {	document.onkeypress = getKey; }
+	
+// ---------------------------------------------------
+
+function showSelectBoxes(){
+	selects = document.getElementsByTagName("select");
+	for (i = 0; i != selects.length; i++) {
+		selects[i].style.visibility = "visible";
+	}
+}
+
+// ---------------------------------------------------
+
+function hideSelectBoxes(){
+	selects = document.getElementsByTagName("select");
+	for (i = 0; i != selects.length; i++) {
+		selects[i].style.visibility = "hidden";
+	}
+}
+
+// ---------------------------------------------------
+
+//
+// pause(numberMillis)
+// Pauses code execution for specified time. Uses busy code, not good.
+// Code from http://www.faqts.com/knowledge_base/view.phtml/aid/1602
+//
+function pause(numberMillis) {
+	var now = new Date();
+	var exitTime = now.getTime() + numberMillis;
+	while (true) {
+		now = new Date();
+		if (now.getTime() > exitTime)
+			return;
+	}
+}
+
+// ---------------------------------------------------
+
+
+
+function initLightbox() { myLightbox = new Lightbox(); }
+Event.observe(window, 'load', initLightbox, false);
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/js/prototype.js b/dogtag/tps-ui/shared/docroot/esc/sow/js/prototype.js
new file mode 100755
index 000000000..e9ccd3c88
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/js/prototype.js
@@ -0,0 +1,1785 @@
+/*  Prototype JavaScript framework, version 1.4.0
+ *  (c) 2005 Sam Stephenson <sam@conio.net>
+ *
+ *  THIS FILE IS AUTOMATICALLY GENERATED. When sending patches, please diff
+ *  against the source tree, available from the Prototype darcs repository.
+ *
+ *  Prototype is freely distributable under the terms of an MIT-style license.
+ *
+ *  For details, see the Prototype web site: http://prototype.conio.net/
+ *
+/*--------------------------------------------------------------------------*/
+
+var Prototype = {
+  Version: '1.4.0',
+  ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)',
+
+  emptyFunction: function() {},
+  K: function(x) {return x}
+}
+
+var Class = {
+  create: function() {
+    return function() {
+      this.initialize.apply(this, arguments);
+    }
+  }
+}
+
+var Abstract = new Object();
+
+Object.extend = function(destination, source) {
+  for (property in source) {
+    destination[property] = source[property];
+  }
+  return destination;
+}
+
+Object.inspect = function(object) {
+  try {
+    if (object == undefined) return 'undefined';
+    if (object == null) return 'null';
+    return object.inspect ? object.inspect() : object.toString();
+  } catch (e) {
+    if (e instanceof RangeError) return '...';
+    throw e;
+  }
+}
+
+Function.prototype.bind = function() {
+  var __method = this, args = $A(arguments), object = args.shift();
+  return function() {
+    return __method.apply(object, args.concat($A(arguments)));
+  }
+}
+
+Function.prototype.bindAsEventListener = function(object) {
+  var __method = this;
+  return function(event) {
+    return __method.call(object, event || window.event);
+  }
+}
+
+Object.extend(Number.prototype, {
+  toColorPart: function() {
+    var digits = this.toString(16);
+    if (this < 16) return '0' + digits;
+    return digits;
+  },
+
+  succ: function() {
+    return this + 1;
+  },
+
+  times: function(iterator) {
+    $R(0, this, true).each(iterator);
+    return this;
+  }
+});
+
+var Try = {
+  these: function() {
+    var returnValue;
+
+    for (var i = 0; i < arguments.length; i++) {
+      var lambda = arguments[i];
+      try {
+        returnValue = lambda();
+        break;
+      } catch (e) {}
+    }
+
+    return returnValue;
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+var PeriodicalExecuter = Class.create();
+PeriodicalExecuter.prototype = {
+  initialize: function(callback, frequency) {
+    this.callback = callback;
+    this.frequency = frequency;
+    this.currentlyExecuting = false;
+
+    this.registerCallback();
+  },
+
+  registerCallback: function() {
+    setInterval(this.onTimerEvent.bind(this), this.frequency * 1000);
+  },
+
+  onTimerEvent: function() {
+    if (!this.currentlyExecuting) {
+      try {
+        this.currentlyExecuting = true;
+        this.callback();
+      } finally {
+        this.currentlyExecuting = false;
+      }
+    }
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+function $() {
+  var elements = new Array();
+
+  for (var i = 0; i < arguments.length; i++) {
+    var element = arguments[i];
+    if (typeof element == 'string')
+      element = document.getElementById(element);
+
+    if (arguments.length == 1)
+      return element;
+
+    elements.push(element);
+  }
+
+  return elements;
+}
+Object.extend(String.prototype, {
+  stripTags: function() {
+    return this.replace(/<\/?[^>]+>/gi, '');
+  },
+
+  stripScripts: function() {
+    return this.replace(new RegExp(Prototype.ScriptFragment, 'img'), '');
+  },
+
+  extractScripts: function() {
+    var matchAll = new RegExp(Prototype.ScriptFragment, 'img');
+    var matchOne = new RegExp(Prototype.ScriptFragment, 'im');
+    return (this.match(matchAll) || []).map(function(scriptTag) {
+      return (scriptTag.match(matchOne) || ['', ''])[1];
+    });
+  },
+
+  evalScripts: function() {
+    return this.extractScripts().map(eval);
+  },
+
+  escapeHTML: function() {
+    var div = document.createElement('div');
+    var text = document.createTextNode(this);
+    div.appendChild(text);
+    return div.innerHTML;
+  },
+
+  unescapeHTML: function() {
+    var div = document.createElement('div');
+    div.innerHTML = this.stripTags();
+    return div.childNodes[0] ? div.childNodes[0].nodeValue : '';
+  },
+
+  toQueryParams: function() {
+    var pairs = this.match(/^\??(.*)$/)[1].split('&');
+    return pairs.inject({}, function(params, pairString) {
+      var pair = pairString.split('=');
+      params[pair[0]] = pair[1];
+      return params;
+    });
+  },
+
+  toArray: function() {
+    return this.split('');
+  },
+
+  camelize: function() {
+    var oStringList = this.split('-');
+    if (oStringList.length == 1) return oStringList[0];
+
+    var camelizedString = this.indexOf('-') == 0
+      ? oStringList[0].charAt(0).toUpperCase() + oStringList[0].substring(1)
+      : oStringList[0];
+
+    for (var i = 1, len = oStringList.length; i < len; i++) {
+      var s = oStringList[i];
+      camelizedString += s.charAt(0).toUpperCase() + s.substring(1);
+    }
+
+    return camelizedString;
+  },
+
+  inspect: function() {
+    return "'" + this.replace('\\', '\\\\').replace("'", '\\\'') + "'";
+  }
+});
+
+String.prototype.parseQuery = String.prototype.toQueryParams;
+
+var $break    = new Object();
+var $continue = new Object();
+
+var Enumerable = {
+  each: function(iterator) {
+    var index = 0;
+    try {
+      this._each(function(value) {
+        try {
+          iterator(value, index++);
+        } catch (e) {
+          if (e != $continue) throw e;
+        }
+      });
+    } catch (e) {
+      if (e != $break) throw e;
+    }
+  },
+
+  all: function(iterator) {
+    var result = true;
+    this.each(function(value, index) {
+      result = result && !!(iterator || Prototype.K)(value, index);
+      if (!result) throw $break;
+    });
+    return result;
+  },
+
+  any: function(iterator) {
+    var result = true;
+    this.each(function(value, index) {
+      if (result = !!(iterator || Prototype.K)(value, index))
+        throw $break;
+    });
+    return result;
+  },
+
+  collect: function(iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      results.push(iterator(value, index));
+    });
+    return results;
+  },
+
+  detect: function (iterator) {
+    var result;
+    this.each(function(value, index) {
+      if (iterator(value, index)) {
+        result = value;
+        throw $break;
+      }
+    });
+    return result;
+  },
+
+  findAll: function(iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      if (iterator(value, index))
+        results.push(value);
+    });
+    return results;
+  },
+
+  grep: function(pattern, iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      var stringValue = value.toString();
+      if (stringValue.match(pattern))
+        results.push((iterator || Prototype.K)(value, index));
+    })
+    return results;
+  },
+
+  include: function(object) {
+    var found = false;
+    this.each(function(value) {
+      if (value == object) {
+        found = true;
+        throw $break;
+      }
+    });
+    return found;
+  },
+
+  inject: function(memo, iterator) {
+    this.each(function(value, index) {
+      memo = iterator(memo, value, index);
+    });
+    return memo;
+  },
+
+  invoke: function(method) {
+    var args = $A(arguments).slice(1);
+    return this.collect(function(value) {
+      return value[method].apply(value, args);
+    });
+  },
+
+  max: function(iterator) {
+    var result;
+    this.each(function(value, index) {
+      value = (iterator || Prototype.K)(value, index);
+      if (value >= (result || value))
+        result = value;
+    });
+    return result;
+  },
+
+  min: function(iterator) {
+    var result;
+    this.each(function(value, index) {
+      value = (iterator || Prototype.K)(value, index);
+      if (value <= (result || value))
+        result = value;
+    });
+    return result;
+  },
+
+  partition: function(iterator) {
+    var trues = [], falses = [];
+    this.each(function(value, index) {
+      ((iterator || Prototype.K)(value, index) ?
+        trues : falses).push(value);
+    });
+    return [trues, falses];
+  },
+
+  pluck: function(property) {
+    var results = [];
+    this.each(function(value, index) {
+      results.push(value[property]);
+    });
+    return results;
+  },
+
+  reject: function(iterator) {
+    var results = [];
+    this.each(function(value, index) {
+      if (!iterator(value, index))
+        results.push(value);
+    });
+    return results;
+  },
+
+  sortBy: function(iterator) {
+    return this.collect(function(value, index) {
+      return {value: value, criteria: iterator(value, index)};
+    }).sort(function(left, right) {
+      var a = left.criteria, b = right.criteria;
+      return a < b ? -1 : a > b ? 1 : 0;
+    }).pluck('value');
+  },
+
+  toArray: function() {
+    return this.collect(Prototype.K);
+  },
+
+  zip: function() {
+    var iterator = Prototype.K, args = $A(arguments);
+    if (typeof args.last() == 'function')
+      iterator = args.pop();
+
+    var collections = [this].concat(args).map($A);
+    return this.map(function(value, index) {
+      iterator(value = collections.pluck(index));
+      return value;
+    });
+  },
+
+  inspect: function() {
+    return '#<Enumerable:' + this.toArray().inspect() + '>';
+  }
+}
+
+Object.extend(Enumerable, {
+  map:     Enumerable.collect,
+  find:    Enumerable.detect,
+  select:  Enumerable.findAll,
+  member:  Enumerable.include,
+  entries: Enumerable.toArray
+});
+var $A = Array.from = function(iterable) {
+  if (!iterable) return [];
+  if (iterable.toArray) {
+    return iterable.toArray();
+  } else {
+    var results = [];
+    for (var i = 0; i < iterable.length; i++)
+      results.push(iterable[i]);
+    return results;
+  }
+}
+
+Object.extend(Array.prototype, Enumerable);
+
+Array.prototype._reverse = Array.prototype.reverse;
+
+Object.extend(Array.prototype, {
+  _each: function(iterator) {
+    for (var i = 0; i < this.length; i++)
+      iterator(this[i]);
+  },
+
+  clear: function() {
+    this.length = 0;
+    return this;
+  },
+
+  first: function() {
+    return this[0];
+  },
+
+  last: function() {
+    return this[this.length - 1];
+  },
+
+  compact: function() {
+    return this.select(function(value) {
+      return value != undefined || value != null;
+    });
+  },
+
+  flatten: function() {
+    return this.inject([], function(array, value) {
+      return array.concat(value.constructor == Array ?
+        value.flatten() : [value]);
+    });
+  },
+
+  without: function() {
+    var values = $A(arguments);
+    return this.select(function(value) {
+      return !values.include(value);
+    });
+  },
+
+  indexOf: function(object) {
+    for (var i = 0; i < this.length; i++)
+      if (this[i] == object) return i;
+    return -1;
+  },
+
+  reverse: function(inline) {
+    return (inline !== false ? this : this.toArray())._reverse();
+  },
+
+  shift: function() {
+    var result = this[0];
+    for (var i = 0; i < this.length - 1; i++)
+      this[i] = this[i + 1];
+    this.length--;
+    return result;
+  },
+
+  inspect: function() {
+    return '[' + this.map(Object.inspect).join(', ') + ']';
+  }
+});
+var Hash = {
+  _each: function(iterator) {
+    for (key in this) {
+      var value = this[key];
+      if (typeof value == 'function') continue;
+
+      var pair = [key, value];
+      pair.key = key;
+      pair.value = value;
+      iterator(pair);
+    }
+  },
+
+  keys: function() {
+    return this.pluck('key');
+  },
+
+  values: function() {
+    return this.pluck('value');
+  },
+
+  merge: function(hash) {
+    return $H(hash).inject($H(this), function(mergedHash, pair) {
+      mergedHash[pair.key] = pair.value;
+      return mergedHash;
+    });
+  },
+
+  toQueryString: function() {
+    return this.map(function(pair) {
+      return pair.map(encodeURIComponent).join('=');
+    }).join('&');
+  },
+
+  inspect: function() {
+    return '#<Hash:{' + this.map(function(pair) {
+      return pair.map(Object.inspect).join(': ');
+    }).join(', ') + '}>';
+  }
+}
+
+function $H(object) {
+  var hash = Object.extend({}, object || {});
+  Object.extend(hash, Enumerable);
+  Object.extend(hash, Hash);
+  return hash;
+}
+ObjectRange = Class.create();
+Object.extend(ObjectRange.prototype, Enumerable);
+Object.extend(ObjectRange.prototype, {
+  initialize: function(start, end, exclusive) {
+    this.start = start;
+    this.end = end;
+    this.exclusive = exclusive;
+  },
+
+  _each: function(iterator) {
+    var value = this.start;
+    do {
+      iterator(value);
+      value = value.succ();
+    } while (this.include(value));
+  },
+
+  include: function(value) {
+    if (value < this.start)
+      return false;
+    if (this.exclusive)
+      return value < this.end;
+    return value <= this.end;
+  }
+});
+
+var $R = function(start, end, exclusive) {
+  return new ObjectRange(start, end, exclusive);
+}
+
+var Ajax = {
+  getTransport: function() {
+    return Try.these(
+      function() {return new ActiveXObject('Msxml2.XMLHTTP')},
+      function() {return new ActiveXObject('Microsoft.XMLHTTP')},
+      function() {return new XMLHttpRequest()}
+    ) || false;
+  },
+
+  activeRequestCount: 0
+}
+
+Ajax.Responders = {
+  responders: [],
+
+  _each: function(iterator) {
+    this.responders._each(iterator);
+  },
+
+  register: function(responderToAdd) {
+    if (!this.include(responderToAdd))
+      this.responders.push(responderToAdd);
+  },
+
+  unregister: function(responderToRemove) {
+    this.responders = this.responders.without(responderToRemove);
+  },
+
+  dispatch: function(callback, request, transport, json) {
+    this.each(function(responder) {
+      if (responder[callback] && typeof responder[callback] == 'function') {
+        try {
+          responder[callback].apply(responder, [request, transport, json]);
+        } catch (e) {}
+      }
+    });
+  }
+};
+
+Object.extend(Ajax.Responders, Enumerable);
+
+Ajax.Responders.register({
+  onCreate: function() {
+    Ajax.activeRequestCount++;
+  },
+
+  onComplete: function() {
+    Ajax.activeRequestCount--;
+  }
+});
+
+Ajax.Base = function() {};
+Ajax.Base.prototype = {
+  setOptions: function(options) {
+    this.options = {
+      method:       'post',
+      asynchronous: true,
+      parameters:   ''
+    }
+    Object.extend(this.options, options || {});
+  },
+
+  responseIsSuccess: function() {
+    return this.transport.status == undefined
+        || this.transport.status == 0
+        || (this.transport.status >= 200 && this.transport.status < 300);
+  },
+
+  responseIsFailure: function() {
+    return !this.responseIsSuccess();
+  }
+}
+
+Ajax.Request = Class.create();
+Ajax.Request.Events =
+  ['Uninitialized', 'Loading', 'Loaded', 'Interactive', 'Complete'];
+
+Ajax.Request.prototype = Object.extend(new Ajax.Base(), {
+  initialize: function(url, options) {
+    this.transport = Ajax.getTransport();
+    this.setOptions(options);
+    this.request(url);
+  },
+
+  request: function(url) {
+    var parameters = this.options.parameters || '';
+    if (parameters.length > 0) parameters += '&_=';
+
+    try {
+      this.url = url;
+      if (this.options.method == 'get' && parameters.length > 0)
+        this.url += (this.url.match(/\?/) ? '&' : '?') + parameters;
+
+      Ajax.Responders.dispatch('onCreate', this, this.transport);
+
+      this.transport.open(this.options.method, this.url,
+        this.options.asynchronous);
+
+      if (this.options.asynchronous) {
+        this.transport.onreadystatechange = this.onStateChange.bind(this);
+        setTimeout((function() {this.respondToReadyState(1)}).bind(this), 10);
+      }
+
+      this.setRequestHeaders();
+
+      var body = this.options.postBody ? this.options.postBody : parameters;
+      this.transport.send(this.options.method == 'post' ? body : null);
+
+    } catch (e) {
+      this.dispatchException(e);
+    }
+  },
+
+  setRequestHeaders: function() {
+    var requestHeaders =
+      ['X-Requested-With', 'XMLHttpRequest',
+       'X-Prototype-Version', Prototype.Version];
+
+    if (this.options.method == 'post') {
+      requestHeaders.push('Content-type',
+        'application/x-www-form-urlencoded');
+
+      /* Force "Connection: close" for Mozilla browsers to work around
+       * a bug where XMLHttpReqeuest sends an incorrect Content-length
+       * header. See Mozilla Bugzilla #246651.
+       */
+      if (this.transport.overrideMimeType)
+        requestHeaders.push('Connection', 'close');
+    }
+
+    if (this.options.requestHeaders)
+      requestHeaders.push.apply(requestHeaders, this.options.requestHeaders);
+
+    for (var i = 0; i < requestHeaders.length; i += 2)
+      this.transport.setRequestHeader(requestHeaders[i], requestHeaders[i+1]);
+  },
+
+  onStateChange: function() {
+    var readyState = this.transport.readyState;
+    if (readyState != 1)
+      this.respondToReadyState(this.transport.readyState);
+  },
+
+  header: function(name) {
+    try {
+      return this.transport.getResponseHeader(name);
+    } catch (e) {}
+  },
+
+  evalJSON: function() {
+    try {
+      return eval(this.header('X-JSON'));
+    } catch (e) {}
+  },
+
+  evalResponse: function() {
+    try {
+      return eval(this.transport.responseText);
+    } catch (e) {
+      this.dispatchException(e);
+    }
+  },
+
+  respondToReadyState: function(readyState) {
+    var event = Ajax.Request.Events[readyState];
+    var transport = this.transport, json = this.evalJSON();
+
+    if (event == 'Complete') {
+      try {
+        (this.options['on' + this.transport.status]
+         || this.options['on' + (this.responseIsSuccess() ? 'Success' : 'Failure')]
+         || Prototype.emptyFunction)(transport, json);
+      } catch (e) {
+        this.dispatchException(e);
+      }
+
+      if ((this.header('Content-type') || '').match(/^text\/javascript/i))
+        this.evalResponse();
+    }
+
+    try {
+      (this.options['on' + event] || Prototype.emptyFunction)(transport, json);
+      Ajax.Responders.dispatch('on' + event, this, transport, json);
+    } catch (e) {
+      this.dispatchException(e);
+    }
+
+    /* Avoid memory leak in MSIE: clean up the oncomplete event handler */
+    if (event == 'Complete')
+      this.transport.onreadystatechange = Prototype.emptyFunction;
+  },
+
+  dispatchException: function(exception) {
+    (this.options.onException || Prototype.emptyFunction)(this, exception);
+    Ajax.Responders.dispatch('onException', this, exception);
+  }
+});
+
+Ajax.Updater = Class.create();
+
+Object.extend(Object.extend(Ajax.Updater.prototype, Ajax.Request.prototype), {
+  initialize: function(container, url, options) {
+    this.containers = {
+      success: container.success ? $(container.success) : $(container),
+      failure: container.failure ? $(container.failure) :
+        (container.success ? null : $(container))
+    }
+
+    this.transport = Ajax.getTransport();
+    this.setOptions(options);
+
+    var onComplete = this.options.onComplete || Prototype.emptyFunction;
+    this.options.onComplete = (function(transport, object) {
+      this.updateContent();
+      onComplete(transport, object);
+    }).bind(this);
+
+    this.request(url);
+  },
+
+  updateContent: function() {
+    var receiver = this.responseIsSuccess() ?
+      this.containers.success : this.containers.failure;
+    var response = this.transport.responseText;
+
+    if (!this.options.evalScripts)
+      response = response.stripScripts();
+
+    if (receiver) {
+      if (this.options.insertion) {
+        new this.options.insertion(receiver, response);
+      } else {
+        Element.update(receiver, response);
+      }
+    }
+
+    if (this.responseIsSuccess()) {
+      if (this.onComplete)
+        setTimeout(this.onComplete.bind(this), 10);
+    }
+  }
+});
+
+Ajax.PeriodicalUpdater = Class.create();
+Ajax.PeriodicalUpdater.prototype = Object.extend(new Ajax.Base(), {
+  initialize: function(container, url, options) {
+    this.setOptions(options);
+    this.onComplete = this.options.onComplete;
+
+    this.frequency = (this.options.frequency || 2);
+    this.decay = (this.options.decay || 1);
+
+    this.updater = {};
+    this.container = container;
+    this.url = url;
+
+    this.start();
+  },
+
+  start: function() {
+    this.options.onComplete = this.updateComplete.bind(this);
+    this.onTimerEvent();
+  },
+
+  stop: function() {
+    this.updater.onComplete = undefined;
+    clearTimeout(this.timer);
+    (this.onComplete || Prototype.emptyFunction).apply(this, arguments);
+  },
+
+  updateComplete: function(request) {
+    if (this.options.decay) {
+      this.decay = (request.responseText == this.lastText ?
+        this.decay * this.options.decay : 1);
+
+      this.lastText = request.responseText;
+    }
+    this.timer = setTimeout(this.onTimerEvent.bind(this),
+      this.decay * this.frequency * 1000);
+  },
+
+  onTimerEvent: function() {
+    this.updater = new Ajax.Updater(this.container, this.url, this.options);
+  }
+});
+document.getElementsByClassName = function(className, parentElement) {
+  var children = ($(parentElement) || document.body).getElementsByTagName('*');
+  return $A(children).inject([], function(elements, child) {
+    if (child.className.match(new RegExp("(^|\\s)" + className + "(\\s|$)")))
+      elements.push(child);
+    return elements;
+  });
+}
+
+/*--------------------------------------------------------------------------*/
+
+if (!window.Element) {
+  var Element = new Object();
+}
+
+Object.extend(Element, {
+  visible: function(element) {
+    return $(element).style.display != 'none';
+  },
+
+  toggle: function() {
+    for (var i = 0; i < arguments.length; i++) {
+      var element = $(arguments[i]);
+      Element[Element.visible(element) ? 'hide' : 'show'](element);
+    }
+  },
+
+  hide: function() {
+    for (var i = 0; i < arguments.length; i++) {
+      var element = $(arguments[i]);
+      element.style.display = 'none';
+    }
+  },
+
+  show: function() {
+    for (var i = 0; i < arguments.length; i++) {
+      var element = $(arguments[i]);
+      element.style.display = '';
+    }
+  },
+
+  remove: function(element) {
+    element = $(element);
+    element.parentNode.removeChild(element);
+  },
+
+  update: function(element, html) {
+    $(element).innerHTML = html.stripScripts();
+    setTimeout(function() {html.evalScripts()}, 10);
+  },
+
+  getHeight: function(element) {
+    element = $(element);
+    return element.offsetHeight;
+  },
+
+  classNames: function(element) {
+    return new Element.ClassNames(element);
+  },
+
+  hasClassName: function(element, className) {
+    if (!(element = $(element))) return;
+    return Element.classNames(element).include(className);
+  },
+
+  addClassName: function(element, className) {
+    if (!(element = $(element))) return;
+    return Element.classNames(element).add(className);
+  },
+
+  removeClassName: function(element, className) {
+    if (!(element = $(element))) return;
+    return Element.classNames(element).remove(className);
+  },
+
+  // removes whitespace-only text node children
+  cleanWhitespace: function(element) {
+    element = $(element);
+    for (var i = 0; i < element.childNodes.length; i++) {
+      var node = element.childNodes[i];
+      if (node.nodeType == 3 && !/\S/.test(node.nodeValue))
+        Element.remove(node);
+    }
+  },
+
+  empty: function(element) {
+    return $(element).innerHTML.match(/^\s*$/);
+  },
+
+  scrollTo: function(element) {
+    element = $(element);
+    var x = element.x ? element.x : element.offsetLeft,
+        y = element.y ? element.y : element.offsetTop;
+    window.scrollTo(x, y);
+  },
+
+  getStyle: function(element, style) {
+    element = $(element);
+    var value = element.style[style.camelize()];
+    if (!value) {
+      if (document.defaultView && document.defaultView.getComputedStyle) {
+        var css = document.defaultView.getComputedStyle(element, null);
+        value = css ? css.getPropertyValue(style) : null;
+      } else if (element.currentStyle) {
+        value = element.currentStyle[style.camelize()];
+      }
+    }
+
+    if (window.opera && ['left', 'top', 'right', 'bottom'].include(style))
+      if (Element.getStyle(element, 'position') == 'static') value = 'auto';
+
+    return value == 'auto' ? null : value;
+  },
+
+  setStyle: function(element, style) {
+    element = $(element);
+    for (name in style)
+      element.style[name.camelize()] = style[name];
+  },
+
+  getDimensions: function(element) {
+    element = $(element);
+    if (Element.getStyle(element, 'display') != 'none')
+      return {width: element.offsetWidth, height: element.offsetHeight};
+
+    // All *Width and *Height properties give 0 on elements with display none,
+    // so enable the element temporarily
+    var els = element.style;
+    var originalVisibility = els.visibility;
+    var originalPosition = els.position;
+    els.visibility = 'hidden';
+    els.position = 'absolute';
+    els.display = '';
+    var originalWidth = element.clientWidth;
+    var originalHeight = element.clientHeight;
+    els.display = 'none';
+    els.position = originalPosition;
+    els.visibility = originalVisibility;
+    return {width: originalWidth, height: originalHeight};
+  },
+
+  makePositioned: function(element) {
+    element = $(element);
+    var pos = Element.getStyle(element, 'position');
+    if (pos == 'static' || !pos) {
+      element._madePositioned = true;
+      element.style.position = 'relative';
+      // Opera returns the offset relative to the positioning context, when an
+      // element is position relative but top and left have not been defined
+      if (window.opera) {
+        element.style.top = 0;
+        element.style.left = 0;
+      }
+    }
+  },
+
+  undoPositioned: function(element) {
+    element = $(element);
+    if (element._madePositioned) {
+      element._madePositioned = undefined;
+      element.style.position =
+        element.style.top =
+        element.style.left =
+        element.style.bottom =
+        element.style.right = '';
+    }
+  },
+
+  makeClipping: function(element) {
+    element = $(element);
+    if (element._overflow) return;
+    element._overflow = element.style.overflow;
+    if ((Element.getStyle(element, 'overflow') || 'visible') != 'hidden')
+      element.style.overflow = 'hidden';
+  },
+
+  undoClipping: function(element) {
+    element = $(element);
+    if (element._overflow) return;
+    element.style.overflow = element._overflow;
+    element._overflow = undefined;
+  }
+});
+
+var Toggle = new Object();
+Toggle.display = Element.toggle;
+
+/*--------------------------------------------------------------------------*/
+
+Abstract.Insertion = function(adjacency) {
+  this.adjacency = adjacency;
+}
+
+Abstract.Insertion.prototype = {
+  initialize: function(element, content) {
+    this.element = $(element);
+    this.content = content.stripScripts();
+
+    if (this.adjacency && this.element.insertAdjacentHTML) {
+      try {
+        this.element.insertAdjacentHTML(this.adjacency, this.content);
+      } catch (e) {
+        if (this.element.tagName.toLowerCase() == 'tbody') {
+          this.insertContent(this.contentFromAnonymousTable());
+        } else {
+          throw e;
+        }
+      }
+    } else {
+      this.range = this.element.ownerDocument.createRange();
+      if (this.initializeRange) this.initializeRange();
+      this.insertContent([this.range.createContextualFragment(this.content)]);
+    }
+
+    setTimeout(function() {content.evalScripts()}, 10);
+  },
+
+  contentFromAnonymousTable: function() {
+    var div = document.createElement('div');
+    div.innerHTML = '<table><tbody>' + this.content + '</tbody></table>';
+    return $A(div.childNodes[0].childNodes[0].childNodes);
+  }
+}
+
+var Insertion = new Object();
+
+Insertion.Before = Class.create();
+Insertion.Before.prototype = Object.extend(new Abstract.Insertion('beforeBegin'), {
+  initializeRange: function() {
+    this.range.setStartBefore(this.element);
+  },
+
+  insertContent: function(fragments) {
+    fragments.each((function(fragment) {
+      this.element.parentNode.insertBefore(fragment, this.element);
+    }).bind(this));
+  }
+});
+
+Insertion.Top = Class.create();
+Insertion.Top.prototype = Object.extend(new Abstract.Insertion('afterBegin'), {
+  initializeRange: function() {
+    this.range.selectNodeContents(this.element);
+    this.range.collapse(true);
+  },
+
+  insertContent: function(fragments) {
+    fragments.reverse(false).each((function(fragment) {
+      this.element.insertBefore(fragment, this.element.firstChild);
+    }).bind(this));
+  }
+});
+
+Insertion.Bottom = Class.create();
+Insertion.Bottom.prototype = Object.extend(new Abstract.Insertion('beforeEnd'), {
+  initializeRange: function() {
+    this.range.selectNodeContents(this.element);
+    this.range.collapse(this.element);
+  },
+
+  insertContent: function(fragments) {
+    fragments.each((function(fragment) {
+      this.element.appendChild(fragment);
+    }).bind(this));
+  }
+});
+
+Insertion.After = Class.create();
+Insertion.After.prototype = Object.extend(new Abstract.Insertion('afterEnd'), {
+  initializeRange: function() {
+    this.range.setStartAfter(this.element);
+  },
+
+  insertContent: function(fragments) {
+    fragments.each((function(fragment) {
+      this.element.parentNode.insertBefore(fragment,
+        this.element.nextSibling);
+    }).bind(this));
+  }
+});
+
+/*--------------------------------------------------------------------------*/
+
+Element.ClassNames = Class.create();
+Element.ClassNames.prototype = {
+  initialize: function(element) {
+    this.element = $(element);
+  },
+
+  _each: function(iterator) {
+    this.element.className.split(/\s+/).select(function(name) {
+      return name.length > 0;
+    })._each(iterator);
+  },
+
+  set: function(className) {
+    this.element.className = className;
+  },
+
+  add: function(classNameToAdd) {
+    if (this.include(classNameToAdd)) return;
+    this.set(this.toArray().concat(classNameToAdd).join(' '));
+  },
+
+  remove: function(classNameToRemove) {
+    if (!this.include(classNameToRemove)) return;
+    this.set(this.select(function(className) {
+      return className != classNameToRemove;
+    }).join(' '));
+  },
+
+  toString: function() {
+    return this.toArray().join(' ');
+  }
+}
+
+Object.extend(Element.ClassNames.prototype, Enumerable);
+var Field = {
+  clear: function() {
+    for (var i = 0; i < arguments.length; i++)
+      $(arguments[i]).value = '';
+  },
+
+  focus: function(element) {
+    $(element).focus();
+  },
+
+  present: function() {
+    for (var i = 0; i < arguments.length; i++)
+      if ($(arguments[i]).value == '') return false;
+    return true;
+  },
+
+  select: function(element) {
+    $(element).select();
+  },
+
+  activate: function(element) {
+    element = $(element);
+    element.focus();
+    if (element.select)
+      element.select();
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+var Form = {
+  serialize: function(form) {
+    var elements = Form.getElements($(form));
+    var queryComponents = new Array();
+
+    for (var i = 0; i < elements.length; i++) {
+      var queryComponent = Form.Element.serialize(elements[i]);
+      if (queryComponent)
+        queryComponents.push(queryComponent);
+    }
+
+    return queryComponents.join('&');
+  },
+
+  getElements: function(form) {
+    form = $(form);
+    var elements = new Array();
+
+    for (tagName in Form.Element.Serializers) {
+      var tagElements = form.getElementsByTagName(tagName);
+      for (var j = 0; j < tagElements.length; j++)
+        elements.push(tagElements[j]);
+    }
+    return elements;
+  },
+
+  getInputs: function(form, typeName, name) {
+    form = $(form);
+    var inputs = form.getElementsByTagName('input');
+
+    if (!typeName && !name)
+      return inputs;
+
+    var matchingInputs = new Array();
+    for (var i = 0; i < inputs.length; i++) {
+      var input = inputs[i];
+      if ((typeName && input.type != typeName) ||
+          (name && input.name != name))
+        continue;
+      matchingInputs.push(input);
+    }
+
+    return matchingInputs;
+  },
+
+  disable: function(form) {
+    var elements = Form.getElements(form);
+    for (var i = 0; i < elements.length; i++) {
+      var element = elements[i];
+      element.blur();
+      element.disabled = 'true';
+    }
+  },
+
+  enable: function(form) {
+    var elements = Form.getElements(form);
+    for (var i = 0; i < elements.length; i++) {
+      var element = elements[i];
+      element.disabled = '';
+    }
+  },
+
+  findFirstElement: function(form) {
+    return Form.getElements(form).find(function(element) {
+      return element.type != 'hidden' && !element.disabled &&
+        ['input', 'select', 'textarea'].include(element.tagName.toLowerCase());
+    });
+  },
+
+  focusFirstElement: function(form) {
+    Field.activate(Form.findFirstElement(form));
+  },
+
+  reset: function(form) {
+    $(form).reset();
+  }
+}
+
+Form.Element = {
+  serialize: function(element) {
+    element = $(element);
+    var method = element.tagName.toLowerCase();
+    var parameter = Form.Element.Serializers[method](element);
+
+    if (parameter) {
+      var key = encodeURIComponent(parameter[0]);
+      if (key.length == 0) return;
+
+      if (parameter[1].constructor != Array)
+        parameter[1] = [parameter[1]];
+
+      return parameter[1].map(function(value) {
+        return key + '=' + encodeURIComponent(value);
+      }).join('&');
+    }
+  },
+
+  getValue: function(element) {
+    element = $(element);
+    var method = element.tagName.toLowerCase();
+    var parameter = Form.Element.Serializers[method](element);
+
+    if (parameter)
+      return parameter[1];
+  }
+}
+
+Form.Element.Serializers = {
+  input: function(element) {
+    switch (element.type.toLowerCase()) {
+      case 'submit':
+      case 'hidden':
+      case 'password':
+      case 'text':
+        return Form.Element.Serializers.textarea(element);
+      case 'checkbox':
+      case 'radio':
+        return Form.Element.Serializers.inputSelector(element);
+    }
+    return false;
+  },
+
+  inputSelector: function(element) {
+    if (element.checked)
+      return [element.name, element.value];
+  },
+
+  textarea: function(element) {
+    return [element.name, element.value];
+  },
+
+  select: function(element) {
+    return Form.Element.Serializers[element.type == 'select-one' ?
+      'selectOne' : 'selectMany'](element);
+  },
+
+  selectOne: function(element) {
+    var value = '', opt, index = element.selectedIndex;
+    if (index >= 0) {
+      opt = element.options[index];
+      value = opt.value;
+      if (!value && !('value' in opt))
+        value = opt.text;
+    }
+    return [element.name, value];
+  },
+
+  selectMany: function(element) {
+    var value = new Array();
+    for (var i = 0; i < element.length; i++) {
+      var opt = element.options[i];
+      if (opt.selected) {
+        var optValue = opt.value;
+        if (!optValue && !('value' in opt))
+          optValue = opt.text;
+        value.push(optValue);
+      }
+    }
+    return [element.name, value];
+  }
+}
+
+/*--------------------------------------------------------------------------*/
+
+var $F = Form.Element.getValue;
+
+/*--------------------------------------------------------------------------*/
+
+Abstract.TimedObserver = function() {}
+Abstract.TimedObserver.prototype = {
+  initialize: function(element, frequency, callback) {
+    this.frequency = frequency;
+    this.element   = $(element);
+    this.callback  = callback;
+
+    this.lastValue = this.getValue();
+    this.registerCallback();
+  },
+
+  registerCallback: function() {
+    setInterval(this.onTimerEvent.bind(this), this.frequency * 1000);
+  },
+
+  onTimerEvent: function() {
+    var value = this.getValue();
+    if (this.lastValue != value) {
+      this.callback(this.element, value);
+      this.lastValue = value;
+    }
+  }
+}
+
+Form.Element.Observer = Class.create();
+Form.Element.Observer.prototype = Object.extend(new Abstract.TimedObserver(), {
+  getValue: function() {
+    return Form.Element.getValue(this.element);
+  }
+});
+
+Form.Observer = Class.create();
+Form.Observer.prototype = Object.extend(new Abstract.TimedObserver(), {
+  getValue: function() {
+    return Form.serialize(this.element);
+  }
+});
+
+/*--------------------------------------------------------------------------*/
+
+Abstract.EventObserver = function() {}
+Abstract.EventObserver.prototype = {
+  initialize: function(element, callback) {
+    this.element  = $(element);
+    this.callback = callback;
+
+    this.lastValue = this.getValue();
+    if (this.element.tagName.toLowerCase() == 'form')
+      this.registerFormCallbacks();
+    else
+      this.registerCallback(this.element);
+  },
+
+  onElementEvent: function() {
+    var value = this.getValue();
+    if (this.lastValue != value) {
+      this.callback(this.element, value);
+      this.lastValue = value;
+    }
+  },
+
+  registerFormCallbacks: function() {
+    var elements = Form.getElements(this.element);
+    for (var i = 0; i < elements.length; i++)
+      this.registerCallback(elements[i]);
+  },
+
+  registerCallback: function(element) {
+    if (element.type) {
+      switch (element.type.toLowerCase()) {
+        case 'checkbox':
+        case 'radio':
+          Event.observe(element, 'click', this.onElementEvent.bind(this));
+          break;
+        case 'password':
+        case 'text':
+        case 'textarea':
+        case 'select-one':
+        case 'select-multiple':
+          Event.observe(element, 'change', this.onElementEvent.bind(this));
+          break;
+      }
+    }
+  }
+}
+
+Form.Element.EventObserver = Class.create();
+Form.Element.EventObserver.prototype = Object.extend(new Abstract.EventObserver(), {
+  getValue: function() {
+    return Form.Element.getValue(this.element);
+  }
+});
+
+Form.EventObserver = Class.create();
+Form.EventObserver.prototype = Object.extend(new Abstract.EventObserver(), {
+  getValue: function() {
+    return Form.serialize(this.element);
+  }
+});
+if (!window.Event) {
+  var Event = new Object();
+}
+
+Object.extend(Event, {
+  KEY_BACKSPACE: 8,
+  KEY_TAB:       9,
+  KEY_RETURN:   13,
+  KEY_ESC:      27,
+  KEY_LEFT:     37,
+  KEY_UP:       38,
+  KEY_RIGHT:    39,
+  KEY_DOWN:     40,
+  KEY_DELETE:   46,
+
+  element: function(event) {
+    return event.target || event.srcElement;
+  },
+
+  isLeftClick: function(event) {
+    return (((event.which) && (event.which == 1)) ||
+            ((event.button) && (event.button == 1)));
+  },
+
+  pointerX: function(event) {
+    return event.pageX || (event.clientX +
+      (document.documentElement.scrollLeft || document.body.scrollLeft));
+  },
+
+  pointerY: function(event) {
+    return event.pageY || (event.clientY +
+      (document.documentElement.scrollTop || document.body.scrollTop));
+  },
+
+  stop: function(event) {
+    if (event.preventDefault) {
+      event.preventDefault();
+      event.stopPropagation();
+    } else {
+      event.returnValue = false;
+      event.cancelBubble = true;
+    }
+  },
+
+  // find the first node with the given tagName, starting from the
+  // node the event was triggered on; traverses the DOM upwards
+  findElement: function(event, tagName) {
+    var element = Event.element(event);
+    while (element.parentNode && (!element.tagName ||
+        (element.tagName.toUpperCase() != tagName.toUpperCase())))
+      element = element.parentNode;
+    return element;
+  },
+
+  observers: false,
+
+  _observeAndCache: function(element, name, observer, useCapture) {
+    if (!this.observers) this.observers = [];
+    if (element.addEventListener) {
+      this.observers.push([element, name, observer, useCapture]);
+      element.addEventListener(name, observer, useCapture);
+    } else if (element.attachEvent) {
+      this.observers.push([element, name, observer, useCapture]);
+      element.attachEvent('on' + name, observer);
+    }
+  },
+
+  unloadCache: function() {
+    if (!Event.observers) return;
+    for (var i = 0; i < Event.observers.length; i++) {
+      Event.stopObserving.apply(this, Event.observers[i]);
+      Event.observers[i][0] = null;
+    }
+    Event.observers = false;
+  },
+
+  observe: function(element, name, observer, useCapture) {
+    var element = $(element);
+    useCapture = useCapture || false;
+
+    if (name == 'keypress' &&
+        (navigator.appVersion.match(/Konqueror|Safari|KHTML/)
+        || element.attachEvent))
+      name = 'keydown';
+
+    this._observeAndCache(element, name, observer, useCapture);
+  },
+
+  stopObserving: function(element, name, observer, useCapture) {
+    var element = $(element);
+    useCapture = useCapture || false;
+
+    if (name == 'keypress' &&
+        (navigator.appVersion.match(/Konqueror|Safari|KHTML/)
+        || element.detachEvent))
+      name = 'keydown';
+
+    if (element.removeEventListener) {
+      element.removeEventListener(name, observer, useCapture);
+    } else if (element.detachEvent) {
+      element.detachEvent('on' + name, observer);
+    }
+  }
+});
+
+/* prevent memory leaks in IE */
+Event.observe(window, 'unload', Event.unloadCache, false);
+var Position = {
+  // set to true if needed, warning: firefox performance problems
+  // NOT neeeded for page scrolling, only if draggable contained in
+  // scrollable elements
+  includeScrollOffsets: false,
+
+  // must be called before calling withinIncludingScrolloffset, every time the
+  // page is scrolled
+  prepare: function() {
+    this.deltaX =  window.pageXOffset
+                || document.documentElement.scrollLeft
+                || document.body.scrollLeft
+                || 0;
+    this.deltaY =  window.pageYOffset
+                || document.documentElement.scrollTop
+                || document.body.scrollTop
+                || 0;
+  },
+
+  realOffset: function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.scrollTop  || 0;
+      valueL += element.scrollLeft || 0;
+      element = element.parentNode;
+    } while (element);
+    return [valueL, valueT];
+  },
+
+  cumulativeOffset: function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+      element = element.offsetParent;
+    } while (element);
+    return [valueL, valueT];
+  },
+
+  positionedOffset: function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+      element = element.offsetParent;
+      if (element) {
+        p = Element.getStyle(element, 'position');
+        if (p == 'relative' || p == 'absolute') break;
+      }
+    } while (element);
+    return [valueL, valueT];
+  },
+
+  offsetParent: function(element) {
+    if (element.offsetParent) return element.offsetParent;
+    if (element == document.body) return element;
+
+    while ((element = element.parentNode) && element != document.body)
+      if (Element.getStyle(element, 'position') != 'static')
+        return element;
+
+    return document.body;
+  },
+
+  // caches x/y coordinate pair to use with overlap
+  within: function(element, x, y) {
+    if (this.includeScrollOffsets)
+      return this.withinIncludingScrolloffsets(element, x, y);
+    this.xcomp = x;
+    this.ycomp = y;
+    this.offset = this.cumulativeOffset(element);
+
+    return (y >= this.offset[1] &&
+            y <  this.offset[1] + element.offsetHeight &&
+            x >= this.offset[0] &&
+            x <  this.offset[0] + element.offsetWidth);
+  },
+
+  withinIncludingScrolloffsets: function(element, x, y) {
+    var offsetcache = this.realOffset(element);
+
+    this.xcomp = x + offsetcache[0] - this.deltaX;
+    this.ycomp = y + offsetcache[1] - this.deltaY;
+    this.offset = this.cumulativeOffset(element);
+
+    return (this.ycomp >= this.offset[1] &&
+            this.ycomp <  this.offset[1] + element.offsetHeight &&
+            this.xcomp >= this.offset[0] &&
+            this.xcomp <  this.offset[0] + element.offsetWidth);
+  },
+
+  // within must be called directly before
+  overlap: function(mode, element) {
+    if (!mode) return 0;
+    if (mode == 'vertical')
+      return ((this.offset[1] + element.offsetHeight) - this.ycomp) /
+        element.offsetHeight;
+    if (mode == 'horizontal')
+      return ((this.offset[0] + element.offsetWidth) - this.xcomp) /
+        element.offsetWidth;
+  },
+
+  clone: function(source, target) {
+    source = $(source);
+    target = $(target);
+    target.style.position = 'absolute';
+    var offsets = this.cumulativeOffset(source);
+    target.style.top    = offsets[1] + 'px';
+    target.style.left   = offsets[0] + 'px';
+    target.style.width  = source.offsetWidth + 'px';
+    target.style.height = source.offsetHeight + 'px';
+  },
+
+  page: function(forElement) {
+    var valueT = 0, valueL = 0;
+
+    var element = forElement;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+
+      // Safari fix
+      if (element.offsetParent==document.body)
+        if (Element.getStyle(element,'position')=='absolute') break;
+
+    } while (element = element.offsetParent);
+
+    element = forElement;
+    do {
+      valueT -= element.scrollTop  || 0;
+      valueL -= element.scrollLeft || 0;
+    } while (element = element.parentNode);
+
+    return [valueL, valueT];
+  },
+
+  clone: function(source, target) {
+    var options = Object.extend({
+      setLeft:    true,
+      setTop:     true,
+      setWidth:   true,
+      setHeight:  true,
+      offsetTop:  0,
+      offsetLeft: 0
+    }, arguments[2] || {})
+
+    // find page position of source
+    source = $(source);
+    var p = Position.page(source);
+
+    // find coordinate system to use
+    target = $(target);
+    var delta = [0, 0];
+    var parent = null;
+    // delta [0,0] will do fine with position: fixed elements,
+    // position:absolute needs offsetParent deltas
+    if (Element.getStyle(target,'position') == 'absolute') {
+      parent = Position.offsetParent(target);
+      delta = Position.page(parent);
+    }
+
+    // correct by body offsets (fixes Safari)
+    if (parent == document.body) {
+      delta[0] -= document.body.offsetLeft;
+      delta[1] -= document.body.offsetTop;
+    }
+
+    // set position
+    if(options.setLeft)   target.style.left  = (p[0] - delta[0] + options.offsetLeft) + 'px';
+    if(options.setTop)    target.style.top   = (p[1] - delta[1] + options.offsetTop) + 'px';
+    if(options.setWidth)  target.style.width = source.offsetWidth + 'px';
+    if(options.setHeight) target.style.height = source.offsetHeight + 'px';
+  },
+
+  absolutize: function(element) {
+    element = $(element);
+    if (element.style.position == 'absolute') return;
+    Position.prepare();
+
+    var offsets = Position.positionedOffset(element);
+    var top     = offsets[1];
+    var left    = offsets[0];
+    var width   = element.clientWidth;
+    var height  = element.clientHeight;
+
+    element._originalLeft   = left - parseFloat(element.style.left  || 0);
+    element._originalTop    = top  - parseFloat(element.style.top || 0);
+    element._originalWidth  = element.style.width;
+    element._originalHeight = element.style.height;
+
+    element.style.position = 'absolute';
+    element.style.top    = top + 'px';;
+    element.style.left   = left + 'px';;
+    element.style.width  = width + 'px';;
+    element.style.height = height + 'px';;
+  },
+
+  relativize: function(element) {
+    element = $(element);
+    if (element.style.position == 'relative') return;
+    Position.prepare();
+
+    element.style.position = 'relative';
+    var top  = parseFloat(element.style.top  || 0) - (element._originalTop || 0);
+    var left = parseFloat(element.style.left || 0) - (element._originalLeft || 0);
+
+    element.style.top    = top + 'px';
+    element.style.left   = left + 'px';
+    element.style.height = element._originalHeight;
+    element.style.width  = element._originalWidth;
+  }
+}
+
+// Safari returns margins on body which is incorrect if the child is absolutely
+// positioned.  For performance reasons, redefine Position.cumulativeOffset for
+// KHTML/WebKit only.
+if (/Konqueror|Safari|KHTML/.test(navigator.userAgent)) {
+  Position.cumulativeOffset = function(element) {
+    var valueT = 0, valueL = 0;
+    do {
+      valueT += element.offsetTop  || 0;
+      valueL += element.offsetLeft || 0;
+      if (element.offsetParent == document.body)
+        if (Element.getStyle(element, 'position') == 'absolute') break;
+
+      element = element.offsetParent;
+    } while (element);
+
+    return [valueL, valueT];
+  }
+}
+\ No newline at end of file
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/js/scriptaculous.js b/dogtag/tps-ui/shared/docroot/esc/sow/js/scriptaculous.js
new file mode 100755
index 000000000..dac1228fb
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/js/scriptaculous.js
@@ -0,0 +1,45 @@
+// Copyright (c) 2005 Thomas Fuchs (http://script.aculo.us, http://mir.aculo.us)
+// 
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+// 
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var Scriptaculous = {
+  Version: '1.5.1',
+  require: function(libraryName) {
+    // inserting via DOM fails in Safari 2.0, so brute force approach
+    document.write('<script type="text/javascript" src="'+libraryName+'"></script>');
+  },
+  load: function() {
+    if((typeof Prototype=='undefined') ||
+      parseFloat(Prototype.Version.split(".")[0] + "." +
+                 Prototype.Version.split(".")[1]) < 1.4)
+      throw("script.aculo.us requires the Prototype JavaScript framework >= 1.4.0");
+    
+    $A(document.getElementsByTagName("script")).findAll( function(s) {
+      return (s.src && s.src.match(/scriptaculous\.js(\?.*)?$/))
+    }).each( function(s) {
+      var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,'');
+      var includes = s.src.match(/\?.*load=([a-z,]*)/);
+      (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider').split(',').each(
+       function(include) { Scriptaculous.require(path+include+'.js') });
+    });
+  }
+}
+
+Scriptaculous.load();
+\ No newline at end of file
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/logo.jpg b/dogtag/tps-ui/shared/docroot/esc/sow/logo.jpg
new file mode 100644
index 000000000..7cb31affc
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/logo.jpg
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/style.css b/dogtag/tps-ui/shared/docroot/esc/sow/style.css
new file mode 100755
index 000000000..bcd289bdb
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/style.css
@@ -0,0 +1,213 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+body {
+background-color: grey;
+        font-family: arial;
+        font-size: 7p
+
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+};
+
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+h2 {
+  font-size: 12pt;
+}
+
+.logobar {
+
+  background-color:black;
+  font-family: "Arial";
+  font-size: 7p;
+
+}
+
+.headerText {
+  font-family: "Arial";
+  font-size: 14pt;
+  font-weight: bold; 
+  color: white;
+}
+
+.titleText {
+  font-family: "Arial";
+  font-size: 10pt;
+}
+
+.bodyText {
+  font-family: "Arial";
+  font-size: 10pt;
+  color: white;
+}
+
+.formText {
+  font-family: "Arial";
+  font-size: 9pt;
+  color: black;
+
+}
+
+.linkText {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+#BindingTable {
+  background-color: #ffffff ;
+  font-size: 7pt;
+}
+
+#BindingTable th {
+  color: rgb(0, 0, 0);
+  background-color:  #fffffe;
+  font-size: 7pt;
+}
+
+#BindingTable tr {
+  background-color: #fffffe;
+  font-size: 7pt;
+}
+
+tr [COOLKeyPresent="yes"]{
+  background-color: rgb(255, 0, 0);
+}
+
+.cylon {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+}
+
+.cylonEye {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+}
+
+#statusMsg {
+  font-weight: bold;
+}
+
+.ProgressMeter {
+  position: relative;
+  padding: 0px;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+  text-align: center;
+}
+
+.ProgressBar {
+  position: absolute;
+  z-index: 0;
+  top: 0px;
+  left: 0px;
+  border-right: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+  margin: 0px;
+}
+
+.ProgressBarStatus {
+  position: relative;
+  z-index: 10;
+  margin: 0px;
+  padding: 0px;
+
+}
+
+.KeyTableHeader {
+  color: rgb(0,0, 0);
+  background-color: #ffffff;
+  text-align: left;
+}
+                                                                                
+#KeyTable td {
+  background-color: #ffffff;
+  padding-left: 3px;
+  padding-right: 3px;
+};
+                                                                                
+.TableDescriptionPanel {
+  background-color: #ffffff);
+  margin-right: 5px;
+  margin-left: 5px;
+  margin-bottom: 0px;
+  margin-bottom: 5px;
+  padding: 5px;
+}
+                                                                                
+.PurchasePanel {
+  width: 100%;
+  text-align: center;
+  padding-top: 5px;
+  padding-bottom: 5px;
+}
+                                                                                
+.NeedQuestionText {
+  font-size: 16pt;
+  font-weight: bold;
+}
+
+.COOLHeaderText {
+  font-family: "Arial";
+  font-size: 20pt;
+  font-weight: bold;
+}
+                                                                                
+.ContentTable {
+  background-color: #ffffff;
+  margin: 0px;
+}
+                                                                                
+form {
+  margin: 0px;
+  padding: 0px;
+};
+                                                                                
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+                                                                                
+table {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+.TableTitle {
+  font-size: 12pt;
+  font-weight: bold;
+}
+
+.PageHeader {
+  width: 100%;
+  border-bottom: solid black 1px;
+  vertical-align: center;
+  background-color: #ffffff;
+}
diff --git a/dogtag/tps-ui/shared/docroot/esc/sow/util.js b/dogtag/tps-ui/shared/docroot/esc/sow/util.js
new file mode 100755
index 000000000..967e6e5ed
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/sow/util.js
@@ -0,0 +1,1769 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+//
+// initialize netkey globals
+var netkey;
+
+
+var keyUITable = new Array();
+var keyTypeTable = new Array();
+var curChildWindow = null;
+
+var gWindow = null;
+
+const ErrorText = "For additional assistance contact your Technical Support";
+
+
+function getUIForKey(aKeyID)
+{
+    return keyUITable[aKeyID];
+
+}
+
+function getTypeForKey(aKeyID)
+{
+    return keyTypeTable[aKeyID];
+}
+
+
+//
+// Notify callback for GECKO
+//
+function jsNotify()  {}
+
+jsNotify.prototype = {
+
+  rhNotifyKeyStateChange: function(aKeyType,aKeyID,aKeyState,aData,strData)
+  {
+    OnCOOLKeyStateChange(aKeyType, aKeyID, aKeyState, aData,strData);
+  },
+
+  QueryInterface: function(iid)
+  {
+    <!--  alert("iid: " + iid); -->
+     if(!iid.equals(Components.interfaces.rhIKeyNotify) &&
+         !iid.equals(Components.interfaces.nsISupports))
+      {
+          MyAlert("Can't find jsNotify interface");
+          throw Components.results.NS_ERROR_NO_INTERFACE;
+      }
+      return this;
+  }
+};
+
+//
+// Attach to the object.
+//
+  // GECKO ONLY initialization
+  try {
+    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey = Components.classes["@redhat.com/rhCoolKey"].getService();
+    netkey = netkey.QueryInterface(Components.interfaces.rhICoolKey);
+    gNotify = new jsNotify;
+    netkey.rhCoolKeySetNotifyCallback(gNotify);
+  } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+  }
+
+//
+// unregister our notify event
+//
+function cleanup()
+{
+
+    try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      netkey.rhCoolKeyUnSetNotifyCallback(gNotify);
+    } catch(e) {
+     MyAlert("Can't get UniversalXPConnect: " + e);
+    }
+}
+
+var gScreenName = "";
+var gKeyEnrollmentType = "userKey";
+
+var gCurrentSelectedRow = null;
+
+
+var gCurKeyType = null;
+var gCurKeyID = null;
+
+////////////////////////////////////////////////////////////////
+//
+// Utility functions specific to this page.
+//
+////////////////////////////////////////////////////////////////
+
+
+// List of Error Messages to be printed out
+
+var Status_Messages = new Array(
+      
+    "Operation Completed Successfully.",
+    "Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Problem communicating with the smartcard.",
+    "Problem resetting smartcard's pin.",
+    "Internal Smartcard Server error.",
+    "Internal Smartcard Server error.",
+    "Smartcard enrollment error.",
+    "Can not communicate with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the Certificattion Authority.",
+    "Internal Smartcard Server error.",
+    "Error resetting the smartcard's password.",
+    "Internal Smartcard Server error.",
+    "Smartcard Server authentication failure.",
+    "Internal Smartcard Server error.",
+    "Your Smartcard is listed as disabled.",
+    "Problem communicating with the smartcard.",
+    "Internal Smartcard Server error.",
+    "Cannot upgrade smartcard software.",
+    "Internal Smartcard Server error.",
+    "Problem communicating with the smartcard.",
+    "Invalid smartcard type.",
+    "Invalid smartcard type.",
+    "Cannot publish smartcard information.",
+    "Cannot communicate with smartcard database.",
+    "Smartcard is disabled.",
+    "Cannot reset password value for the smartcard.",
+    "Connection to Smartcard Server lost.",
+    "Cannot create entry for smartcard in smartcard database.",
+    "Smartcard found to be in an inconsistent state.",
+    "Invalid reason for lost smartcard submitted.",
+    "Smartcard found to be unusable due to compromise.",
+    "No such inactive smartcard found.",
+    "Cannot process more than one active smartcard.",
+    "Internal Smartcard Server error.",
+    "Smartcard key recovery has been processed.",
+    "Smartcard key recovery failed.",
+    "Cannot process this smartcard, which has been reported lost.",
+    "Smartcard key archival error.",
+    "Problem connecting to the Smartcard TKS Server.",
+    "Failed to update smartcard database.",
+    "Internal certificate revocation error discovered.",
+    "User does not own this smartcard.", 
+    "Smart Card Manager has been misconfigured.",
+    "Smart Card Manager can not talk to smart card reader.",
+    "Smart Card Manager can not establish a session with  the smart card.",
+    "Smart Card Manager can not talk to Smart Card Server.",
+    "Smart Card Manager can not talk to smart card reader."
+ );    
+
+function GetAuthDataFromPopUp(aKeyType,aKeyID,aUiData)
+{
+
+   keyUITable[aKeyID] = aUiData;
+   keyTypeTable[aKeyID] = aKeyType;
+
+   //alert("GetAuthDataFromPopUp data " + aUiData);
+   var child = window.open("/GenericAuth.html",aKeyID,"height=400,width=400");
+
+   //alert("Attempted to create child window " + child);
+ 
+   curChildWindow = child; 
+
+}
+
+function COOLKeySetDataValue(aKeyType,aKeyID,name,value)
+{
+        //alert("In COOLKeySetDataValue  aKeyType " + aKeyType + " aKeyID " + aKeyID + " name " + name + " value " + value);  
+        if(netkey)
+        {
+             try {
+                    netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(aKeyType,aKeyID,name,value);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+
+}
+ 
+function COOLKeySetTokenPin(pin)
+{
+        if(netkey)
+        {
+             try { 
+                netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+                netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"TokenPin",pin);
+
+
+            } catch(e) {
+                MyAlert("Error Setting data values: " + e);
+            }
+        }
+}
+
+function COOLKeySetUidPassword(uid,pwd)
+{
+
+      if(netkey)
+      {
+
+          try {
+              netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"UserId",uid);
+
+              netkey.SetCoolKeyDataValue(gCurKeyType,gCurKeyID,"Password",pwd);
+
+          } catch(e) {
+              MyAlert("Error Setting data values: " + e);
+          }
+
+      }
+
+}
+      
+  
+function MyGetErrorMessage(status_code)
+{
+
+ var result = "Internal Server Error";
+
+  if(status_code < 0 && status_code >= Status_Messages.length)
+  {
+     return result;
+      
+  }   
+      
+  return Status_Messages[status_code];
+      
+}   
+
+function KeyToRowID(keyType, keyID)
+{
+  return keyType + "--" + keyID;
+}
+
+function RowIDToKeyInfo(rowID)
+{
+  return rowID.split("--");
+}
+
+function GetRowForKey(keyType, keyID)
+{
+  return document.getElementById(KeyToRowID(keyType, keyID));
+}
+
+function ReportException(msg, e)
+{
+  MyAlert(msg + " " + e.description + "(" + e.number + ")");
+}
+
+function GetCOOLKeyStatus(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyStatus(keyType, keyID);
+  } catch (e) {
+    ReportException("netkey.GetCOOLKeyStatus() failed!", e);
+    return 0;
+  }
+}
+
+function GetCOOLKeyPolicy(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyPolicy(keyType, keyID);
+  } catch (e) {
+  //  ReportException("netkey.GetCOOLKeyPolicy() failed!", e);
+    return "";
+  }
+}
+
+function GetCOOLKeyRequiresAuth(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyRequiresAuthentication(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyRequiresAuthentication() failed!", e);
+    return false;
+  }
+}
+
+function GetCOOLKeyIsAuthed(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsAuthenticated(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsAuthenticated() failed!", e);
+    return false;
+  }
+}
+
+function GetAvailableCOOLKeys()
+{
+  try {
+    var keyArr;
+
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      var inArray = netkey.GetAvailableCoolKeys( {} );
+      keyArr = new Array(inArray.length);
+      var i;
+
+      for (i=0; i < keyArr.length; i++) {
+	keyArr[i] = new Array( "1", inArray[i]);
+      }
+    return keyArr;
+  } catch(e) {
+    ReportException("netkey.GetAvailableCoolKeys() failed!", e);
+    return [];
+  }
+}
+
+function EnrollCOOLKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.EnrollCoolKey(keyType, keyID, enrollmentType, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException("netkey.EnrollCoolKey() failed!", e);
+    return false;
+  }
+
+  return true;
+}
+
+function GetCOOLKeyIsEnrolled(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    return netkey.GetCoolKeyIsEnrolled(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.GetCoolKeyIsEnrolled() failed!", e);
+    return false;
+  }
+}
+
+function CancelCOOLKeyOperation(keyType, keyID)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.CancelCoolKeyOperation(keyType, keyID);
+  } catch(e) {
+    ReportException("netkey.CancelCoolKeyOperation() failed!", e);
+    return false;
+  }
+  return true;
+}
+
+function MyAlert(message)
+{
+    if(message)
+        DoMyAlert(message,"Smart Card Manager");
+
+} 
+function DoMyAlert(message,title)
+{
+
+   if(!message || !title)
+       return;
+
+   try {
+
+       netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+       var prompts = Components.classes["@mozilla.org/embedcomp/prompt-service;1"].getService(Components.interfaces.nsIPromptService);
+
+
+       prompts.alert(window,title,message);
+
+   } catch(e) {
+
+
+       alert("Problem with nsIPromptService " + e);
+   }
+
+}
+
+//
+// MSHTML/GECKO compatibility functions.
+//
+function RemoveRow(table, row)
+{
+    table.deleteRow(row.rowIndex);
+}
+
+function GetCell(row, index)
+{
+  var cell;
+
+    cell = row.cells[index];
+  return cell;
+}
+
+function GetNode(parent, index)
+{
+  var node;
+    node = parent.childNodes[index];
+  return node;
+}
+
+function InsertRow(table)
+{
+  var row;
+
+    row = table.insertRow(table.rows.length);
+  return row;
+}
+
+function InsertCell(row)
+{
+  var cell;
+
+    cell = row.insertCell(row.cells.length);
+  return cell;
+}
+
+function RemoveAllChildNodes(parent)
+{
+  var numChildren = parent.childNodes.length;
+  var i;
+
+  i = numChildren;
+  while (numChildren)
+  {
+    parent.removeChild(GetNode(parent,0));
+    numChildren--;
+  }
+
+}
+
+
+function UpdateInfoForKeyID(keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  if (!row)
+    return;
+
+  var cell = GetCell(row,1)
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(keyStatus));
+
+//  cell = GetCell(row,2);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+ // cell = GetCell(row,3);
+ // RemoveAllChildNodes(cell);
+ // cell.appendChild(document.createTextNode(isAuthed));
+}
+
+function GetStatusForKeyID(keyType, keyID)
+{
+  var keyStatus = "BLANK";
+
+  var status;
+
+  try {
+    status = GetCOOLKeyStatus(keyType, keyID);
+  } catch(e) {
+    status = 0;
+  }
+
+  switch (status) {
+    case 0: // Unavailable
+      keyStatus = "UNAVAILABLE";
+      break;
+    case 1: // AppletNotFound
+      keyStatus = "NO APPLET";
+      break;
+    case 2: // Uninitialized
+      keyStatus = "UNINITIALIZED";
+      break;
+    case 3: // Unknown
+      keyStatus = "UNKNOWN";
+      break;
+    case 4: // Available
+    case 6: // UnblockInProgress
+    case 7: // PINResetInProgress
+    case 8: // RenewInProgress
+      keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+      break;
+    case 5: // EnrollmentInProgress
+      keyStatus = "BUSY";
+      break;
+      break;
+    case 9: // FormatInProgress
+      keyStatus = "BUSY";
+      break;
+  }
+
+  return keyStatus;
+}
+
+function InsertCOOLKeyIntoBindingTable(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+
+  gWindow = window;
+ if (!row)
+  {
+    var table = document.getElementById("BindingTable");
+    if (table)
+    {
+      var keyStatus = GetStatusForKeyID(keyType, keyID);
+      var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+      var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+      row = CreateTableRow(table, keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+    }
+
+    if (!row)
+      return null;
+  }
+
+  return row;
+}
+
+function ConvertVariantArrayToJScriptArray(varr)
+{
+  // C++ native methods, like netkey.GetAvailableCOOLKeys(), can only
+  // return variant SafeArrays, so to access the data inside, you must
+  // first convert it to a VBArray, and then call toArray() to convert
+  // it to a JScript array. Lame, but that's what it takes to
+  // use an array returned from an ActiveX component.
+
+  return new VBArray(varr).toArray();
+}
+
+function UpdateBindingTableAvailability()
+{
+  var arr = GetAvailableCOOLKeys();
+
+  if (!arr || arr.length < 1)
+    return;
+
+  var i;
+
+  for (i=0; i < arr.length; i++)
+  {
+    InsertCOOLKeyIntoBindingTable(arr[i][0], arr[i][1]);
+
+    if (!gCurrentSelectedRow)
+      SelectRowByKeyID(arr[i][0], arr[i][1]);
+  }
+}
+
+function InitializeBindingTable()
+{
+  UpdateBindingTableAvailability();
+  UpdateButtonStates();
+  if (UserOnDoneInitializeBindingTable) {
+    UserOnDoneInitializeBindingTable();
+  }
+}
+
+function KeyIsPresent(keyType, keyID)
+{
+  row = document.all.item(keyType, keyID);
+
+  if (!row)
+    return false;
+
+  return true;
+}
+
+function SetStatusMessage(str)
+{
+  var cell = document.getElementById("statusMsg");
+
+  if (!cell)
+    return;
+  RemoveAllChildNodes(cell);
+  cell.appendChild(document.createTextNode(str));
+}
+
+function UpdateButtonStates()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    var keyStatus = GetStatusForKeyID(keyType, keyID);
+
+    document.getElementById("enrollbtn").disabled = false;
+  }
+  else
+  {
+    document.getElementById("enrollbtn").disabled = true;
+  }
+
+  refresh();
+}
+
+function GetCurrentKeyID()
+{
+  if (gCurrentSelectedRow)
+  {
+    var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+    var keyType = keyInfo[0];
+    var keyID = keyInfo[1];
+    return keyID;
+  } else {
+    return "No Key Found!";
+  }
+}
+
+function SetEnrollmentType(type)
+{
+  gKeyEnrollmentType = type;
+  UpdateButtonStates();
+}
+
+function FindRow(node)
+{
+  while (node && node.tagName != "TR")
+  {
+    node = node.parentNode;
+  }
+
+  return node;
+}
+
+function SelectRow(row)
+{
+  if (!row || gCurrentSelectedRow == row)
+    return;
+
+  if (gCurrentSelectedRow)
+    gCurrentSelectedRow.removeAttribute("style");
+
+  gCurrentSelectedRow = row;
+  gCurrentSelectedRow.style.backgroundColor="rgb(200,200,200)";
+  UpdateButtonStates();
+}
+
+function SelectRowByKeyID(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  SelectRow(row);
+}
+
+function DoSelectRow(event)
+{
+  var row;
+
+    row = FindRow(event.parentNode);
+  SelectRow(row);
+}
+
+function KeyToUIString(keyType, keyID)
+{
+  // If it's an COOLKey, format the keyID string.
+
+  if (keyType == 1 && keyID.length == 20)
+  {
+    var re = /([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})([0-9a-f]{4})/i;
+    keyID = keyID.replace(re, "$1-$2-$3-$4-$5").toLowerCase();
+  }
+
+  return keyID;
+}
+
+
+
+function CreateTableRow(table, keyType, keyID, keyStatus, reqAuth, isAuthed)
+{
+  var row = InsertRow(table);
+  if (!row)
+    return null;
+
+  row.setAttribute("id", KeyToRowID(keyType, keyID));
+ 
+     row.onclick = DoSelectRow;
+
+  // Create the key ID cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(KeyToUIString(keyType, keyID)));
+
+  //cell.setAttribute("onClick", "DoSelectRow(this);");
+
+  // Create the keyStatus cell.
+  //cell = InsertCell(row);
+  //cell.appendChild(document.createTextNode(keyStatus));
+
+  // Create the requires auth cell.
+ // cell = InsertCell(row);
+ // cell.appendChild(document.createTextNode(reqAuth));
+
+  cell = InsertCell(row);
+  cell.appendChild(document.createTextNode("Enrollment Progress"));
+
+  // Create the status bar cell
+
+  cell = InsertCell(row);
+
+  var progressMeter = document.createElement("div");
+  progressMeter.setAttribute("id", KeyToProgressBarID(keyType, keyID));
+  progressMeter.className = "ProgressMeter";
+  progressMeter.style.width = "100px";
+  progressMeter.style.height = "1.5em";
+//  progressMeter.style.visibility = "hidden";
+  progressMeter.setAttribute("value", 0);
+
+  var progressBar = document.createElement("div");
+  progressBar.className = "ProgressBar";
+  progressBar.style.width = "0px";
+  progressBar.style.height = "100%";
+//  progressBar.style.visibility = "hidden";
+
+  var progressBarStatus = document.createElement("div");
+  progressBarStatus.className = "ProgressBarStatus";
+  progressBarStatus.appendChild(document.createTextNode(""));
+
+  progressMeter.appendChild(progressBar);
+  progressMeter.appendChild(progressBarStatus);
+  cell.appendChild(progressMeter);
+
+  //row.style.display ="none";
+
+  return row;
+}
+
+gAnimationMSecs = 1000/30;
+
+function SetCylonTimer(cylonID, cylonEyeID)
+{
+  setTimeout("AnimateCylonStatusBar(\"" + cylonID +
+             "\", \"" + cylonEyeID + "\");", gAnimationMSecs);
+}
+
+function AnimateCylonStatusBar(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID);
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+    return;
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (!eye)
+    return;
+
+  var dir = eye.getAttribute("direction");
+  var wid = parseInt(eye.style.width);
+  var cywid = parseInt(cylon.style.width);
+  var left = parseInt(eye.style.left);
+
+  var dx = 10;
+
+  if (!dir || dir >= 0)
+  {
+    left += dx;
+
+    if (left + wid > cywid)
+    {
+      left = cywid - wid;
+      eye.setAttribute("direction", "-1");
+    }
+  }
+  else
+  {
+    left -= dx;
+
+    if (left < 0)
+    {
+      left = 0;
+      eye.setAttribute("direction", "1");
+    }
+  }
+
+  eye.style.left = left + "px";
+
+  SetCylonTimer(cylonID, cylonEyeID);
+}
+
+function StartCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (!cylon)
+    return;
+
+  var active = cylon.getAttribute("cylonactive");
+
+  if (!active)
+  {
+    cylon.setAttribute("cylonactive", "true");
+
+    var eye = document.getElementById(cylonEyeID);
+    if (eye)
+    {
+      eye.style.left = "0px";
+      eye.style.visibility = "visible";
+    }
+
+    SetCylonTimer(cylonID, cylonEyeID);
+  }
+}
+
+function StopCylonAnimation(cylonID, cylonEyeID)
+{
+  var cylon = document.getElementById(cylonID)
+
+  if (cylon)
+    cylon.removeAttribute("cylonactive");
+
+  var eye = document.getElementById(cylonEyeID);
+
+  if (eye)
+    eye.style.visibility = "hidden";
+}
+
+function GetProgressMeterValue(progMeterID)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return -1;
+
+  return parseInt(progMeter.getAttribute("value"));
+}
+
+function SetProgressMeterValue(progMeterID, value)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter || value < 0)
+    return;
+
+  if (value > 100)
+    value = 100;
+
+  var progBar = progMeter.firstChild;
+
+  if (value == 0)
+  {
+    progBar.style.width = "0px";
+    progBar.style.visibility = "hidden";
+    progMeter.setAttribute("value", 0);
+    return;
+  }
+
+  progBar.style.visibility = "visible"; 
+
+  var newWidth = parseInt(progMeter.style.width) * value / 100 - 2;
+
+  progBar.style.width =  newWidth + "px";
+  progMeter.setAttribute("value", value);
+}
+
+function SetProgressMeterStatus(progMeterID, statusMsg)
+{
+  var progMeter = document.getElementById(progMeterID);
+
+  if (!progMeter)
+    return;
+
+  var progBar = progMeter.firstChild;
+
+  // If it exists, the meter status should be
+  // div that is the next sibling of the progressMeter.
+
+  var meterStatus = progBar.nextSibling;
+
+  // Just replace the data in the text node, it's much faster,
+  // and reduces flashing!
+
+  meterStatus.firstChild.replaceData(0, meterStatus.firstChild.length, statusMsg);
+}
+
+function ClearProgressBar(progMeterID)
+{
+  SetProgressMeterValue(progMeterID, 0);
+  SetProgressMeterStatus(progMeterID, "");
+}
+
+function KeyToProgressBarID(keyType, keyID)
+{
+  return "PM" + keyType + "-" + keyID;
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions that contact the server or talk directly to
+// ESC native code.
+//
+// ESC Native Functions:
+//
+//     netkey.GetAvailableCOOLKeys()
+//
+//       - Returns an ActiveX Variant SafeArray containing the ID for each key
+//         that is currentlly plugged into the computer. Before accessing any
+//         data in this array you must convert it to a JScript Array with a
+//         call to ConvertVariantArrayToJScriptArray().
+//
+//     netkey.GetCOOLKeyIsEnrolled(keyType, keyID)
+//
+//       - Returns true if a key has been initialized, false if it hasn't.
+//         Initialized means the card has been formatted with certificates
+//         for either an COOL HouseKey or NetKey.
+//
+//     netkey.EnrollCOOLKey(keyType, keyID, enrollmentType, screenName, pin)
+//
+//       - Initiates an async connection to the RA to initialize a specific
+//         key. If you want the key to be initialized as a HouseKey, you should
+//         pass "houseKey" as the enrollmentType, and null values for both
+//         screenName and pin. For a NetKey, use "netKey" as the enrollmentType,
+//         and pass a valid screenName and pin.
+//
+//
+////////////////////////////////////////////////////////////////
+
+function GetScreenNameValue()
+{
+  var sname = document.getElementById("snametf").value;
+
+  if (! sname)
+  {
+    MyAlert("You must provide a valid LDAP User ID!");
+    if (UserOnCOOLKeyStateError) {
+      UserOnCOOLKeyStateError(); // call user-level
+    }
+    return null;
+  }
+
+  return sname;
+}
+
+function GetPINValue()
+{
+  var pinVal =  document.getElementById("pintf").value;
+  var rpinVal =  document.getElementById("reenterpintf").value;
+
+  if (! pinVal)
+  {
+    MyAlert("You must provide a valid Key Password!");
+    if (UserOnCOOLKeyStateError) {
+      UserOnCOOLKeyStateError(); // call user-level
+    }
+    return null;
+  }
+
+  if ( pinVal != rpinVal)
+  {
+    MyAlert("The Key Password values you entered do not match!");
+    if (UserOnCOOLKeyStateError) {
+      UserOnCOOLKeyStateError(); // call user-level
+    }
+    return null;
+  }
+
+  return pinVal;
+}
+
+function GetScreenNamePwd()
+{
+
+  var pwd = document.getElementById("snamepwd").value;
+
+   if(!pwd)
+   {
+       MyAlert("You must provide a valid LDAP User ID !");
+       if (UserOnCOOLKeyStateError) {
+          UserOnCOOLKeyStateError(); // call user-level
+       }
+       return null;
+   }
+   return pwd;
+}
+
+function GetTokenCode()
+{
+
+  return null;
+}
+function DoEnrollTempCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, 'userKeyTemporary', screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+function DoEnrollCOOLKey()
+{
+
+  if (!gCurrentSelectedRow)
+  {
+    MyAlert("Please select a key.");
+    return;
+  }
+
+ if(!Validate())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname =  GetScreenNameValue();
+
+    pin =  GetPINValue();
+
+
+    screennamepwd =  GetScreenNamePwd();
+
+    tokencode = GetTokenCode();
+
+    //SetStatusMessage("Enrolling UserKey \"" + KeyToUIString(keyType, keyID) + "\"...");
+  }
+
+  StartCylonAnimation("cylon1", "eye1");    
+
+  var doShow = true;
+
+  ShowProgressBar(keyType,keyID,doShow );
+
+  if (!EnrollCOOLKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+    var doShow = false;
+    ShowProgressBar(aKeyType,aKeyID,doShow );
+  }
+}
+
+function DoResetSelectedCOOLKeyPIN()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate())
+     return;
+
+   //alert("In DoResetSelectedCOOLKeyPIN!");
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var screenname = null;
+  var pin = null;
+  var screennamepwd = null;
+
+  if (GetCOOLKeyIsEnrolled(keyType, keyID))
+  {
+ 
+    SetStatusMessage("Resetting PIN for \"" + keyID + "\"...");
+    StartCylonAnimation("cylon1", "eye1");
+
+    if (!ResetCOOLKeyPIN(keyType, keyID, screenname, pin,screennamepwd))
+    {
+      SetStatusMessage("");
+      StopCylonAnimation("cylon1", "eye1");
+    }
+  }
+}
+
+function DoSetURLCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate1())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = 'soUserKey';
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoFormatSoCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate1())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = 'soCleanSOToken';
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function DoFormatCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  if(!Validate1())
+     return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  var type = 'soCleanUserToken';
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  SetStatusMessage("Formatting \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  if (!FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode))
+  {
+    SetStatusMessage("");
+    StopCylonAnimation("cylon1", "eye1");
+  }
+}
+
+function FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode)
+{
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+    netkey.FormatCoolKey(keyType, keyID, type, screenname, pin,screennamepwd,tokencode);
+  } catch(e) {
+    ReportException(getBundleString("errorFormatCoolKey"), e);
+    return false;
+  }
+  return true;
+}
+
+function DoCancelOperation()
+{
+
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  SetStatusMessage("Cancel operation for \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  CancelCOOLKeyOperation(keyType, keyID);
+
+  SetStatusMessage("");
+  StopCylonAnimation("cylon1", "eye1");
+}
+
+function DoChallengeSelectedKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Generating Challenge ...");
+
+  var challengeArray = ChallengeCOOLKey(keyType, keyID, document.forms[0].challengedata.value);
+
+  if (challengeArray.length != 4)
+  {
+    MyAlert("Challenge for key \"" + KeyToUIString(keyType, keyID) + "\" failed!");
+    SetStatusMessage("");
+    return;
+  }
+
+  MyAlert("ChallengeCOOLKey(\""+ KeyToUIString(keyType, keyID) + "\") returned:\n\n" +
+        "challenge[0]: " + challengeArray[0] + "\n" +
+        "challenge[1]: " + challengeArray[1] + "\n" +
+        "challenge[2]: " + challengeArray[2] + "\n" +
+        "challenge[3]: " + challengeArray[3] + "\n");
+
+  SetStatusMessage("");
+}
+
+function DoBlinkCOOLKey()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  SetStatusMessage("Blinking \"" + KeyToUIString(keyType, keyID) + "\" ...");
+  StartCylonAnimation("cylon1", "eye1");
+
+  BlinkCOOLKey(keyType, keyID, 400, 5000);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+}
+
+function OnCOOLKeyBlinkComplete(keyType,keyID)
+{
+  //StopCylonAnimation("cylon1", "eye1");
+  //SetStatusMessage(" ");
+}
+
+function DoHelp()
+{
+  if (!gCurrentSelectedRow)
+    return;
+
+  var keyInfo = RowIDToKeyInfo(gCurrentSelectedRow.getAttribute("id"));
+  var keyType = keyInfo[0];
+  var keyID = keyInfo[1];
+
+  if (!keyID)
+    return;
+
+  var policy = GetCOOLKeyPolicy(keyType, keyID);
+  var type = PolicyToKeyType(policy);
+  MyAlert("Policy:  " + policy + "\n" + "Type:    " + type);
+}
+
+////////////////////////////////////////////////////////////////
+//
+// Functions called directly from ASC native code.
+//
+////////////////////////////////////////////////////////////////
+
+function OnCOOLKeyInserted(keyType, keyID)
+{
+  var row = InsertCOOLKeyIntoBindingTable(keyType, keyID);
+
+  if (!gCurrentSelectedRow)
+    SelectRowByKeyID(keyType, keyID);
+  if (UserOnCOOLKeyInserted) {
+    UserOnCOOLKeyInserted(keyType, keyID);
+  }
+}
+
+
+function OnCOOLKeyRemoved(keyType, keyID)
+{
+  var row = GetRowForKey(keyType, keyID);
+  var table = document.getElementById("BindingTable");
+
+  if (row && table)
+  {
+    RemoveRow(table,row);
+
+    if (row == gCurrentSelectedRow)
+      gCurrentSelectedRow = null;
+  }
+
+  UpdateButtonStates();
+  if (UserOnCOOLKeyRemoved) {
+    UserOnCOOLKeyRemoved(keyType, keyID);
+  }
+}
+
+var gKnownPolicies = [
+
+  // OID Value, precedence, name value
+
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.1.0.1.4", 4, "NETKEY" ],   // Platinum - MyDoctor
+
+  // XXX: Remove the Old OIDs below, after the RA starts generating
+  //      certificates with the OIDs listed above!
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.1", 1, "HOUSEKEY" ], // Bronze   - HouseKey
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.2", 2, "NETKEY" ],   // Silver   - Member
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.3", 3, "NETKEY" ],   // Gold     - Associate
+  [ "OID.1.3.6.1.4.1.1066.1.1000.2.4", 4, "NETKEY" ]    // Platinum - MyDoctor
+];
+
+function PolicyToKeyType(policy)
+{
+   return "ENROLLED";
+}
+
+function OldPolicyToKeyType(policy)
+{
+  var i, j;
+  
+  var knownPoliciesIndex = -1;
+
+  
+  var policies;
+
+
+  if (policy.indexOf(",")== -1)
+  {
+    policies = new Array(1);
+    policies[0] = policy;
+  }
+  else
+  {
+    policies = policy.split(",");
+  }
+
+  for (j = 0; j < policies.length; j++)
+  {
+    for (i = 0; i < gKnownPolicies.length; i++)
+    {
+      if (gKnownPolicies[i][0] == policies[j])
+      {
+         if (knownPoliciesIndex < gKnownPolicies[i][1])
+           knownPoliciesIndex = i;
+      }
+    }  
+  }
+
+  if (knownPoliciesIndex == -1)
+    return "INITIALIZED";
+ 
+  return gKnownPolicies[knownPoliciesIndex][2];    
+}
+
+function BoolToYesNoStr(b)
+{
+  if (b)
+    return "YES";
+  return "NO";
+}
+
+function OnCOOLKeyEnrollmentComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+  SetStatusMessage("");
+  MyAlert("Enrollment of smartcard complete!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+
+  window.setTimeout("loadSuccessPage()",4);
+}
+
+function OnCOOLKeyPINResetComplete(keyType, keyID)
+{
+  var keyStatus = PolicyToKeyType(GetCOOLKeyPolicy(keyType, keyID));
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+  UpdateButtonStates();
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Password Reset was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+}
+
+function OnCOOLKeyFormatComplete(keyType, keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+  MyAlert("Format of \"" + KeyToUIString(keyType, keyID)+ "\" was successful!");
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+  if (UserOnCOOLKeyFormatComplete) {
+    UserOnCOOLKeyFormatComplete(); // call user-level
+  }
+}
+
+function OnCOOLKeyStateError(keyType, keyID, keyState, errorCode)
+{
+  var keyStatus = GetStatusForKeyID(keyType, keyID);
+  var keyReqAuth = BoolToYesNoStr(GetCOOLKeyRequiresAuth(keyType, keyID));
+  var keyIsAuthed = BoolToYesNoStr(GetCOOLKeyIsAuthed(keyType, keyID));
+
+  if(curChildWindow)
+  {
+      curChildWindow.close();
+      curChildWindow = null;
+
+  }
+
+  var doShow = false;
+  ShowProgressBar(keyType,keyID, doShow);
+
+  //UpdateInfoForKeyID(keyType, keyID, keyStatus, keyReqAuth, keyIsAuthed);
+
+  StopCylonAnimation("cylon1", "eye1");
+  SetStatusMessage("");
+
+  var typeStr = "Error(" + errorCode + ")";
+
+  var  messageStr = " \n\n Error Response: " + MyGetErrorMessage(errorCode) ;
+
+  var keyIDStr = KeyToUIString(keyType, keyID);
+
+  if (keyState == 1004)
+    typeStr = "Enrollment of key  failed. " + typeStr + messageStr ;
+  else if (keyState == 1016)
+    typeStr = "Formatting of key  failed. " + typeStr + messageStr;
+  else if (keyState == 1010)
+    typeStr = "PIN Reset for key  failed. " + typeStr + messageStr;
+  else if (keyState == 1020)
+    typeStr = "Operation for key  canceled.";
+
+  typeStr += " \n " + ErrorText;
+  MyAlert(typeStr);
+  ClearProgressBar(KeyToProgressBarID(keyType, keyID));
+  if (UserOnCOOLKeyStateError) {
+    UserOnCOOLKeyStateError(); // call user-level
+  }
+}
+
+function OnCOOLKeyStatusUpdate(progMeterID, statusUpdate)
+{
+  SetProgressMeterValue(progMeterID, statusUpdate);
+  SetProgressMeterStatus(progMeterID, statusUpdate + "%");
+}
+
+function Validate1()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+    screenname = '';
+    screennamepwd = 'netscape';
+    pin = 'netscape'
+
+   return 1;
+}
+function Validate()
+{
+
+  var type = gKeyEnrollmentType;
+  var screenname = null;
+  var pin = null;
+
+  var screennamepwd = null;
+  var tokencode = null;
+
+  if (type == "userKey")
+  {
+    screenname = GetScreenNameValue();
+    if (! screenname)
+      return 0;
+
+    screennamepwd = GetScreenNamePwd();
+
+    if(! screennamepwd)
+        return 0;
+
+    pin =  GetPINValue();
+
+    if (! pin)
+      return 0;
+
+   }
+
+   return 1;
+}
+
+function OnCOOLKeyStateChange(keyType, keyID, keyState, data,strData)
+{
+  // alert("KeyID:    " + keyID + "\n" +
+  //       "KeyState: " + keyState + "\n" +
+  //       "Data:     " + data);
+  //alert("State Change ="+keyState);
+
+  switch(keyState)
+  {
+    case 1000: // KeyInserted
+      OnCOOLKeyInserted(keyType, keyID);
+      break;
+    case 1001: // KeyRemoved
+      OnCOOLKeyRemoved(keyType, keyID);
+      break;
+    case 1002: // EnrollmentStart
+      // OnCOOLKeyEnrollmentStart(keyType, keyID);
+      break;
+    case 1003: // EnrollmentComplete
+      OnCOOLKeyEnrollmentComplete(keyType, keyID);
+      break;
+    case 1004: // EnrollmentError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1008: // PINResetStart
+      // OnCOOLKeyPINResetStart(keyType, keyID);
+      break;
+    case 1009: // PINResetComplete
+      OnCOOLKeyPINResetComplete(keyType, keyID);
+      break;
+    case 1010: // PINResetError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1014: // FormatStart
+      // OnCOOLKeyFormatStart(keyType, keyID);
+      break;
+    case 1015: // FormatComplete
+      OnCOOLKeyFormatComplete(keyType, keyID);
+      break;
+    case 1016: // FormatError
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1017: // BlinkStatus Update?
+      //OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1018: 
+      OnCOOLKeyBlinkComplete(keyType, keyID);
+      break;
+    case 1020: // OperationCancelled
+      OnCOOLKeyStateError(keyType, keyID, keyState, data);
+      break;
+    case 1021: // OperationStatusUpdate
+      OnCOOLKeyStatusUpdate(KeyToProgressBarID(keyType, keyID), data);
+      if(UserOnCOOLKeyStatusUpdate)
+          UserOnCOOLKeyStatusUpdate(data);
+      break;
+
+     case 1022: //Need Auth 
+
+
+       gCurKeyID = keyID;
+       gCurKeyType = keyType;
+
+       GetAuthDataFromPopUp(keyType,keyID,strData);
+
+       break;
+
+  }
+}
+
+function refresh()
+{
+  window.resizeBy(0,1);
+  window.resizeBy(0,-1);
+
+}
+
+function loadSuccessPage()
+{
+    window.location="/esc/sow/EnrollSuccess.html";
+}
+
+function ShowProgressBar(aKeyType,aKeyID, doShow)
+{
+   if(!gCurrentSelectedRow)
+      return;
+
+   if(doShow)
+       gCurrentSelectedRow.style.display="table-row";
+   else
+   {
+       gCurrentSelectedRow.style.display="none";
+   }
+}
+function DoCoolKeySetConfigValue(configValue,newValue)
+{
+   if(!configValue || !newValue)
+      return null;
+
+   var result = null;
+
+   if(netkey)
+   {
+      try {
+            netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+
+            result = netkey.SetCoolKeyConfigValue(configValue,newValue);
+
+            } catch(e) {
+                MyAlert(getBundleString("errorConfigValue") + " " + e);
+      }
+
+    }
+
+    return result;
+}
+
+//Is the user "uid"  an "agent" or "user"
+// Input "type" either "agent" or "user"
+
+function IsAgentOrUser(uid,type)
+{
+  var url = window.location.href;
+  var lastSlash = 0;
+
+  var result = false;
+
+  if(!uid || !type)
+      return false;
+
+  var isAgent = 0;
+
+  if(type == "agent")
+     isAgent = 1;
+
+  //Accept either uid=name or name
+
+  if(uid.lastIndexOf("uid=") < 0)
+  {
+     uid = "uid=" + uid;
+  }
+
+  if(url)
+  {
+    lastSlash = url.lastIndexOf("/");
+  }
+  if(lastSlash > 0)
+  {
+    url =  url.substring(0,lastSlash);
+  }
+
+  if(isAgent)
+    url = url + "/is_agent.cgi?" + uid;
+  else
+    url = url +  "/is_user.cgi?" + uid;
+
+  var req = new XMLHttpRequest();
+  req.open('GET',url,false);
+  req.send(null);
+  if(req.status == 200)
+  {
+    //alert(req.responseText);
+    if(req.responseText.lastIndexOf("yes") >= 0)
+    {
+      result = true;
+    }
+  }
+  return result;
+}
+
+function GetCoolKeyIssuedTo(keyType,keyID)
+{
+  var keyStatus = GetStatusForKeyID(keyType,keyID);
+
+  var issuedTo = null;
+
+  try {
+      netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
+      issuedTo = netkey.GetCoolKeyUID(keyType,keyID);
+
+  } catch (e)
+  {
+  }
+  return issuedTo;
+}
+
diff --git a/dogtag/tps-ui/shared/docroot/esc/style.css b/dogtag/tps-ui/shared/docroot/esc/style.css
new file mode 100755
index 000000000..83098a440
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/esc/style.css
@@ -0,0 +1,196 @@
+/* --- BEGIN COPYRIGHT BLOCK ---
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; version 2 of the License.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Copyright (C) 2007 Red Hat, Inc.
+ * All rights reserved.
+ * --- END COPYRIGHT BLOCK ---
+ */
+
+body {
+background: #ffffff url(../images/bg.jpg) repeat-x;
+        font-family: arial;
+        font-size: 7p
+
+}
+
+form {
+  margin: 0px;
+  padding: 0px;
+};
+
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+h2 {
+  font-size: 12pt;
+}
+
+.headerText {
+  font-family: "Arial";
+  font-size: 12pt;
+  font-weight: bold; 
+}
+
+.titleText {
+  font-family: "Arial";
+  font-size: 10pt;
+}
+
+.bodyText {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+.linkText {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+
+#BindingTable {
+  background-color: #ffffff ;
+  font-size: 7pt;
+}
+
+#BindingTable th {
+  color: rgb(0, 0, 0);
+  background-color:  #fffffe;
+  font-size: 7pt;
+}
+
+#BindingTable tr {
+  background-color: #fffffe;
+  font-size: 7pt;
+}
+
+tr [COOLKeyPresent="yes"]{
+  background-color: rgb(255, 0, 0);
+}
+
+.cylon {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+}
+
+.cylonEye {
+  font-size: 4pt;
+  position: relative;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+}
+
+#statusMsg {
+  font-weight: bold;
+}
+
+.ProgressMeter {
+  position: relative;
+  padding: 0px;
+  border: 1px solid rgb(60, 60, 60);
+  background-color: #ffffff;
+  text-align: center;
+}
+
+.ProgressBar {
+  position: absolute;
+  z-index: 0;
+  top: 0px;
+  left: 0px;
+  border-right: 1px solid rgb(60, 60, 60);
+  background-color: rgb(0, 128, 192);
+  margin: 0px;
+}
+
+.ProgressBarStatus {
+  position: relative;
+  z-index: 10;
+  margin: 0px;
+  padding: 0px;
+
+}
+
+.KeyTableHeader {
+  color: rgb(0,0, 0);
+  background-color: #ffffff;
+  text-align: left;
+}
+                                                                                
+#KeyTable td {
+  background-color: #ffffff;
+  padding-left: 3px;
+  padding-right: 3px;
+};
+                                                                                
+.TableDescriptionPanel {
+  background-color: #ffffff);
+  margin-right: 5px;
+  margin-left: 5px;
+  margin-bottom: 0px;
+  margin-bottom: 5px;
+  padding: 5px;
+}
+                                                                                
+.PurchasePanel {
+  width: 100%;
+  text-align: center;
+  padding-top: 5px;
+  padding-bottom: 5px;
+}
+                                                                                
+.NeedQuestionText {
+  font-size: 16pt;
+  font-weight: bold;
+}
+
+.COOLHeaderText {
+  font-family: "Arial";
+  font-size: 20pt;
+  font-weight: bold;
+}
+                                                                                
+.ContentTable {
+  background-color: #ffffff;
+  margin: 0px;
+}
+                                                                                
+form {
+  margin: 0px;
+  padding: 0px;
+};
+                                                                                
+* {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+                                                                                
+table {
+  font-family: "Arial";
+  font-size: 8pt;
+}
+                                                                                
+.TableTitle {
+  font-size: 12pt;
+  font-weight: bold;
+}
+
+.PageHeader {
+  width: 100%;
+  border-bottom: solid black 1px;
+  vertical-align: center;
+  background-color: #ffffff;
+}
diff --git a/dogtag/tps-ui/shared/docroot/footer.vm b/dogtag/tps-ui/shared/docroot/footer.vm
new file mode 100755
index 000000000..a596e45b1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/footer.vm
@@ -0,0 +1,19 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+  <div id="footer">
+  </div>
diff --git a/dogtag/tps-ui/shared/docroot/header.vm b/dogtag/tps-ui/shared/docroot/header.vm
new file mode 100755
index 000000000..0dec954b8
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/header.vm
@@ -0,0 +1,26 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information"><img src="/tps/admin/console/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headertitle">
+    <a href="/" title="Dogtag homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
diff --git a/dogtag/tps-ui/shared/docroot/index.vm b/dogtag/tps-ui/shared/docroot/index.vm
new file mode 100755
index 000000000..e9a3361e9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/index.vm
@@ -0,0 +1,89 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+
+<title>TPS Services</title>
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+</head>
+<body bgcolor="#FFFFFF" link="#666699" vlink="#666699" alink="#333366">
+
+#include ( "header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+                                                                                
+                                                                                
+<div id="bar">
+                                                                                
+<div id="systembar">
+<div id="systembarinner">
+                                                                                
+<div>
+  -
+</div>
+                                                                                
+                                                                                
+</div>
+</div>
+                                                                                
+</div>
+
+
+<font size="+1" face="PrimaSans BT, Verdana, Arial, Helvetica, sans-serif">
+Certificate System TPS Services Page 
+</font><br>
+<p> 
+</font>
+<p>
+<center>
+<table border="0" cellspacing="0" cellpadding="0">
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/tus?op=index_operator">Operator Services</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/tus">Agent Services</a></li>
+</font>
+</td>
+</tr>
+<tr valign="TOP">
+<td>
+<font size=4 face="PrimaSans BT, Verdana, sans-serif">
+<li><a href="https://$machineName:$securePort/tus?op=index_admin">Administrator Services</a></li>
+</font>
+</td>
+</tr>
+</table>
+</center>
+#include ( "footer.vm" )
+</body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/addConfig.template b/dogtag/tps-ui/shared/docroot/tokendb/addConfig.template
new file mode 100644
index 000000000..4051ead83
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/addConfig.template
@@ -0,0 +1,164 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Add " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+// validate according to the pattern
+function validate_form(s) {
+    var s_array = s.split("\n");
+    var reg = new RegExp(conf_pattern.replace(/\$name/g, conf_name));
+
+    for (var i=0; i< s_array.length ; i++) {
+        var key_value = s_array[i].split("=");
+        if (! reg.test(key_value[0])) {
+            alert(key_value[0] + " is not a valid parameter.\nValid parameters have the format " + conf_pattern.replace(/\$name/g, conf_name));
+            return false;
+        }
+    }
+    return true;
+}
+
+function doUpdateConfig(form) {
+        var uri = "";
+        var s = document.addConfigForm.added_params.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+
+        if (validate_form(s)) {
+            document.addConfigForm.added_params.value = s.replace(/\n/g, "&&");       
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left >" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% > New </td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<form NAME =\"addConfigForm\" METHOD=POST onSubmit=\"return doUpdateConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=save_config_changes\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=new_config VALUE=true>");
+
+    document.write("<td>\n");
+    document.write("<textarea name=added_params cols=100 rows=40>\n");
+    document.write("</textarea>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr>\n");
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=submit VALUE=Save>");
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/addResults.template b/dogtag/tps-ui/shared/docroot/tokendb/addResults.template
new file mode 100644
index 000000000..cf2f64769
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/addResults.template
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(tid) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Missing "+addType+" ID</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("New "+addType+" record "+tid+" has been added.</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/agentSelectConfig.template b/dogtag/tps-ui/shared/docroot/tokendb/agentSelectConfig.template
new file mode 100644
index 000000000..3d22858cd
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/agentSelectConfig.template
@@ -0,0 +1,123 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : " + disp_conf_type + " Review and Approval </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doViewConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr colspan=3>  <p> Use this form to select " + conf_type.replace(/_/g, " ").toLowerCase() + " for review. <br>" + 
+         "Select an item in the drop-down menu below and click \"Review\". </p></tr>");
+
+    document.write("<form NAME =\"selectViewConfigForm\" METHOD=POST onSubmit=\"return doViewConfig(this);\">");
+
+    document.write("<tr>");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=agent_view_config\">");
+    document.write("<input TYPE=HIDDEN NAME=ptype VALUE=\"" + conf_type + "\">");
+    var pset_list = conf_list.split(",");
+    document.write("<td ALIGN=LEFT width=20% >" + disp_conf_type + ": </td>");
+    document.write("<td ALIGN=LEFT><select name=\"pname\" >");
+    for (var i=0; i < pset_list.length; i++) {
+        document.write("<option value=\""+ pset_list[i] + "\">" + pset_list[i] + "</option>\n");
+    }
+    document.write("</select></td></tr>");
+    document.write("</table>");
+    
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr><td><input TYPE=submit VALUE=Review> </td>");
+    document.write("<td><input TYPE=button VALUE=Cancel  onClick=\"doCancel();\"></td>");
+    document.write("</tr>");
+    document.write("</table>");
+    document.write("</form>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/agentViewConfig.template b/dogtag/tps-ui/shared/docroot/tokendb/agentViewConfig.template
new file mode 100644
index 000000000..29f2dd1d5
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/agentViewConfig.template
@@ -0,0 +1,187 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : " + disp_conf_type + " Review </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+    }
+    return true;
+}
+
+function doViewConfig(form) {
+        var uri = "";
+        var s = document.editConfigForm.pvalues.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doDelete() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_state.replace(/_/g, " ") + "</td></tr>");
+
+    document.write("<form NAME =\"viewConfigForm\" METHOD=POST onSubmit=\"return doViewConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=agent_change_config_state\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<td colspan=4>\n");
+    if ((typeof(conf_values) == "undefined") || (conf_values.length == 0) ) {
+        document.write("<textarea name=pvalues cols=100 rows=40 style=\"color:#000000\" disabled=disabled >\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=pvalues cols=100 rows=40 style=\"color:#000000\" disabled=disabled >\n");
+        document.write(conf_values.replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td></tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr>\n");
+    document.write("<td align=left>\n");
+    if (conf_state == "Enabled") {
+        document.write("<input TYPE=submit name=choice VALUE=Disable>");
+    } else {
+        document.write("<input TYPE=submit name=choice VALUE=Disable disabled=disabled>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    if (conf_state == "Pending_Approval") {
+        document.write("<input TYPE=submit name=choice VALUE=Reject >");
+    } else {
+        document.write("<input TYPE=submit name=choice VALUE=Reject disabled=disabled>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    if ((conf_state == "Disabled") || (conf_state == "Pending_Approval")) {
+        document.write("<input TYPE=submit name=choice VALUE=\"Approve and Enable\">");
+    } else {
+        document.write("<input TYPE=submit name=choice VALUE=\"Approve and Enable\" disabled=disabled>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</form>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/auditAdmin.template b/dogtag/tps-ui/shared/docroot/tokendb/auditAdmin.template
new file mode 100644
index 000000000..46abadf6c
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/auditAdmin.template
@@ -0,0 +1,213 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Configure Audit Logging</font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doUpdateAudit(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<BR>");
+    document.write("<form NAME =\"editAuditForm\" METHOD=POST onSubmit=\"return doUpdateAudit(this);\">");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=update_audit_admin\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Enable Audit Logging:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if (signedAuditEnable == "true") {
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"true\" checked> Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"false\"> Disable");
+    } else {
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"true\" > Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=auditEnable VALUE=\"false\" checked> Disable");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Enable Audit Log Signing:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if (logSigningEnable == "true") {
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"true\" checked> Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"false\"> Disable");
+    } else {
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"true\" > Enable &nbsp;&nbsp;&nbsp;");
+        document.write("<input TYPE=RADIO NAME=logSigningEnable VALUE=\"false\" checked> Disable");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Audit Log Signing Interval (seconds):&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=logSigningInterval VALUE=\"" + signedAuditLogInterval + "\" />");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Audit Log Signing Buffer Size (bytes, minimum 512):&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=logSigningBufferSize VALUE=\"" + signedAuditLogBufferSize + "\" />");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    var nonselectable_array = signedAuditNonSelectableEvents.split(",");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Events Always Logged:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<textarea name=nonselect cols=40 rows=10 >\n");
+    for (var i=0; i< nonselectable_array.length; i++) {
+        document.write(nonselectable_array[i] + "\n");
+    }
+    document.write("</textarea>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<p> Selected Optional Events to be logged: </p>");
+    var selectable_array = signedAuditSelectableEvents.split(",");
+    var signedAuditSelectedEvents_tmp = "," + signedAuditSelectedEvents + ",";
+
+
+    if ((typeof(selectable_array) != "undefined") && (selectable_array.length > 0)) {
+        document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+        for (var i=0; i < selectable_array.length; i++) {
+            if (i % 3 == 0) {
+                document.write("<tr bgcolor=#e5e5e5>\n");
+            }
+            document.write("<td>" + selectable_array[i] + "</td>");
+            if (signedAuditSelectedEvents_tmp.search("," + selectable_array[i] + ",") != -1) {
+                document.write("<td><input type=checkbox name=\"event_" + i + "\" value=\"" + selectable_array[i] + "\" checked></td>");
+            } else {
+                document.write("<td><input type=checkbox name=\"event_" + i + "\" value=\"" + selectable_array[i] + "\"></td>");
+            }
+
+            if ((i % 3 == 2) || (i == (selectable_array.length - 1))) {
+                document.write("</tr>");
+            }
+        }
+        document.write("</table>");
+    } else {
+        document.write("<p>There are no optional events to select.</p>");
+    }
+
+    document.write("<input type=hidden name=\"nEvents\" value=" + selectable_array.length + ">");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=Update>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/confirmConfigChanges.template b/dogtag/tps-ui/shared/docroot/tokendb/confirmConfigChanges.template
new file mode 100644
index 000000000..8dfe53554
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/confirmConfigChanges.template
@@ -0,0 +1,234 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+String.prototype.htmlEntities = function () {
+   return this.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+};
+
+
+String.prototype.unescapeEntry = function () {
+   return this.replace(/&dbquote/g,'\"').replace(/&singlequote/g,'\'').replace(/&lessthan/g,'<').replace(/&greaterthan/g, '>');
+};
+
+String.prototype.escapeEntry = function () {
+   return this.replace(/\"/g,'&dbquote').replace(/\'/g,'&singlequote').replace(/</g,'&lessthan').replace(/>/g, '&greaterthan');
+};
+
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+    }
+    return true;
+}
+
+function doConfirmConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doBack(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+    document.write("<p> Please confirm changes to the " + disp_conf_type + ": " + conf_name + "</p>");
+    document.write("<BR/>");
+
+    document.write("<form NAME =\"confirmConfigForm\" METHOD=POST onSubmit=\"return doConfirmConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=save_config_changes\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=added_params VALUE='" + added_str + "'>");
+    document.write("<input TYPE=hidden NAME=deleted_params VALUE='" + deleted_str + "'>");
+    document.write("<input TYPE=hidden NAME=changed_params VALUE='" + changed_str + "'>");
+    document.write("<input TYPE=hidden NAME=new_config VALUE=false>");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+    document.write("<input TYPE=hidden NAME=approval_requested VALUE=\"" + conf_approval_requested + "\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> <font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\"> Parameters added: </font></td>");
+    document.write("<td>");
+    if ((typeof(added_str) == "undefined") || (added_str.length == 0) ) {
+        document.write("<textarea name=disp_added_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=disp_added_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write(added_str.unescapeEntry().replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> <font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\"> Parameters deleted: </font></td>");
+    document.write("<td>");
+    if ((typeof(deleted_str) == "undefined") || (deleted_str.length == 0) ) {
+        document.write("<textarea name=disp_deleted_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=disp_deleted_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write(deleted_str.unescapeEntry().replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> <font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\"> Parameters changed: </font></td>");
+    document.write("<td>");
+    if ((typeof(changed_str) == "undefined") || (changed_str.length == 0) ) {
+        document.write("<textarea name=disp_changed_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=disp_changed_params cols=100 rows=10 style=\"color:#000000\" disabled=disabled>\n");
+        document.write(changed_str.unescapeEntry().replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=\"Confirm Changes\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+
+    document.write("<td>\n");
+    document.write("<form NAME =\"backForm\" METHOD=POST onSubmit=\"return doBack(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=return_to_edit_config_parameter\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=pvalues VALUE=\"" + conf_values.escapeEntry() + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+    document.write("<input TYPE=hidden NAME=pstate VALUE=\"" + conf_state + "\">");
+    document.write("<input TYPE=submit VALUE=\"Back\">");
+    document.write("</form>\n");
+    document.write("</td>\n");
+
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/confirmDeleteConfig.template b/dogtag/tps-ui/shared/docroot/tokendb/confirmDeleteConfig.template
new file mode 100644
index 000000000..08fc65cdc
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/confirmDeleteConfig.template
@@ -0,0 +1,173 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Delete " + disp_conf_type + " Confirmation </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+    }
+    return true;
+}
+
+function doUpdateConfig(form) {
+        var uri = "";
+        var s = document.editConfigForm.pvalues.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        document.editConfigForm.pvalues.value = s.replace(/\n/g, "&&");
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doDelete() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_state.replace(/_/g, " ") + "</td></tr>");
+
+    document.write("<form NAME =\"editConfigForm\" METHOD=POST onSubmit=\"return doUpdateConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=delete_config_parameter\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<td align=left colspan=4>\n");
+    if ((typeof(conf_values) == "undefined") || (conf_values.length == 0) ) {
+        document.write("<textarea name=pvalues style=\"color:#000000\" cols=100 rows=40 disabled=disabled>\n");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=pvalues cols=100 style=\"color:#000000\" rows=40 disabled=disabled>\n");
+        document.write(conf_values.replace(/&&/g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td></tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+    document.write("<tr valign=top>\n");
+    document.write("<td>\n");
+    document.write("Are you sure?");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=\"Delete\">");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/delete.template b/dogtag/tps-ui/shared/docroot/tokendb/delete.template
new file mode 100644
index 000000000..eb854fdd2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/delete.template
@@ -0,0 +1,294 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr valign=top>\n");
+    document.write("<td>\n");
+    document.write("Are you sure?");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=delete><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=Delete></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/deleteResults.template b/dogtag/tps-ui/shared/docroot/tokendb/deleteResults.template
new file mode 100644
index 000000000..4d7d09871
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/deleteResults.template
@@ -0,0 +1,74 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(tid) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Missing " + deleteType + " ID</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write(deleteType + " record "+tid+" has been deleted.</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+}
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/doToken.template b/dogtag/tps-ui/shared/docroot/tokendb/doToken.template
new file mode 100644
index 000000000..a86288c7c
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/doToken.template
@@ -0,0 +1,360 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+function check_transition(state, tlist) {
+    for (var i=0; i < tlist.length; i++) {
+        if (state == tlist[i]) {
+            return true;
+        }
+    }
+    return false;
+}
+
+if (rc == "0") {
+    document.write("<b>The operation has been successful.</b>");
+    document.write("<p>\n");
+} else if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=60%>\n");
+    var transitions = allowed_transitions.split(",");
+    if (allowed_transitions != "") {
+        document.write("<form method='get' action='tus'><select name=\"question\">");
+
+        if (check_transition(1, transitions)) {
+            document.write("<option value=\"1\" >This token has been physically damaged.</option>");
+        } else {
+            document.write("<option value=\"1\" disabled=true >This token has been physically damaged.</option>");
+        }
+        if (check_transition(2, transitions)) {
+            document.write("<option value=\"2\">This token has been permanently lost.</option>");
+        } else {
+            document.write("<option value=\"2\" disabled=true >This token has been permanently lost.</option>");
+        }
+        if (check_transition(3, transitions)) {
+            document.write("<option value=\"3\" >This token has been temporarily lost.</option>");
+        } else {
+            document.write("<option value=\"3\" disabled=true >This token has been temporarily lost.</option>");
+        }
+        if (check_transition(4, transitions)) {
+            document.write("<option value=\"4\" >This temporarily lost token has been found.</option>");
+        } else {
+            document.write("<option value=\"4\" disabled=true >This temporarily lost token has been found.</option>");
+        }
+        if (check_transition(5, transitions)) {
+            document.write("<option value=\"5\" >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        } else {
+            document.write("<option value=\"5\" disabled=true >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        }
+        if (check_transition(6, transitions)) {
+            document.write("<option value=\"6\" >This token has been terminated.</option>");
+        } else {
+            document.write("<option value=\"6\" disabled=true >This token has been terminated.</option>");
+        }
+        document.write("</select><input type=hidden name=op value=do_token><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    }
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=edit><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Edit\"></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/doTokenConfirm.template b/dogtag/tps-ui/shared/docroot/tokendb/doTokenConfirm.template
new file mode 100644
index 000000000..88068af78
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/doTokenConfirm.template
@@ -0,0 +1,344 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<td width=80%>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">");
+    document.write("Are you sure?");
+     document.write("</font>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=80%>\n");
+    document.write("<form method='get' action='tus'><select name=\"question\">");
+    if (question == '1') {
+      document.write("<option selected value=\"1\">This token has been physically damaged.</option>");
+    } else {
+      document.write("<option value=\"1\" disabled>This token has been physically damaged.</option>");
+    }
+    if (question == '2') {
+      document.write("<option selected value=\"2\">This token has been permanently lost.</option>");
+    } else {
+      document.write("<option value=\"2\" disabled>This token has been permanently lost.</option>");
+    }
+    if (question == '3') {
+      document.write("<option selected value=\"3\">This token has been temporarily lost.</option>");
+    } else {
+      document.write("<option value=\"3\" disabled>This token has been temporarily lost.</option>");
+    }
+    if (question == '4') {
+      document.write("<option selected value=\"4\">This temporarily lost token has been found.</option>");
+    } else {
+      document.write("<option value=\"4\" disabled>This temporarily lost token has been found.</option>");
+    }
+    if (question == '5') {
+      document.write("<option selected value=\"5\">This temporarily lost token cannot be found (becomes permanently lost).</option>");
+    } else {
+      document.write("<option value=\"5\" disabled>This temporarily lost token cannot be found (becomes permanently lost).</option>");
+    }
+    if (question == '6') {
+      document.write("<option selected value=\"6\">This token has been terminated.</option>");
+    } else {
+      document.write("<option value=\"6\" disabled>This token has been terminated.</option>");
+    }
+    document.write("</select><input type=hidden name=op value=do_token>");
+    document.write("<input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/edit.template b/dogtag/tps-ui/shared/docroot/tokendb/edit.template
new file mode 100644
index 000000000..2e926992b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/edit.template
@@ -0,0 +1,199 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Edit Token</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function doSave(form) {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    uri += "?op=save&tid="+results[0].cn;
+
+    if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+    }
+
+    if (results[0].tokenPolicy != form.tokenPolicy.value) {
+       uri += "&tokenPolicy=" + form.tokenPolicy.value;
+    }
+    uri += "&m=" + results[0].modified;
+    location.href = uri;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<FORM NAME =\"editForm\" ACTION=\"\" METHOD=GET>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=uid SIZE=20 VALUE="+results[0].tokenUserID+">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].tokenStatus+"\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=tokenPolicy SIZE=20 VALUE="+results[0].tokenPolicy+">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].tokenType+"\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Save onClick=\"doSave(editForm);\">");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("</form>\n");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/editConfig.template b/dogtag/tps-ui/shared/docroot/tokendb/editConfig.template
new file mode 100644
index 000000000..ff52f90d9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/editConfig.template
@@ -0,0 +1,237 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2010 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+String.prototype.htmlEntities = function () {
+   return this.replace(/&/g,'&amp;').replace(/</g,'&lt;').replace(/>/g,'&gt;');
+};
+
+String.prototype.unescapeEntry = function () {
+   return this.replace(/&dbquote/g,'\"').replace(/&singlequote/g,'\'').replace(/&lessthan/g,'<').replace(/&greaterthan/g, '>');
+};
+
+String.prototype.escapeEntry = function () {
+   return this.replace(/\"/g,'&dbquote').replace(/\'/g,'&singlequote').replace(/</g,'&lessthan').replace(/>/g, '&greaterthan');
+};
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+// validate according to the pattern
+function validate_form(s) {
+    var s_array = s.split("\n");
+    var reg = new RegExp(conf_pattern.replace(/\$name/g, conf_name));
+
+    for (var i=0; i< s_array.length ; i++) {
+        var key_value = s_array[i].split("=");
+        if (! reg.test(key_value[0])) {
+            alert(key_value[0] + " is not a valid parameter.\nValid parameters have the format " + conf_pattern.replace(/\$name/g, conf_name));
+            return false;
+        }
+    }
+    return true;
+}
+
+function doUpdateConfig(form) {
+        var uri = "";
+        var s = document.editConfigForm.pvalues.value;
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(s)) {
+            document.editConfigForm.pvalues.value = s.escapeEntry().replace(/\n/g, "&&");
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doDelete() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5>" + disp_conf_type + ": </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_name + "</td></tr>");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Status: </td>\n");
+    document.write("<td align=left width=20% colspan=4>" + conf_state.replace(/_/g, " ") + "</td></tr>");
+
+    document.write("<form NAME =\"editConfigForm\" METHOD=POST onSubmit=\"return doUpdateConfig(this);\">\n");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=confirm_config_changes\">");
+    document.write("<input TYPE=hidden NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<input TYPE=hidden NAME=pname VALUE=\"" + conf_name + "\">");
+    document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+
+    document.write("<tr><td align=left width=20% bgcolor=#e5e5e5> Contents: </td>\n");
+    document.write("<td align=left colspan=4>\n");
+    if ((typeof(conf_values) == "undefined") || (conf_values.length == 0) ) {
+        if ((conf_state == "Disabled") || (agent_must_approve != "true")) {
+            document.write("<textarea name=pvalues cols=100 rows=40>\n");
+            document.write("</textarea>\n");
+        } else {
+            document.write("<textarea name=pvalues style=\"color:#000000\" cols=100 rows=40 disabled=disabled>\n");
+            document.write("</textarea>\n");
+        }
+    } else {
+        if ((conf_state == "Disabled") || (agent_must_approve != "true")) {
+            document.write("<textarea name=pvalues cols=100 rows=40>\n");
+            document.write(conf_values.unescapeEntry().replace(/&&/g, "\r\n"));
+            document.write("</textarea>\n");
+        } else {
+            document.write("<textarea name=pvalues cols=100 style=\"color:#000000\" rows=40 disabled=disabled>\n");
+            document.write(conf_values.unescapeEntry().replace(/&&/g, "\r\n"));
+            document.write("</textarea>\n");
+        }
+    }
+    document.write("</td></tr>\n");
+    document.write("</table>\n");
+
+    document.write("<HR NOSHADE SIZE=1>");
+    document.write("<DIV ALIGN=RIGHT>");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=4>\n");
+
+    document.write("<tr>\n");
+    document.write("<td align=left>\n");
+    if ((conf_state == "Disabled") || (agent_must_approve != "true")) {
+        document.write("<input name=choice TYPE=submit VALUE=Save>");
+    } else {
+        document.write("<input name=choice TYPE=submit VALUE=Save disabled=disabled>");
+    }
+    document.write("</td>\n");
+
+    document.write("<td align=left>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+
+    if (agent_must_approve == "true") {
+        document.write("<td align=left>\n");
+        if (conf_state == "Disabled") {
+            document.write("<input name=choice TYPE=submit VALUE=\"Submit For Approval\">");
+        } else {
+            document.write("<input name=choice TYPE=submit VALUE=\"Submit For Approval\" disabled=disabled>");
+        }
+        document.write("</td>\n");
+    }
+
+    document.write("</form>\n");
+
+    if (conf_type != "Generals") {
+        document.write("<td align=left>\n");
+        document.write("<form name=deleteConfig method=POST onSubmit=\"return doDelete(this);\">\n");
+        document.write("<input type=hidden name=query value=\"op=confirm_delete_config\">");
+        document.write("<input type=hidden name=pname value=\"" + conf_name + "\">");
+        document.write("<input type=hidden name=ptype value=\"" + conf_type + "\">");
+        document.write("<input type=hidden name=pvalues value=\"" + conf_values.escapeEntry() + "\">");
+        document.write("<input type=hidden name=pstate value=\"" + conf_state + "\">");
+        document.write("<input TYPE=hidden NAME=ptimestamp VALUE=\"" + conf_tstamp + "\">");
+        if ((conf_state == "Disabled")|| (agent_must_approve != "true")) {
+            document.write("<input TYPE=submit VALUE=\"Delete\">");
+        } else {
+            document.write("<input TYPE=submit VALUE=\"Delete\" disabled=disabled>");
+        }
+        document.write("</form>");
+        document.write("</td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/editResults.template b/dogtag/tps-ui/shared/docroot/tokendb/editResults.template
new file mode 100644
index 000000000..d5d7c7dc2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/editResults.template
@@ -0,0 +1,75 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(tid) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Missing token ID</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Token record <a href=\"tus?op=show&tid=" + tid + "\">"+tid+"</a> has been updated.</font>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/editUser.template b/dogtag/tps-ui/shared/docroot/tokendb/editUser.template
new file mode 100644
index 000000000..2a69e65f4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/editUser.template
@@ -0,0 +1,313 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Edit User</font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+        if (validate_required(firstName,"First Name is required")==false) {
+            firstName.focus();
+            return false;
+        }
+        if (validate_required(lastName,"Last Name is required")==false) {
+            lastName.focus();
+            return false;
+        }
+        if (validate_required(userCert,"User Certificate is required")==false) {
+            userCert.focus();
+            return false;
+        }
+
+    }
+}
+
+function doUpdateUser(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(this)) {
+            this.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+function doUpdateUserProfile(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+function doCheckBox(val) {
+    document.addUserProfileForm.other_profile.disabled = false;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many users to edit</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<form NAME =\"editUserForm\" METHOD=POST onSubmit=\"return doUpdateUser(this);\">");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=save_user\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "UserID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].uid+"</font>\n");
+    document.write("<input TYPE=HIDDEN NAME=uid VALUE=\"" + results[0].uid + "\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "First Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=firstName SIZE=20 VALUE=\""+
+                   ((typeof(results[0].givenName) == 'undefined')?'':results[0].givenName)+"\">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=TEXT NAME=lastName SIZE=20 VALUE=\""+results[0].sn+"\">\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Role:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td ><input type=checkbox name=opOperator value=Operators " + operator + ">Operator</td>\n");
+    document.write("<td ><input type=checkbox name=opAgent value=Agents " + agent + ">Agent</td>\n");
+    document.write("<td ><input type=checkbox name=opAdmin value=Administrators " + admin + ">Administrator</td>\n");
+    document.write("</tr>\n");
+    
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Certificate:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if ((typeof(results[0].userCertificate) == "undefined") || (results[0].userCertificate.length == 0) ) {
+        document.write("<textarea name=userCert cols=40 rows=10>\n");
+        document.write("Paste the base 64 user certificate here (without the header and footer)");
+        document.write("</textarea>\n");
+    } else {
+        document.write("<textarea name=userCert cols=40 rows=10>\n");
+        document.write(results[0].userCertificate.replace(/\.\./g, "\r\n"));
+        document.write("</textarea>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    if ((typeof(results[0].profileID) != "undefined") && (results[0].profileID.length != 0)) {
+
+        var profile_array = results[0].profileID.split("#");
+        document.write("<input TYPE=HIDDEN NAME=nProfiles VALUE=\"" + profile_array.length + "\">");
+        document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+        document.write("<tr bgcolor=#e5e5e5>\n");
+
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "Profile ID</font>\n");
+        document.write("</td>\n");
+
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "Remove Profile Access</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+
+        for (var i=0; i < profile_array.length; i++) {
+            document.write("<tr>\n");
+            document.write("<td>\n");
+            document.write(profile_array[i]);
+            document.write("<input type=hidden name=\"profile_" + i + "\" value=\""+ profile_array[i] + "\">");
+            document.write("</td>\n");
+            document.write("<td><input type=checkbox name=\"delete_" + i + "\" value=\"delete\"></td>\n");
+            document.write("</tr>\n");
+        }
+        document.write("</table>\n");
+    } else {
+        document.write("<p>Profile Memberships</p>");
+    }
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=Update>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("</form>\n");
+    document.write("<td>\n");
+    document.write("<form name=deleteUser method=GET action='tus'>\n");
+    document.write("<input type=hidden name=op value=user_delete_confirm>");
+    document.write("<input type=hidden name=uid value=" + results[0].uid + ">");
+    document.write("<input TYPE=submit VALUE=\"Delete User\">");
+    document.write("</form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+
+    if ((typeof(start_val) != "undefined") && (start_val > 0) && (typeof(num_profiles_to_display) != "undefined")) {
+        var new_start = start_val - num_profiles_to_display;
+        if (new_start < 0) new_start =0;
+        document.write("<td> <form name=prev_edit method=get action=\"doCancel()\">");
+        document.write("<input TYPE=hidden name=op VALUE=edit_user>");
+        document.write("<input TYPE=hidden name=uid VALUE=" + results[0].uid + ">");
+        document.write("<input TYPE=hidden name=start_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_profile_vals) != "undefined") && (has_more_profile_vals == "true")) {
+        var new_start = end_val;
+        document.write("<td> <form method=get name=prev_edit action=\"doCancel()\">");
+        document.write("<input TYPE=hidden name=op VALUE=edit_user>");
+        document.write("<input TYPE=hidden name=uid VALUE=" + results[0].uid + ">");
+        document.write("<input TYPE=hidden name=start_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>");
+
+    document.write("<form NAME =\"addUserProfileForm\" METHOD=POST onSubmit=\"return doUpdateUserProfile(this);\">");
+    document.write("<tr>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 >\n");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=add_profile_user\">");
+    document.write("<input TYPE=HIDDEN NAME=uid VALUE=\"" + results[0].uid + "\">");
+    document.write("<td>Add new profile: <select name=\"profile_0\" onChange=\"doCheckbox(this.options[selectedIndex].value)\">");
+    for (var i=0; i < profile_list.length; i++) {
+        document.write("<option value=\""+ profile_list[i] + "\">" + profile_list[i] + "</option>\n");
+    }
+    document.write("</select></td>");
+    document.write("<td><input type=text name=other_profile></td>");
+    document.write("<td><input TYPE=submit VALUE=\"Add Profile\"></td></tr>");
+    document.write("</table>");
+    document.write("</form>\n");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/error.template b/dogtag/tps-ui/shared/docroot/tokendb/error.template
new file mode 100644
index 000000000..f698925d0
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/error.template
@@ -0,0 +1,73 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS Error!</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+document.write("<font size=-1 face=\"PrimaSans BT, Verdana, sans-serif\">\n");
+
+if (typeof(error) == "undefined") {
+    document.write("TUS encountered undefined error.");
+} else {
+    document.write(""+error);
+}
+
+document.write("</font>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/index.template b/dogtag/tps-ui/shared/docroot/tokendb/index.template
new file mode 100644
index 000000000..d49a69b61
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/index.template
@@ -0,0 +1,151 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS Agent</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a></font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\"><b>UID:</b>" + 
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+    if (form.uid.value == "" && form.tid.value == "") {
+        alert("Enter token or user ID");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        if (form.tid.value.length > 0) uri += "&tid=" + form.tid.value;
+        if (form.uid.value.length > 0) uri += "&uid=" + form.uid.value;
+        location.href = uri;
+    }
+}
+
+var lastCol = 100;
+document.write("<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%><tr>");
+if ((typeof(operatorAuth) != "undefined") && (operatorAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_operator\">Operator Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(agentAuth) != "undefined") && (agentAuth == "true")) {
+    document.write("<td bgcolor=\"#e5e5e5\" width=\"20%\"><a href=\"/tus\">Agent Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(adminAuth) != "undefined") && (adminAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_admin\">Administrator Operations</td>");
+    lastCol -= 20;
+}
+document.write("<td width=\"" + lastCol + "%\"></td>");
+document.write("</tr></table>");
+
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%>
+<tr>
+    <td bgcolor=#e5e5e5>&nbsp;</td>
+</tr>
+</table>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td><i>Tokens</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search">List/Search Tokens</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Certificates</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_certificate">List/Search Certificates</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Activities</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_activity">List/Search Activities</a></td>
+  </tr>
+  <tr>
+    <td></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Advanced Configuration</i></td>
+  </tr>
+  <SCRIPT type="text/JavaScript">
+  <!--
+    var target_array = agent_target_list.split(",");
+    for (var i=0; i< target_array.length ; i++) {
+      document.write("<tr><td>&bull;&nbsp;<a href=\"tus?op=agent_select_config&type=" + target_array[i] + "\">" +
+          target_array[i].replace(/_/g, " ") + "</a></td> </tr>");
+    }
+  //-->
+  </SCRIPT>
+
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/indexAdmin.template b/dogtag/tps-ui/shared/docroot/tokendb/indexAdmin.template
new file mode 100644
index 000000000..9164dd748
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/indexAdmin.template
@@ -0,0 +1,176 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS Admin</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\"><b>UID:</b>" + 
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function submitEditForm(form) {
+    document.editForm.submit();
+}
+
+function doFind(form) {
+    if (form.uid.value == "" && form.tid.value == "") {
+        alert("Enter token or user ID");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        if (form.tid.value.length > 0) uri += "&tid=" + form.tid.value;
+        if (form.uid.value.length > 0) uri += "&uid=" + form.uid.value;
+        location.href = uri;
+    }
+}
+var lastCol = 100;
+document.write("<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%><tr>");
+if ((typeof(operatorAuth) != "undefined") && (operatorAuth == "true")) {  
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_operator\">Operator Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(agentAuth) != "undefined") && (agentAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus\">Agent Operations</td>");
+    lastCol -=20;
+}
+if ((typeof(adminAuth) != "undefined") && (adminAuth == "true")) {
+    document.write("<td bgcolor=\"#e5e5e5\" width=\"20%\"><a href=\"/tus?op=index_admin\">Administrator Operations</td>");
+    lastCol -=20;
+}
+document.write("<td width=\"" + lastCol + "%\"></td>");
+document.write("</tr></table>");
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%>
+<tr>
+    <td bgcolor=#e5e5e5>&nbsp;</td>
+</tr>
+</table>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td></td>
+  </tr>
+  <tr>
+    <td><i>Tokens</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_admin">List/Search Tokens</a></td>
+  </tr>
+   <tr>
+    <td>&bull;&nbsp;<a href="tus?op=new">Add New Token</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr> 
+    <td><i>Users</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=add_user?tid=&uid=">Add User</a></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=view_users">List Users</a></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_users">Search Users</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+   <tr>
+    <td><i>Activities</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_activity_admin">List/Search Activities</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+   <tr>
+    <td><i>Self Tests</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=self_test">Run Self Tests</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+   <tr>
+    <td><i>Auditing</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=audit_admin">Configure Signed Audit</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Advanced Configuration</i></td>
+  </tr>
+  <SCRIPT type="text/JavaScript">
+  <!--
+    var target_array = target_list.split(","); 
+    for (var i=0; i< target_array.length ; i++) {
+      document.write("<tr><td>&bull;&nbsp;<a href=\"tus?op=select_config_parameter&type=" + target_array[i] + "\">" +
+          target_array[i].replace(/_/g, " ") + "</a></td> </tr>");
+    }
+  //-->
+  </SCRIPT>
+  <tr>
+    <form name="editForm" method=POST action="tus" >
+        <input TYPE=hidden NAME=query VALUE="op=edit_config_parameter">
+        <input TYPE=HIDDEN NAME=ptype VALUE="Generals">
+        <input TYPE=HIDDEN NAME=pname VALUE="General">
+        <td>&bull;&nbsp;<a href="javascript:submitEditForm(this)">General</a></td>
+    </form>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/indexOperator.template b/dogtag/tps-ui/shared/docroot/tokendb/indexOperator.template
new file mode 100644
index 000000000..27b25c08a
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/indexOperator.template
@@ -0,0 +1,129 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS Operator</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\"><b>UID:</b>" + 
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+    if (form.uid.value == "" && form.tid.value == "") {
+        alert("Enter token or user ID");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        if (form.tid.value.length > 0) uri += "&tid=" + form.tid.value;
+        if (form.uid.value.length > 0) uri += "&uid=" + form.uid.value;
+        location.href = uri;
+    }
+}
+
+var lastCol = 100;
+document.write("<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%><tr>");
+if ((typeof(operatorAuth) != "undefined") && (operatorAuth == "true")) {
+    document.write("<td bgcolor=\"#e5e5e5\" width=\"20%\"><a href=\"/tus?op=index_operator\">Operator Operations</td>");
+    lastCol -= 20;
+}
+if ((typeof(agentAuth) != "undefined") && (agentAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus\">Agent Operations</td>");
+    lastCol -=20;
+}
+if ((typeof(adminAuth) != "undefined") && (adminAuth == "true")) {
+    document.write("<td width=\"20%\"><a href=\"/tus?op=index_admin\">Administrator Operations</td>");
+    lastCol -=20;
+}
+document.write("<td width=\"" + lastCol + "%\"></td>");
+document.write("</tr></table>");
+//-->
+</SCRIPT>
+
+<table BORDER=0 CELLSPACING=0 CELLPADDING=0 width=100%>
+<tr>
+    <td bgcolor=#e5e5e5>&nbsp;</td>
+</tr>
+</table>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td><i>Tokens</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search&top=operator">List/Search Tokens</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Certificates</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_certificate&top=operator">List/Search Certificates</a></td>
+  </tr>
+  <tr><td>&nbsp;</td></tr>
+  <tr>
+    <td><i>Activities</i></td>
+  </tr>
+  <tr>
+    <td>&bull;&nbsp;<a href="tus?op=search_activity&top=operator">List/Search Activities</a></td>
+  </tr>
+  <tr>
+    <td></td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/new.template b/dogtag/tps-ui/shared/docroot/tokendb/new.template
new file mode 100644
index 000000000..4e2950fbd
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/new.template
@@ -0,0 +1,93 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Add New Token</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doAdd(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=add";
+        uri += "&tid=" + form.tid.value;
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="addForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Add onClick="doAdd(addForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/newUser.template b/dogtag/tps-ui/shared/docroot/tokendb/newUser.template
new file mode 100644
index 000000000..c1e4f102b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/newUser.template
@@ -0,0 +1,179 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Admin Operations : Add New User</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function validate_required(field,alerttxt) {
+    with (field) {
+        if (value==null||value=="") {
+            alert(alerttxt);
+            return false;
+        }
+        else {
+            return true;
+        }
+    }
+}
+
+function validate_form(thisform) {
+    with (thisform) {
+        if (validate_required(userid,"Userid is required")==false) {
+            userid.focus();
+            return false;
+        } 
+        if (validate_required(firstName,"First Name is required")==false) {
+            firstName.focus();
+            return false;
+        }
+        if (validate_required(lastName,"Last Name is required")==false) {
+            lastName.focus();
+            return false;
+        }
+        if (validate_required(groupid,"Group ID is required")==false) {
+            groupid.focus();
+            return false;
+        }
+
+    }
+}
+
+function doAdd(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        if (validate_form(this)) {
+            document.addUserForm.action = uri;
+            return true;
+        } else {
+            return false;
+        }
+}
+
+    
+//-->
+</SCRIPT>
+
+<FORM NAME ="addUserForm" METHOD="POST" onSubmit="return doAdd(this)" >
+<input TYPE="hidden" NAME="query" VALUE="op=addUser">
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=userid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User First Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=firstName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User Last Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=lastName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Role:
+      </font>
+    </td>
+    <td> Operator
+      <input TYPE=CHECKBOX NAME=opOperator value="Operators" CHECKED>
+      &nbsp;&nbsp;&nbsp;&nbsp;Agent
+      <input TYPE=CHECKBOX NAME=opAgent value="Agents" >
+      &nbsp;&nbsp;&nbsp;&nbsp;Admin
+      <input TYPE=CHECKBOX NAME=opAdmin value="Administrators" >
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Certificate:
+      </font>
+    </td>
+    <td>
+      <textarea name="cert" cols="40" rows="10" >
+Paste the base 64 user certificate here (without the header and footer) 
+      </textarea>
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=submit VALUE="Add User" >
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/revoke.template b/dogtag/tps-ui/shared/docroot/tokendb/revoke.template
new file mode 100644
index 000000000..0f6c12aaf
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/revoke.template
@@ -0,0 +1,317 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=60%>\n");
+    document.write("<form method='get' action='tus'><select name=\"question\"><option value=\"1\">Is this token physically damaged?</option><option value=\"2\">Is this token permanently lost?</option><option value=\"3\">Is this token temporarily lost?</option><option value=\"4\">Is this temporarily lost token found?</option><option value=\"5\">Does this temporarily lost token become permanently lost?</option></select><input type=hidden name=op value=do_token><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=revoke><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Revoke\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    document.write("</td>\n");
+    document.write("<td width=10%>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=edit><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Edit\"></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/search.template b/dogtag/tps-ui/shared/docroot/tokendb/search.template
new file mode 100644
index 000000000..caf4fe7ba
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/search.template
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Search Tokens</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+            uri += "top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT SIZE=4 NAME=maxCount value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchActivity.template b/dogtag/tps-ui/shared/docroot/tokendb/searchActivity.template
new file mode 100644
index 000000000..7bf87c0b1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchActivity.template
@@ -0,0 +1,123 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Operator Operations : Search Activity</font>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Search Activity</font>\n");
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_activity";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+            uri += "top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchActivityAdmin.template b/dogtag/tps-ui/shared/docroot/tokendb/searchActivityAdmin.template
new file mode 100644
index 000000000..faec9c6e1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchActivityAdmin.template
@@ -0,0 +1,119 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Search Activity</font>\n");
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_activity_admin";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+            uri += "top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchActivityAdminResults.template b/dogtag/tps-ui/shared/docroot/tokendb/searchActivityAdminResults.template
new file mode 100644
index 000000000..d38d8569b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchActivityAdminResults.template
@@ -0,0 +1,234 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+    "<a href=\""+uri+"\">Main Menu</a> : Administrator Operations : Search Activity Results</font>\n");
+uri += "?op=show_admin&tid=";
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Activity ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "IP</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Operation</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Result</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td colspan=7>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">");
+    document.write("Details");
+    document.write("</font>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    for (var i = 0; i < results.length; i++) {
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       
+                        results[i].cn+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"" + uri + 
+                        results[i].tokenID+"\">" + results[i].tokenID + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenIP+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenOp+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenResult+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td colspan=7>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+ results[i].tokenMsg+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) && 
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchActivityResults.template b/dogtag/tps-ui/shared/docroot/tokendb/searchActivityResults.template
new file mode 100644
index 000000000..132fb8c97
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchActivityResults.template
@@ -0,0 +1,239 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Operator Operations : Search Activity Results</font>\n");
+    uri += "?op=show&top=operator&tid=";
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Agent Operations : Search Activity Results</font>\n");
+    uri += "?op=show&tid=";
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Activity ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "IP</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Operation</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Result</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<tr bgcolor=#cccccc>\n");
+    document.write("<td colspan=7>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">");
+    document.write("Details");
+    document.write("</font>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    for (var i = 0; i < results.length; i++) {
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       
+                        results[i].cn+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"" + uri + 
+                        results[i].tokenID+"\">" + results[i].tokenID + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenIP+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenOp+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenResult+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+        if (i % 2 == 0) {
+          document.write("<tr bgcolor='#eeeeee'>\n");
+        } else {
+          document.write("<tr >\n");
+        }
+        document.write("<td colspan=7>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+ results[i].tokenMsg+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchAdmin.template b/dogtag/tps-ui/shared/docroot/tokendb/searchAdmin.template
new file mode 100644
index 000000000..b18185299
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchAdmin.template
@@ -0,0 +1,115 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Search Tokens</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_admin";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchAdminResults.template b/dogtag/tps-ui/shared/docroot/tokendb/searchAdminResults.template
new file mode 100644
index 000000000..6e8d81fd4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchAdminResults.template
@@ -0,0 +1,222 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Administrator Operations : Search Results</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+uri += "?op=show_admin&tid=";
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modified</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+	for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "<a href=\""+uri+results[i].cn+"\">"+
+                        results[i].cn+"</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenStatus+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenAppletID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].keyInfo+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenPolicy+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfModify)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchCertificate.template b/dogtag/tps-ui/shared/docroot/tokendb/searchCertificate.template
new file mode 100644
index 000000000..df9d51c0d
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchCertificate.template
@@ -0,0 +1,118 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Search Certificates</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_certificate";
+        uri += "&tid=" + form.tid.value;
+        uri += "&uid=" + form.uid.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+           uri += "&top=operator";
+        }
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Token ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=tid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT SIZE=4 NAME=maxCount value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchCertificateResults.template b/dogtag/tps-ui/shared/docroot/tokendb/searchCertificateResults.template
new file mode 100644
index 000000000..51ac611a6
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchCertificateResults.template
@@ -0,0 +1,226 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Operator Operations : Search Certificate Results</font>\n");
+    cert_uri = uri + "?op=show_certificate&top=operator&cn=";
+    uri += "?op=show&top=operator&tid=";
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Agent Operations : Search Certificate Results</font>\n");
+    cert_uri = uri + "?op=show_certificate&cn=";
+    uri += "?op=show&tid=";
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Serial Number</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Subject</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Type</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Status</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Modified At</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+	for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\""+ cert_uri +
+                        results[i].cn+"\">" + results[i].cn + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        "0x" + results[i].tokenSerial+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenSubject+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"" + uri +
+                        results[i].tokenID+"\">" + results[i].tokenID + "</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenKeyType+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenStatus+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfModify)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchResults.template b/dogtag/tps-ui/shared/docroot/tokendb/searchResults.template
new file mode 100644
index 000000000..6b035debf
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchResults.template
@@ -0,0 +1,227 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Operator Operations : Search Results</font>\n");
+    uri += "?op=show&top=operator&tid=";
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Agent Operations : Search Results</font>\n");
+    uri += "?op=show&tid=";
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Created</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modified</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+	for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "<a href=\""+uri+results[i].cn+"\">"+
+                        results[i].cn+"</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenUserID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenStatus+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenReason+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].tokenAppletID+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].keyInfo+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfCreate)+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].dateOfModify)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchUser.template b/dogtag/tps-ui/shared/docroot/tokendb/searchUser.template
new file mode 100644
index 000000000..1aa63ca17
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchUser.template
@@ -0,0 +1,126 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Search Users</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doFind(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=view_users";
+        uri += "&uid=" + form.uid.value;
+        uri += "&firstName=" + form.firstName.value;
+        uri += "&lastName=" + form.lastName.value;
+        uri += "&maxCount=" + form.maxCount.value;
+        location.href = uri;
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="findForm" ACTION="" METHOD=GET>
+<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        User ID:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=uid SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        First Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=firstName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Last Name:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=lastName SIZE=20>
+    </td>
+  </tr>
+  <tr>
+    <td ALIGN=LEFT width=30%>
+      <font size=-1 face="PrimaSans BT, Verdana, sans-serif">
+        Max Count:
+      </font>
+    </td>
+    <td>
+      <input TYPE=TEXT NAME=maxCount SIZE=4 value="20">
+    </td>
+  </tr>
+</table>
+<HR NOSHADE SIZE=1>
+<DIV ALIGN=RIGHT>
+<input TYPE=button VALUE=Find onClick="doFind(findForm);">
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/searchUserResults.template b/dogtag/tps-ui/shared/docroot/tokendb/searchUserResults.template
new file mode 100644
index 000000000..7d4ce8fa0
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/searchUserResults.template
@@ -0,0 +1,190 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a> : Administrator Operations : Search Results</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+		"<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+uri += "?op=edit_user&uid=";
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Not Found</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Name</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Date Created</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Date Modified</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    for (var i = 0; i < results.length; i++) {
+        document.write("<tr>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                       "<a href=\""+uri+results[i].uid+"\">"+
+                        results[i].uid+"</a></font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        results[i].cn+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].createTimeStamp)+"</font>\n");
+        document.write("</td>\n");
+        document.write("<td>\n");
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                        checkDate(results[i].modifyTimeStamp)+"</font>\n");
+        document.write("</td>\n");
+        document.write("</tr>\n");
+    }
+    document.write("</table>\n");
+
+    document.write("<DIV ALIGN=LEFT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    if ((typeof(start_entry_val) != "undefined") && (start_entry_val > 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val - num_entries_per_page;
+        if (new_start < 0) new_start = 0;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form name=prev_entries method=get >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\<\"></form><td>\n");
+    }
+
+    if ((typeof(has_more_entries) != "undefined") && (has_more_entries == 1) &&
+        (typeof(num_entries_per_page) != "undefined") &&
+        (typeof(my_query) != "undefined")) {
+
+        var new_start = start_entry_val + num_entries_per_page;
+        var query = my_query.replace(/&*start_entry_val=\d*/,"");
+        var query_array = query.split("&");
+        document.write("<td> <form method=get name=next_entries >");
+        for (var i=0; i< query_array.length ; i++) {
+            var a = query_array[i].split("=");
+            document.write("<input TYPE=hidden name=" + a[0] + " VALUE=" + a[1] + ">");
+        }
+        document.write("<input TYPE=hidden name=start_entry_val VALUE=" + new_start + ">");
+        document.write("<input TYPE=submit VALUE=\"\>\"></form><td>\n");
+    }
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</div>\n");
+
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+    if (typeof(results) != "undefined" && results.length > 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-2\">");
+        if (typeof(results) != "undefined" || results.length == 0) {
+            if (typeof(limited) != "undefined" && typeof(total) != "undefined") {
+                document.write("<br>" + limited + " of " + total + " Search Results Returned\n");
+            } else if (typeof(total) != "undefined") {
+                document.write("<br>Total Search Results Returned: " + total + "\n");
+            }
+        }
+        document.write("</font>");
+    }
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/selectConfig.template b/dogtag/tps-ui/shared/docroot/tokendb/selectConfig.template
new file mode 100644
index 000000000..c28f03efe
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/selectConfig.template
@@ -0,0 +1,137 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This library is free software; you can redistribute it and/or
+     modify it under the terms of the GNU Lesser General Public
+     License as published by the Free Software Foundation.
+     
+     This library is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+     Lesser General Public License for more details.
+     
+     You should have received a copy of the GNU Lesser General Public
+     License along with this library; if not, write to the Free Software
+     Foundation, Inc., 51 Franklin Street, Fifth Floor,
+     Boston, MA  02110-1301  USA 
+     
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000000">
+  <tr>
+    <td> 
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white">Red Hat<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</font></td>
+        </tr>
+      </table>
+    </td> 
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : " + disp_conf_type + " Configuration </font>\n");
+
+if ((typeof(flash) != "undefined") && (flash != "")) {
+    document.write("<table width=\"100%\"><tr><td align=\"left\">" +
+        "<font color=\"#ff0000\"><b>" + flash.replace(/\+/g, " ") + "</b><font>" +
+        "</td></tr></table>\n");
+}
+
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" + userid
+                + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doAddConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        // need to validate that pname is not empty
+        this.action = uri;
+        return true;
+}
+
+function doEditConfig(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr bgcolor=#e5e5e5> <p>  Use this form to add or modify " + conf_type.replace(/_/g, " ").toLowerCase() + ".  <br> Either select an item " + 
+         " to edit in the drop-down box below and click \"Edit\", <br> or fill in the name of a new " + disp_conf_type.toLowerCase() + 
+         " and click the \"Add\" button.</p></tr>");
+
+    document.write("<form NAME =\"selectEditConfigForm\" METHOD=POST onSubmit=\"return doEditConfig(this);\">");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=edit_config_parameter\">");
+    document.write("<input TYPE=HIDDEN NAME=ptype VALUE=\"" + conf_type + "\">");
+
+    var pset_list = conf_list.split(",");
+    document.write("<tr>");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> Edit an existing " + disp_conf_type + ": </td>");
+    document.write("<td ALIGN=LEFT width=30%><select name=\"pname\">");
+    for (var i=0; i < pset_list.length; i++) {
+        document.write("<option value=\""+ pset_list[i] + "\">" + pset_list[i] + "</option>\n");
+    }
+    document.write("</select></td>");
+    document.write("<td ALIGN=LEFT width=30%><input TYPE=submit VALUE=Edit></td></tr>");
+    document.write("</form>\n");
+
+    document.write("<form NAME =\"selectAddConfigForm\" METHOD=POST onSubmit=\"return doAddConfig(this);\">");
+    document.write("<input TYPE=hidden NAME=query VALUE=\"op=add_config_parameter\">");
+    document.write("<input TYPE=HIDDEN NAME=ptype VALUE=\"" + conf_type + "\">");
+    document.write("<tr>");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5> Add a new " + disp_conf_type + ": </td>");
+    document.write("<td ALIGN=LEFT width=30%> <input type=text name=pname></td> ");
+    document.write("<td ALIGN=LEFT width=30%><input TYPE=submit VALUE=Add></td></tr>");
+    document.write("</table>");
+    document.write("</form>\n");
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/selfTest.template b/dogtag/tps-ui/shared/docroot/tokendb/selfTest.template
new file mode 100644
index 000000000..22002f52d
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/selfTest.template
@@ -0,0 +1,129 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Admin Operations : Run Self Tests</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function runSelfTest(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus"
+        } else {
+            uri += uriBase;
+        }
+        if (enabledTests > 0) {
+            document.selfTestForm.action = uri;
+            return true;
+        } else {
+            alert("Self tests are not enabled.");
+            return false;
+        }
+}
+//-->
+</SCRIPT>
+
+<FORM NAME ="selfTestForm" METHOD="POST" onSubmit="return runSelfTest(this)" >
+<input TYPE="hidden" NAME="query" VALUE="op=run_self_test">
+
+<SCRIPT type="text/JavaScript">
+<!--
+if ((typeof(test_list) != "undefined") && (test_list.length > 0)) {
+    document.write("<center>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr bgcolor=#e5e5e5>\n");
+    document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;Enable&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+    document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;Critical&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+    document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;Test&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+    document.write("</tr>\n");
+    var enabledTests = 0
+    for (var i = 0, k = 1; i < test_list.length; i++) {
+        document.write("<tr bgcolor=#efefef>\n");
+        document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;");
+        document.write("<input type=checkbox name=\"enable"+test_list[i]+"\" value=\"enable"+test_list[i]+"\" ");
+        if ((typeof(enabled) != "undefined") && (enabled & k)) {
+            document.write("CHECKED");
+            enabledTests++;
+        }
+        document.write(" DISABLED>\n");
+        document.write("&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+        document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;");
+        document.write("<input type=checkbox name=\"critical"+test_list[i]+"\" value=\"critical"+test_list[i]+"\" ");
+        if ((typeof(critical) != "undefined") && (critical & k)) {
+            document.write("CHECKED");
+        }
+        document.write(" DISABLED>\n");
+        document.write("&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+        document.write("<td><font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">&nbsp;&nbsp;&nbsp;&nbsp;");
+        document.write(test_list[i]);
+        document.write("&nbsp;&nbsp;&nbsp;&nbsp;</font></td>\n");
+        document.write("</tr>\n");
+        k *= 2;
+    }
+    document.write("</table>\n");
+    document.write("<HR NOSHADE SIZE=1>\n");
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<input TYPE=submit VALUE=\"Run\">\n");
+} else {
+    document.write("Error: Missing self test list.\n");
+    document.write("<HR NOSHADE SIZE=1>\n");
+}
+//-->
+</SCRIPT>
+
+</form>
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/selfTestResults.template b/dogtag/tps-ui/shared/docroot/tokendb/selfTestResults.template
new file mode 100644
index 000000000..3495abaf6
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/selfTestResults.template
@@ -0,0 +1,113 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri = "";
+if (typeof(uriBase) == "undefined") {
+    uri += "/tus";
+} else {
+    uri += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri+"\">Main Menu</a></font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+if (typeof(result) == "undefined") {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+    document.write("Error: Missing self test results.</font>\n");
+} else {
+    if (typeof(test_list) == "undefined" || test_list.length == 0) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+        document.write("Error: List of self tests is not available.</font>\n");
+    } else {
+        var enabledTests = 0
+        for (var i = 0, k = 1; i < test_list.length; i++) {
+            if ((typeof(enabled) != "undefined") && (enabled & k)) {
+                enabledTests++;
+            }
+            k *= 2;
+        }
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">\n");
+        if (enabledTests == 0) {
+            document.write("Self tests are not enabled.");
+        } else {
+            if (result == 0) {
+                document.write("Self test"+((enabledTests > 1)?"s ":" "));
+                for (i = 0, k = 1, n = 0; i < test_list.length; i++) {
+                    if ((typeof(enabled) != "undefined") && (enabled & k)) {
+                        if (n > 0) {
+                            document.write(", ");
+                        }
+                        document.write("\""+test_list[i]+"\"");
+                        n++;
+                    }
+                    k *= 2;
+                }
+                document.write(((enabledTests > 1)?" are":" is")+" completed successfully.\n");
+            } else if (result > -4 && result < 4) {
+                document.write("Self test \""+test_list[0]+"\" encounter "+((result < 0)?"critical":"")+" failure: "+result+"\n");
+                if (result < 0) {
+                    document.write("<br><b>Please stop the server immediately.</b>\n");
+                }
+            } else {
+                document.write("Self test \""+test_list[1]+"\" encounter "+((result < 0)?"critical":"")+" failure: "+result+"\n");
+                if (result < 0) {
+                    document.write("<br><b>Please stop the server immediately.</b>\n");
+                }
+            }
+        }
+        document.write("</font>\n");
+    }
+}
+document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/show.template b/dogtag/tps-ui/shared/docroot/tokendb/show.template
new file mode 100644
index 000000000..e30365aa6
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/show.template
@@ -0,0 +1,379 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Operator Operations : Token Details</font>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Token Details</font>\n");
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function check_transition(state, tlist) {
+    for (var i=0; i < tlist.length; i++) {
+        if (state == tlist[i]) {
+            return true;
+        }
+    }
+    return false;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td width=60%>\n");
+   
+    if ((allowed_transitions != "") && ((typeof(topLevel) == "undefined") || (topLevel != "operator"))) { 
+        var transitions = allowed_transitions.split(",");
+        document.write("<form method='get' action='tus'><select name=\"question\">");
+        if (check_transition(1, transitions)) {
+            document.write("<option value=\"1\" >This token has been physically damaged.</option>");
+        } else {
+            document.write("<option value=\"1\" disabled=true >This token has been physically damaged.</option>");
+        }
+        if (check_transition(2, transitions)) {
+            document.write("<option value=\"2\">This token has been permanently lost.</option>");
+        } else {
+            document.write("<option value=\"2\" disabled=true >This token has been permanently lost.</option>");
+        }
+        if (check_transition(3, transitions)) {
+            document.write("<option value=\"3\" >This token has been temporarily lost.</option>");
+        } else {
+            document.write("<option value=\"3\" disabled=true >This token has been temporarily lost.</option>");
+        }
+        if (check_transition(4, transitions)) {
+            document.write("<option value=\"4\" >This temporarily lost token has been found.</option>");
+        } else {
+            document.write("<option value=\"4\" disabled=true >This temporarily lost token has been found.</option>");
+        }
+        if (check_transition(5, transitions)) {
+            document.write("<option value=\"5\" >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        } else {
+            document.write("<option value=\"5\" disabled=true >This temporarily lost token cannot be found (becomes permanently lost).</option>");
+        }
+        if (check_transition(6, transitions)) {
+            document.write("<option value=\"6\" >This token has been terminated.</option>");
+        } else {
+            document.write("<option value=\"6\" disabled=true >This token has been terminated.</option>");
+        }
+        document.write("</select><input type=hidden name=op value=do_confirm_token><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Go\"></form>");
+    }
+    document.write("</td>\n");
+    document.write("<td align=right width=10%>\n");
+    document.write("</td>\n");
+
+    document.write("<td align=right width=10%>\n");
+    if ((typeof(topLevel) == "undefined") || (topLevel != "operator")) { 
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=edit><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Edit\"></form>");
+    }
+    document.write("</td>\n");
+
+    document.write("<td align=right width=10%>\n");
+    if ((typeof(topLevel) == "undefined") || (topLevel != "operator")) {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    } else {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_certificate_all><input type=hidden name=top value=operator><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Certificates\"></form>");
+    }
+    document.write("</td>\n");
+
+    document.write("<td align=right width=10%>\n");
+    if ((typeof(topLevel) == "undefined") || (topLevel != "operator")) {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>"); 
+    } else {
+        document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_all><input type=hidden name=top value=operator><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    }
+    document.write("</td>\n");
+
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/showAdmin.template b/dogtag/tps-ui/shared/docroot/tokendb/showAdmin.template
new file mode 100644
index 000000000..a0106f1d8
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/showAdmin.template
@@ -0,0 +1,302 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Token Details</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Token Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Reason:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenReason+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Policy:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenPolicy+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    
+    document.write("</table>\n");
+    document.write("<p>\n");
+    document.write("<b>System Information:</b>");
+    document.write("<p>\n");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Info:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].keyInfo+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Applet ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenAppletID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=view_activity_admin_all><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=\"Show Activities\"></form>");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<form method='get' action='tus'><input type=hidden name=op value=confirm><input type=hidden name=tid value=" + results[0].cn + "><input TYPE=submit VALUE=Delete></form>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/showCert.template b/dogtag/tps-ui/shared/docroot/tokendb/showCert.template
new file mode 100644
index 000000000..493d4a780
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/showCert.template
@@ -0,0 +1,355 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Operator Operations : Certificate Details</font>\n");
+} else {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Agent Operations : Certificate Details</font>\n");
+}
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function breakLines(str) {
+	str = str.replace('#', '<br>');	
+	return str;
+}
+
+function breakLinesWithDots(str) {
+	str = str.replace(/\.\./g, '<br>');	
+	return str;
+}
+
+function trim(str) {
+    var i, k, newString;
+
+    for (i = 0; i < str.length; i++) {
+        if (str.charAt(i) != ' ' )
+            break;
+    }
+    for (k = str.length - 1; k >= i; k--) {
+        if (str.charAt(k) != ' ' ) {
+            k++;
+            break;
+        }
+    }
+
+    if (k > i)
+        newString = str.substring(i, k);
+    else
+        newString = null;
+
+    return  newString;
+}
+
+function checkDate(str) {
+    var newString;
+
+    if (str.length == 15 && str.charAt(14) == 'Z') {
+        newString = str.substring(0, 4);
+        newString += '/';
+        newString += str.substring(4, 6);
+        newString += '/';
+        newString += str.substring(6, 8);
+        newString += ' ';
+        newString += str.substring(8, 10);
+        newString += ':';
+        newString += str.substring(10, 12);
+        newString += ':';
+        newString += str.substring(12, 14);
+    } else {
+        newString = str;
+    }
+
+    return newString;
+}
+
+function doSave(form) {
+    if (form.uid.value.length > 0) {
+        var trimmedList = "";
+        var uids = form.uid.value.split(',');
+
+        for (var i=0; i < uids.length; i++) {
+            if (i > 0) trimmedList += ",";
+            trimmedList += trim(uids[i]);
+        }
+        form.uid.value = trimmedList;
+    }
+    if (form.status.value.length > 0) {
+        form.status.value = trim(form.status.value);
+    }
+
+    if (form.status.value == "") {
+        alert("Enter token status");
+    } else {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        uri += "?op=save&tid="+results[0].cn;
+
+        if (results[0].tokenUserID != form.uid.value) {
+            uri += "&uid=" + form.uid.value;
+        }
+        if (results[0].tokenStatus != form.status.value) {
+            uri += "&s=" + form.status.value;
+        }
+        uri += "&m=" + results[0].modified;
+        location.href = uri;
+    }
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many tokens to edit</font>\n");
+} else {
+    document.write("<BR>");
+
+    document.write("<p>\n");
+    document.write("<b>Certificate Information:</b>");
+    document.write("<p>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].cn+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Serial Number:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "0x"+results[0].tokenSerial+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    if ((typeof(topLevel) != "undefined") && (topLevel == "operator")) {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"tus?op=show&top=operator&tid=" + results[0].tokenID + "\">"+
+                   results[0].tokenID+"</a></font>\n");
+    } else {
+        document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\"><a href=\"tus?op=show&tid=" + results[0].tokenID + "\">"+
+                   results[0].tokenID+"</a></font>\n");
+    }
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User ID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenUserID+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Key Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenKeyType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Token Type:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenType+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Issuer:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenIssuer+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Subject:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenSubject+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Not Before:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].tokenNotBefore)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Not After:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].tokenNotAfter)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Status:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].tokenStatus+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Certificate:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "-----BEGIN CERTIFICATE-----<br>" +
+                   breakLinesWithDots(results[0].userCertificate)+
+                   "<br>" +
+                   "-----END CERTIFICATE-----<br>" +
+                   "</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Creation Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfCreate)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Modification Date:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   checkDate(results[0].dateOfModify)+"</font>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tokendb/userDelete.template b/dogtag/tps-ui/shared/docroot/tokendb/userDelete.template
new file mode 100755
index 000000000..6d957f915
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tokendb/userDelete.template
@@ -0,0 +1,174 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<HTML>
+<meta HTTP-EQUIV="content-type" CONTENT="text/html; charset=UTF-8">
+<link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+<HEAD>
+<TITLE>TPS</Title>
+</HEAD>
+
+<table border="0" width="100%" cellspacing="0" cellpadding="0" bgcolor="#000080">
+  <tr>
+    <td>
+      <table border="0" cellspacing="12" cellpadding="0">
+        <tr>
+          <td><img src="/tps/admin/console/img/logo_header.gif"></td>
+          <td>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</td>
+          <td><font size="+1" face="PrimaSans BT, Verdana, sans-serif" color="white"><b>Dogtag<sup><font color="#999999" size="-2">&reg;</font></sup> TPS Services</b></font></td>
+        </tr>
+      </table>
+    </td>
+  </tr>
+</table>
+<p>
+
+<BODY>
+
+<CMS_TEMPLATE>
+
+<SCRIPT type="text/JavaScript">
+<!--
+var uri0 = "";
+if (typeof(uriBase) == "undefined") {
+    uri0 += "/tus";
+} else {
+    uri0 += uriBase;
+}
+
+document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"+1\">"+
+               "<a href=\""+uri0+"\">Main Menu</a> : Administrator Operations : Delete User</font>\n");
+document.write("<table width=\"100%\"><tr><td align=\"right\">" +
+                "<b>UID:</b>" +
+                userid + "</td></tr></table>\n");
+document.write("<HR NOSHADE SIZE=1>\n");
+
+function doDeleteUser(form) {
+        var uri = "";
+        if (typeof(uriBase) == "undefined") {
+            uri += "/tus";
+        } else {
+            uri += uriBase;
+        }
+        this.action = uri;
+        return true;
+}
+
+function doCancel() {
+    var uri = "";
+    if (typeof(uriBase) == "undefined") {
+        uri += "/tus";
+    } else {
+        uri += uriBase;
+    }
+    location.href = uri;
+}
+
+
+
+if (typeof(results) == "undefined" || results.length == 0) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Not Found</font>\n");
+} else if (results.length > 1) {
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Found too many users to edit</font>\n");
+} else {
+    document.write("<BR>");
+    document.write("<form NAME =\"deleteUserForm\" METHOD=POST onSubmit=\"return doDeleteUser(this);\">");
+    document.write("<input TYPE=HIDDEN NAME=query VALUE=\"op=do_delete_user\">");
+
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0 width=100%>\n");
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "UserID:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   results[0].uid+"</font>\n");
+    document.write("<input TYPE=HIDDEN NAME=uid VALUE=\"" + results[0].uid + "\">");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "First Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].givenName);
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Last Name:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write(results[0].sn);
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "Role:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td ><input type=checkbox name=opOperator value=Operators disabled=true " + operator + ">Operator</td>\n");
+    document.write("<td ><input type=checkbox name=opAgent value=Agents disabled=true " + agent + ">Agent</td>\n");
+    document.write("<td ><input type=checkbox name=opAdmin value=Administrators disabled=true " + admin + ">Administrator</td>\n");
+    document.write("</tr>\n");
+    
+    document.write("<tr>\n");
+    document.write("<td ALIGN=LEFT width=30% bgcolor=#e5e5e5>\n");
+    document.write("<font face=\"PrimaSans BT, Verdana, sans-serif\" size=\"-1\">"+
+                   "User Certificate:&nbsp;</font>\n");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<textarea name=userCert disabled=true cols=40 rows=10>\n");
+    document.write(results[0].userCertificate);
+    document.write("</textarea>\n");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+
+    document.write("</table>\n");
+    document.write("<BR>\n<HR NOSHADE SIZE=1>\n");
+
+    document.write("<DIV ALIGN=RIGHT>\n");
+    document.write("<table BORDER=0 CELLSPACING=2 CELLPADDING=0>\n");
+    document.write("<tr>\n");
+    document.write("<td>\n");
+    document.write("Are you sure?");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=button VALUE=Cancel onClick=\"doCancel();\">");
+    document.write("</td>\n");
+    document.write("<td>\n");
+    document.write("<input TYPE=submit VALUE=Delete>");
+    document.write("</td>\n");
+    document.write("</tr>\n");
+    document.write("</table>\n");
+    document.write("</form>");
+}
+
+//-->
+</SCRIPT>
+
+</BODY>
+</HTML>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/adminauthenticatepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/adminauthenticatepanel.vm
new file mode 100644
index 000000000..315802393
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/adminauthenticatepanel.vm
@@ -0,0 +1,51 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<p>
+The uid and password are used to authenticate to the master subsystem. These are the administrator's credential information for the master subsystem.
+#if ($systemType != "tps")
+<br/>
+If authentication is successful, a cloned subsystem will retrieve the configuration information from the master one.
+#end
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<p>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/adminpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/adminpanel.vm
new file mode 100644
index 000000000..3d0843b67
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/adminpanel.vm
@@ -0,0 +1,236 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT ID=Send_OnClick type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+#if ($import == 'true' && $clone != 'clone')
+    var email = document.forms[0].email.value;
+    var name = document.forms[0].name.value;
+    var o = '$securityDomain';
+    if (name == '') {
+        alert("Name is empty");
+        return;
+    }
+    if (email == '') {
+        alert("Email is empty");
+        return;
+    }
+    var dn = "cn=" + name + ",uid=admin,e="+email+",o="+o;
+    document.forms[0].subject.value = dn;
+    var keyGenAlg = "rsa-dual-use";
+
+    if (navigator.appName == "Netscape" &&
+      typeof(crypto.version) != "undefined") {
+
+        crmfObject = crypto.generateCRMFRequest(
+          dn, "regToken", "authenticator", null,
+          "setCRMFRequest();", 1024, null, keyGenAlg);
+    } else {
+        Send_OnClick();
+    }
+#else
+    with (document.forms[0]) {
+        submit();
+    }
+#end
+}
+
+function setCRMFRequest()
+{
+    with (document.forms[0]) {
+        cert_request.value = crmfObject.request;
+        submit();
+    }
+}
+
+</SCRIPT>
+<SCRIPT type="text/VBS">
+<!--
+
+Sub Send_OnClick
+  Dim TheForm
+  Dim szName
+  Set TheForm = Document.f
+
+
+  ' Contruct the X500 distinguished name
+  szName = "CN=NAME"
+
+  ' IE doesnt like the dn containing the O component
+
+  On Error Resume Next
+  Enroll.HashAlgorithm = "MD5"
+  Enroll.KeySpec = 1
+
+   Enroll.providerType = 1
+   Enroll.providerName = "Microsoft Base Cryptographic Provider v1.0"
+
+   ' adding 2 to "GenKeyFlags" will  enable the 'High Security'
+   ' (USER_PROTECTED) mode, which means IE will pop up a dialog
+   ' asking what level of protection the user would like to give
+   ' the key - this varies from 'none' to 'confirm password
+   ' every time the key is used'
+  Enroll.GenKeyFlags = 1        ' key PKCS12-exportable
+  szCertReq = Enroll.createPKCS10(szName, "1.3.6.1.5.5.7.3.2")
+
+  theError = Err.Number
+  On Error Goto 0
+  '
+  ' If the user has cancelled things the we simply ignore whatever
+  ' they were doing ... need to think what should be done here
+  '
+  If (szCertReq = Empty AND theError = 0) Then
+    Exit Sub
+  End If
+  If (szCertReq = Empty OR theError <> 0) Then
+    '
+    ' There was an error in the key pair generation. The error value
+    ' is found in the variable 'theError' which we snarfed above before
+    ' we did the 'On Error Goto 0' which cleared it again.
+    '
+    sz = "The error '" & Hex(theError) & "' occurred." & chr(13) & chr(10) & "The credentials could not be generated."
+    result = MsgBox(sz, 0, "Credentials Enrollment")
+    Exit Sub
+  End If
+
+  TheForm.cert_request.Value = szCertReq
+  TheForm.cert_request_type.Value = "pkcs10"
+  TheForm.subject.Value = "cn=" & TheForm.name.Value & ",uid=" & TheForm.uid.Value & ",e=" & TheForm.email.Value & ",o=" & TheForm.securitydomain.Value
+
+  TheForm.Submit
+  Exit Sub
+
+End Sub
+
+-->
+</SCRIPT>
+
+<SCRIPT type="text/VBS">
+<!--
+FindProviders
+
+Function FindProviders
+        Dim i, j
+        Dim providers()
+        i = 0
+        j = 1
+        Dim el
+        Dim temp
+        Dim first
+        Dim TheForm
+        Set TheForm = document.f
+        On Error Resume Next
+        first = 0
+
+        Do While True
+        temp = ""
+        Enroll.providerType = j
+        temp = Enroll.enumProviders(i,0)
+        If Len(temp) = 0 Then
+        If j < 1 Then
+          j = j + 1
+          i = 0
+        Else
+          Exit Do
+        End If
+        Else
+        set el = document.createElement("OPTION")
+        el.text = temp
+        el.value = j
+        If temp = "Microsoft Base Cryptographic Provider v1.0" Then
+          first = j
+        End If
+        TheForm.cryptprovider.add(el)
+        If first = 0  Then
+          first = 1
+          TheForm.cryptprovider.selectedIndex = 0
+        Else
+          TheForm.cryptprovider.selectedIndex = first
+        End If
+        i = i + 1
+        End If
+        Loop
+End Function
+
+-->
+</SCRIPT>
+The administrator is a privileged user who manages this subsystem. Please enter the following relevant information, and a certificate request will be automatically generated and submitted. An administrator's entry will be created in the internal database and an administrator's certificate will be imported into this browser automatically in the next panel.
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+    <br/>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>UID:</th>
+#if ($clone != 'clone')
+        <td><input type=text name=uid value="$admin_uid"></td>
+#else
+        <td><input type=text name=uid value="$admin_uid" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Name:</th>
+#if ($clone != 'clone')
+        <td><input size=35 type=text name=name value="$admin_name"></td>
+#else
+        <td><input size=35 type=text name=name value="$admin_name" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Email:</th>
+#if ($clone != 'clone')
+        <td><input size=35 type=text name=email value="$admin_email"></td>
+#else
+        <td><input size=35 type=text name=email value="$admin_email" disabled="disabled"></td>
+#end
+      </tr>
+      <tr>
+        <th>Password:</th>
+#if ($clone != 'clone')
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" autocomplete="off"/></td>
+#else
+        <td><input type="password" size="40" name="__pwd" value="$admin_pwd" disabled="disabled" autocomplete="off"/></td>
+#end
+      </tr>
+      <tr>
+        <th>Password (Again):</th>
+                                                                              
+#if ($clone != 'clone')
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" autocomplete="off"/></td>
+#else
+        <td><input type="password" size="40" name="__admin_password_again" value="$admin_pwd_again" disabled="disabled" autocomplete="off"/></td>
+#end
+<input type="hidden" name="cert_request" value=""/>
+<input type="hidden" name="display" value=$displayStr />
+<input type="hidden" name="profileId" value="caAdminCert" />
+<input type="hidden" name="cert_request_type" value="crmf" />
+<input type="hidden" name="import" value=$import />
+<input type="hidden" name="uid" value="admin" />
+<input type="hidden" name="clone" value=$clone />
+<input type="hidden" name="securitydomain" value="$securityDomain" />
+<input type="hidden" name="subject" value="cn=x" />
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/agentauthenticatepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/agentauthenticatepanel.vm
new file mode 100644
index 000000000..686016cc9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/agentauthenticatepanel.vm
@@ -0,0 +1,47 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Authentication</h2>
+<br/>
+The uid and password are used to authenticate to the CA from which this subsystem's certificates are issued. Enter the uid and password of the Certificate Manager Agent who will approve the certificate requests.
+<br/>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+
+        <td><input type="text" size="40" name="uid" value="$uid"/></td>
+      </tr>
+      <tr>
+        <th>Password:</th>
+
+        <td><input type="password" size="40" name="__password" value="$password" autocomplete="off"/></td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/authdbpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/authdbpanel.vm
new file mode 100644
index 000000000..0f32be000
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/authdbpanel.vm
@@ -0,0 +1,67 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+    Please provide information about the LDAP server that will be used to authenticate the identity of end users. <a href="javascript: toggle_details();">[Details]</a>
+<script>
+function toggle_details() {
+  d = document.getElementById('details');   if (d.style.display == "block") {
+    d.style.display="none";   } else {
+    d.style.display="block";
+  } } </script>
+<div id=details style="display: none;"> <p>
+    In order for ESC to submit certificate requests to TPS, the end user's identity must first be verified.  To accomplish this, an end user first sends a uid and password to TPS.  TPS must then contact an LDAP server (e.g. - a corporate LDAP directory server) to verify this end user's identity.
+<p>
+If the end user's identity is successfully verified, TPS will establish an authenticated connection with this ESC, and begin accepting certificate requests and issuing certificates to this end user.
+<p>
+If, however, the end user's identity fails to be verified, TPS will not establish a connection with this ESC. TPS never issues certificates to unauthenticated end users.
+</div>
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>                                                                            
+
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+
+      <tr>
+        <th>Port:</th>
+
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" />
+          <input type="CHECKBOX" NAME="secureConn" value="true">SSL </td>
+      </tr>
+            
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+    </table>
+ 
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm
new file mode 100644
index 000000000..e2214302c
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/cainfopanel.vm
@@ -0,0 +1,54 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+A Certificate Authority (CA) is responsible for issuing different kinds of certificates. Each Enterprise Security Client (ESC) interfaces with a TPS subsystem to request end user certificates. Consequently, to obtain these certificates, an HTTPS EE URL to a CA that has been registered in the security domain must also be selected.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+
+
+     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certchainpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certchainpanel.vm
new file mode 100644
index 000000000..d6b7b3fe4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certchainpanel.vm
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<b>Pretty Print of Certificates on this subsystem.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certprettyprintpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certprettyprintpanel.vm
new file mode 100644
index 000000000..0e5f05af6
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certprettyprintpanel.vm
@@ -0,0 +1,48 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+The following certificates were installed on this instance.
+<p>
+#foreach ($item in $ppcerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Certificate: $item.getNickname()</b></td>
+</tr>
+
+<tr>
+  <td><textarea rows=24 cols=80 wrap="virtual" name=$item.getCertTag()>$item.getCertpp()</textarea></td>
+</tr>
+</table>
+#end
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certrequestpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certrequestpanel.vm
new file mode 100644
index 000000000..9a4462354
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/certrequestpanel.vm
@@ -0,0 +1,224 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<style type="text/css">
+
+.floating {
+  position: absolute;
+  left: 250px;
+  top: 50px;
+  width: 600px;
+  padding: 3px;
+  border: solid;
+  border-width: 5px;
+  background: white;
+  display: none;
+  margin: 5px;
+}
+</style>
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function showcert(element, event)
+{
+  var x = event.clientX;
+  var y = event.clientY;
+
+  var content = element.getAttribute("content");
+  var content_d = element.getAttribute("content_desc");
+
+  if (content == null) { return false; }
+
+  var n = element.getAttribute("n");
+
+  var editableType = element.getAttribute("editableType");
+  var desc;
+  var d;
+  var c;
+  if (editableType == "cert")
+  {
+    d = document.getElementById(n+"_editCertDiv");
+    c = document.getElementById(n+"_text");
+    desc = document.getElementById(n+"_desc_t");
+  } else if (editableType == "certchain") {
+    d = document.getElementById(n+"_editCertChainDiv");
+    c = document.getElementById(n+"_cc_text");
+    desc = document.getElementById(n+"_cc_desc_t");
+  } else {
+    d = document.getElementById(n+"_showCertDiv");
+    c = document.getElementById(n+"_pre");
+    desc = document.getElementById(n+"_desc_p");
+  }
+
+  if (desc.hasChildNodes())
+  {
+    desc.removeChild(desc.childNodes[0]);
+  }
+  var content_desc = document.createTextNode(content_d);
+  desc.appendChild(content_desc);
+    
+  if (c.hasChildNodes())
+  {
+    c.removeChild(c.childNodes[0]);
+  }
+  var content_text = document.createTextNode(content);
+  c.appendChild(content_text);
+    
+  d.style.left = x+30; // x-offset of floating div
+  assumedheight = 1000;
+
+  var offset = 20;     // extra y-offset of floating div
+  var bottom =  y + offset + assumedheight;
+  if (bottom > window.innerHeight) {
+     offset = 0 - (2*offset) - assumedheight;
+  }
+
+  d.style.top = y+ offset +document.body.scrollTop;
+
+  // unhide the window
+  d.style.display ="block";
+
+}
+
+function hide(tag)
+{
+    document.getElementById(tag+"_showCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertDiv").style.display ="none";
+    document.getElementById(tag+"_editCertChainDiv").style.display ="none";
+}
+
+</SCRIPT>
+A certificate signing request (CSR) contains a public key and is an unsigned copy of the certificate.
+<p>
+If a given CSR has been successfully signed by a CA, then the certificate will be designated below by a certificate icon labeled Certificate Generated Successfully.
+<p>
+However, if a given CSR contains an <font color="red">action required</font> label under its certificate icon, then those requests must be <i>manually</i> submitted to a CA for certificate generation.
+<p>
+Press the [Apply] button after certificates and chains are pasted in.
+<p>
+Press the [Next] button once all certificates have been generated successfully.
+<p>
+#foreach ($item in $reqscerts)
+<H2>$item.getDN()</H2>
+<table width=100%>
+<tr>
+  <td width=10%></td>
+  <td width=20%></td>
+  <td width=70%></td>
+</tr>
+
+<tr>
+  <td>&nbsp;</td>
+#if ($item.getCert() == "...paste certificate here...") 
+  <td><font color=red>action required</font><br>
+<img src="../img/no-certificate.png"/></td>
+#else
+  #if ($item.getCert() == "...certificate be generated internally...")
+<td>
+  <img src="../img/no-certificate.png"/><br>
+  certificate will be generated internally
+  </td>
+  #else
+    #if ($item.getCert() == "")
+  <td>
+<img src="../img/no-certificate.png"/><br>
+  No Certificate Generated. Please import.<br>
+  </td>
+    #else
+  <td>
+<img src="../img/certificate.png"/><br>
+  Certificate Generated Successfully
+  </td>
+    #end
+  #end
+#end
+
+<td>
+
+
+#if ($item.getCert() == "...paste certificate here...") 
+<a content="$item.getRequest()" content_desc="Copy the following Certificate Request (CSR) and paste it in the external CA enrollment page for enrollment" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> Step 1: Copy the Certificate Request (CSR) to enroll at an external CA</a><p>
+<a content="" content_desc="Copy the base64-encoded PKCS #7 certificate chain into the text box below and press 'X'" n="$item.getCertTag()" editableType="certchain" href="#" onclick="showcert(this,event);"> Step 2: Import the PKCS #7 Certificate Chain (optional if the certificate already contains the chain)</a><p>
+<a content="$item.getCert()" content_desc="Copy the resulting base64-encoded certificate (NOTE: PKCS #7 not accepted) into the text box below and press 'X'" n="$item.getCertTag()" editableType="cert" href="#" onclick="showcert(this,event);"> Step 3: Paste in the Base64-encoded Certificate after enrollment at an external CA (NOTE: this text box does not accept PKCS #7 certificate chains)</a><p>
+#else
+  #if ($item.getCert() == "...certificate be generated internally...")
+<p>
+  #else
+<a content="$item.getRequest()" content_desc="Certificate Request (CSR)" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Request (CSR)</a><p>
+<a content="$item.getCert()" content_desc="Certificate in Base64 encoding" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate in Base64-Encoding</a><p>
+<a content="$item.getCertpp()" content_desc="Certificate in pretty print" n="$item.getCertTag()" href="#" onclick="showcert(this,event);"> View Certificate Pretty Print</a><p>
+  #end
+#end
+
+
+</td>
+</tr>
+</table>
+                                                                                
+<div id="$item.getCertTag()_showCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_stable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_p"></td>
+</tr>
+<tr>
+<td><pre name="$item.getCertTag()" id="$item.getCertTag()_pre">$item.getCert()</pre></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()" id="$item.getCertTag()_text" style="font-family: monospace;">$item.getCert()</textarea></td>
+</tr>
+</table>
+</div>
+
+<div id="$item.getCertTag()_editCertChainDiv" class="floating">
+<div align="right" onclick="hide('$item.getCertTag()');">X</div>
+<table id="$item.getCertTag()_cc_etable" width="100%">
+<tr>
+<td id="$item.getCertTag()_cc_desc_t"></td>
+</tr>
+<tr>
+<td><textarea rows=30 cols=90 name="$item.getCertTag()_cc" id="$item.getCertTag()_cc_text" style="font-family: monospace;"></textarea></td>
+</tr>
+</table>
+</div>
+
+
+#end
+
+    <p>
+
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_addhsm.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_addhsm.vm
new file mode 100644
index 000000000..6a3f9fca7
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_addhsm.vm
@@ -0,0 +1,95 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Security Modules</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Registering a New Security Module</H2>
+<form name=configForm action="config_addhsm" method="post">
+<p>
+If the desired security module is not listed, it is possible that this security module's PKCS #11 library was not registered with the system. Please register a new security module here.
+<table>
+<tr>
+  <td>
+Library Path: <input type=text name="modulePath" value="">
+  </td>
+</tr>
+<tr>
+  <td>
+Module Name: <input type=text name="moduleName" value="">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_addhsm_next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_db.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_db.vm
new file mode 100644
index 000000000..dedb817b3
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_db.vm
@@ -0,0 +1,125 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function donePanel(errorStr, displayS) {
+      if (displayS == "loaded") {
+        if (errorStr == '') {
+            window.close();
+        }
+      }
+    }
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="donePanel('$errorString', '$displayStr')">
+<div id="wrap">
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Internal Database </h1>
+
+    <form name=configForm action="config_db" method="post">
+    <b>Internal Database Connection</b> <p>This option allows sharing an internal database to improve managability.<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="host" value="$hostname" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Port:</th>
+                                                                                
+        <td><input type="text" length="64" size="40" name="port" value="$portStr" /></td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" length="128" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+      <tr>
+        <th>Database:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" length="128" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+                                                                                
+        <td><input type="password" length="128" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+        <td><input type="hidden" name="display" value=$displayStr /></td>
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type="button" name="config_db_next" value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_hsm.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_hsm.vm
new file mode 100644
index 000000000..6d1ad6a23
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_hsm.vm
@@ -0,0 +1,175 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+
+</SCRIPT>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body onLoad="checkClose();"><div id="wrap">
+  
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+#include ( "admin/console/config/topmenu.vm" )
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Security Modules </h1>
+
+<form name=configForm action="config_hsm" method="post">
+
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure. Please make sure that at least one security module is listed below.
+<p>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+
+  </td>
+</tr>
+</table>
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="configForm.submit()" type=button name=config_hsm value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+</form>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_hsmloginpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_hsmloginpanel.vm
new file mode 100644
index 000000000..332f2f470
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_hsmloginpanel.vm
@@ -0,0 +1,82 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+  <h1>
+  Security Modules Login Panel</h1>
+Keys will be generated and stored on security modules. A security module can be hardware-based or software-based. Hardware-based security modules are more secure.
+<p>
+<H2>Security Token Login</H2>
+<form name=configHSMLoginForm action="config_hsmlogin" method="post">
+<p>
+The user has chosen to login to the following security module: <b>$SecToken</b>
+<p>
+#if ($status == "alreadyLoggedIn")
+	Token already logged in.
+#else
+   #if ($status == "tokenPasswordNotInitialized")
+	Token password not initialized.
+   #else
+      #if ($status == "justLoggedIn")
+          Token logged in successfully.
+      #else
+<table>
+<tr>
+  <td>
+Security Module Token Name: <b><input type=text name="uTokName" value="$SecToken"></b>
+  </td>
+</tr>
+<tr>
+  <td>
+Security Module Token Password: <input type=password name="__uPasswd" value="" autocomplete="off">
+  </td>
+<tr>
+</tr>
+</table>
+<p>
+      #end
+    #end
+#end
+
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+    <p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+
+
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_join.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_join.vm
new file mode 100644
index 000000000..1cbbab461
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_join.vm
@@ -0,0 +1,124 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+                                                                                
+                                                                                
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Join the PKI Network </h1>
+
+To join this PKI network, the setup wizard needs to submit the certificate request to a Root or another subordinate CA for signing.
+    <p>
+    <form action="config_join" method="post" name="f">
+                                                                                
+<input type=radio $check_manual name="choice" value="manual">Manually submit this request to a CA.
+<p>
+<table width=100%>
+<tr>
+  <td width=50%>Certificate Request to a CA:</td>
+  <td>Certificate Chain From a CA:</td>
+  </td>
+</tr>
+<tr>
+  <td>
+<textarea rows=8 cols=40 name="req">$certreq</textarea>
+  </td>
+  <td>
+<textarea rows=8 cols=40 name="cert">$cert</textarea>
+  </td>
+</tr>
+</table>
+<p>
+<input type=radio $check_auto name="choice" value="auto">Automatically submit the request to a Dogtag Certificate Authority
+<br>
+    <table class="details">
+      <tr>
+        <th width=10%>URL:</th>
+        <td><input type="text" length="128" size="40" name="url" value="https://localhost" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>UID:</th>
+        <td><input type="text" length="64" size="40" name="uid" value="agent" /></td>
+      </tr>       
+      <tr>
+        <th>Password:</th>
+        <td><input type="password" length="64" size="40" name="__pwd" value="" autocomplete="off" /></td>
+      </tr>       
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit();" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_rootca.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_rootca.vm
new file mode 100644
index 000000000..b1fed97f2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/config_rootca.vm
@@ -0,0 +1,112 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+    function checkClose() {
+      if ('$status' == "update" && '$error' == '') {
+            window.close();
+      }
+    }
+</SCRIPT>
+
+
+  <body onLoad="checkClose();">
+<div id="wrap">
+  
+#include ( "admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Root CA </h1>
+
+A Root CA provides a set of predefined signing capabilities. Please select the capabilities that this CA needs to provide.
+    <p>
+
+<form name="f" action="config_rootca" method="post">
+                                                                                
+<H2>CA Certificate Profile</H2>
+
+<p>
+    <table class="details">
+      <tr>
+        <th width=10%>Profile:</th>
+                                                                                
+        <td><select name="profile">
+#foreach ($p in $profiles)
+#if ($p.getID() == $selected_profile_id)
+        <option selected value="$p.getID()">$p.getName()</option>
+#else
+        <option value="$p.getID()">$p.getName()</option>
+#end
+#end
+        </select>
+        </td>
+      </tr>
+    </table>
+<p>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<input onclick="javascript: document.f.submit()" type=button name=next value="Apply">                                                                                
+  </td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm
new file mode 100644
index 000000000..42de9bab2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/createsubsystempanel.vm
@@ -0,0 +1,98 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>Subsystem Configuration</h2>
+<p>
+#if ($systemType != "tps")
+This instance can be configured as either a new $systemname subsystem or a clone of an existing $systemname. If the cloning option is chosen, please provide the URL to an existing $systemname instance.
+#else
+This instance can be configured as a new $systemname subsystem.
+#end
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+<b><input $check_newsubsystem type=radio name=choice value="newsubsystem">&nbsp;Configure this Instance as a New $systemname Subsystem </b>
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname)</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTP URL (unsecure): </th>
+        <td>http://$machineName:$http_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS URL (clientauth): </th>
+        <td>https://$machineName:$https_port</td>
+      </tr>
+      <tr>
+        <th>Subsystem HTTPS URL (non-clientauth): </th>
+        <td>https://$machineName:$non_clientauth_https_port</td>
+      </tr>
+    </table>
+<p>
+#if ($disableClone)
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem" disabled="disabled">&nbsp;Clone an Existing $systemname Subsystem </b>
+#else
+<b><input $check_clonesubsystem type=radio name=choice value="clonesubsystem">&nbsp;Clone an Existing $systemname Subsystem </b>
+#end
+<br/>
+    <table class="details">
+      <tr>
+        <th>Subsystem Name: </th>
+#if ($disableClone)
+        <td><input disabled="disabled" type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname
+ Clone 1)</td>
+#else
+        <td><input type=text size="40" name="subsystemName" value="$subsystemName"> (e.g. - $fullsystemname
+ Clone 1)</td>
+#end
+      </tr>
+      <tr>
+        <th>Subsystem URL: </th>
+#if ($disableClone)
+        <td><select name="urls" disabled="disabled">
+#else
+        <td><select name="urls">
+#end
+           #if ($urls_size != 0) 
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #else
+               <option selected value="none">NONE</option>
+           #end
+        </select>
+        </td>
+      </tr>
+    </table>
+<br/>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/databasepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/databasepanel.vm
new file mode 100644
index 000000000..1020ea39c
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/databasepanel.vm
@@ -0,0 +1,93 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Please provide information to an existing Fedora Directory Server that can be used as the internal database for this instance. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<p>
+Each instance needs access to a Fedora Directory Server instance to store requests and records. Each PKI instance may create its own associated internal database, or may share an existing internal database. To share an existing internal database instance, a PKI instance would only need to establish a unique distinguished name (DN) using the field entitled <b>Base DN</b> and a unique database name using the field entitled <b>Database</b>. 
+</div>
+<p>
+<i>Note: If the Fedora Directory Server is at a remote host, it is highly recommended that SSL should be used.</i>
+<br/>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>                                                                            
+
+    <table class="details">
+      <tr>
+        <th>Host:</th>
+        <td><input type="text" size="40" name="host" value="$hostname" /></td>
+      </tr>
+            
+      <tr>
+        <th>Port:</th>
+                                
+        <td><input type="text" size="40" name="port" value="$portStr" />  
+<input type="CHECKBOX" NAME="secureConn" value="true">SSL
+</td>
+      </tr>       
+      <tr>
+        <th>Base DN:</th>
+        <td><input type="text" size="40" name="basedn" value="$basedn" /></td>
+      </tr>
+      <tr>
+        <th>Database:</th>
+
+        <td><input type="text" size="40" name="database" value="$database"  /></td>
+      </tr>
+      <tr>
+        <th>Bind DN:</th>
+        <td><input type="text" size="40" name="binddn" value="$binddn" /></td>
+      </tr>
+      <tr>
+        <th>Bind Password:</th>
+
+        <td><input type="password" size="40" name="__bindpwd" value="$bindpwd" autocomplete="off" /></td>
+      </tr>
+    </table>
+        <input type="hidden" name="display" value=$displayStr />
+ 
+#if ($firsttime == 'false')
+<input type="CHECKBOX" NAME="removeData">Remove the existing data from the <b>Base DN</b> shown above.<p>
+#end
+
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/displaycertchain2panel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/displaycertchain2panel.vm
new file mode 100644
index 000000000..f88daf3e3
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/displaycertchain2panel.vm
@@ -0,0 +1,40 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<p>
+A certificate chain is a list of all certificates chained up to the root.
+<p>
+If the entire certificate chain is displayed below, click the Next button to import it into this subsystem. This certificate chain will then be trusted for this instance.
+<p>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<p>
+<pre>
+$certchain
+</pre>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/displaycertchainpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/displaycertchainpanel.vm
new file mode 100644
index 000000000..2e5c99b78
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/displaycertchainpanel.vm
@@ -0,0 +1,40 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<br/>
+A certificate chain is a list of all certificates chained up to the root.
+<br/>
+If a certificate chain is displayed below, click the Next button to trust this certificate chain for this instance.
+<br/>
+If no certificate chain is listed below, simply click the Next button to move on to the next panel.
+<br/>
+<pre>
+$certchain
+</pre>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm
new file mode 100644
index 000000000..bc20a4e60
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/donepanel.vm
@@ -0,0 +1,54 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<input type="hidden" name="host" value=$host />
+<input type="hidden" name="port" value=$port />
+<input type="hidden" name="systemType" value=$systemType />
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+#if ($systemType == "tks")
+As 'root', restart the server on the command line by typing "$initCommand restart $instanceID". After performing this restart, the server should become operational. 
+#else
+#if ($externalCA == "true" && $systemType == "kra")
+As 'root', restart the server on the command line by typing "$initCommand restart $instanceID". Startup the administration console to add the peer CA to the Trusted Manager's Group. Make sure to add the transport certificate and connector information to the peer CA. After performing this restart, the server should become operational.
+#else
+As 'root', restart the server on the command line by typing "$initCommand
+ restart $instanceID". After performing this restart, the server should become operational.
+<br/>
+Please go to the <A href="https://$host:$non_clientauth_port">services page</A> to access all of the available interfaces.
+<br/>
+Each Enterprise Security Client (ESC) talks to a TPS config URL for token management functions located at <A href="http://$host:$unsecurePort/cgi-bin/home/index.cgi">http://$host:$unsecurePort/cgi-bin/home/index.cgi</A>.
+<br/>
+#end
+#end
+<br/>
+To create additional instances, type "/usr/bin/pkicreate" on the command line.
+<br/>
+#if ($systemType != "tps")
+To start the administration console, type "/usr/bin/pkiconsole" on the command line.
+#end
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm
new file mode 100644
index 000000000..832841806
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/drminfopanel.vm
@@ -0,0 +1,55 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+A Data Recovery Manager (DRM) is responsible for server-side key generation, archival, and recovery. If server-side key generation is not needed, this step can be skipped.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+<p>
+#end
+<b><input checked type=radio name=choice value="keygen">&nbsp;Connect this instance to the HTTPS Agent URL of a DRM to support server-side key generation.</b>
+<p>
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+    <div align="right">
+      <hr />
+    </div>
+<p>
+<b><input type=radio name=choice value="nokeygen">&nbsp;Configure this instance to NOT support server-side key generation.</b>
+<p>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/footer.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/footer.vm
new file mode 100644
index 000000000..a596e45b1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/footer.vm
@@ -0,0 +1,19 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+  <div id="footer">
+  </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/header.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/header.vm
new file mode 100644
index 000000000..7966ba745
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/header.vm
@@ -0,0 +1,25 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="header">
+    <a href="http://pki.fedoraproject.org" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="../img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+    </div>
+</div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/hierarchypanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/hierarchypanel.vm
new file mode 100644
index 000000000..41d241c47
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/hierarchypanel.vm
@@ -0,0 +1,79 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+  setURL();
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>PKI Hierarchy</h2>
+<p>
+This CA instance can be either a Self-Signed Root CA or a Subordinate CA. <a href="javascript:toggle_details();">[Details]</a>
+<script>
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+
+function setURL() {
+    var cbox = document.forms[0].elements['urls'];
+    if (document.forms[0].choice[0].checked) {
+        cbox.disabled = "disabled";
+    } else {
+        cbox.disabled = "";
+    }
+}
+
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+The PKI hierarchy establishes the trust relationships between this CA instance and the other PKI instances within this security domain. A CA can be chained under an internal CA, or alternatively, it can be chained under a public or an external CA.
+</div>
+
+<p>
+<b><input $check_root type=radio name=choice value="root" onChange="setURL();">&nbsp;Make this a Self-Signed Root CA within this new PKI hierarchy. <img alt="" src="rootca.gif"></b>
+<p>
+<b><input $check_join type=radio name=choice value="join" onChange="setURL();">&nbsp;Make this a subordinate CA of another CA. <img alt="" src="sub.gif"></b>
+
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls.size() > 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+<p>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm
new file mode 100644
index 000000000..adece8b24
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/importadmincertpanel.vm
@@ -0,0 +1,55 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT ID=ImportCertificate_OnClick LANGUAGE="JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+An administrator's certificate has been created and imported into this browser. This certificate is used to access the agent interface of this subsystem.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<font color="red">$info</font>
+<p>
+    <p>
+                                                                                
+    <table class="details">
+      <tr>
+#if ($ca == 'true' && $import == 'true')
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#else
+#if ($caType == 'ca' && $import == 'true')
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#else
+<iframe scrolling=no frameborder=0 height=0 width=0 src="https://$caHost:$caPort/ca/admin/ca/getBySerial?serialNumber=$serialNumber&importCert=true"></iframe>
+#end 
+#end
+<input type="hidden" name="serialNumber" value=$serialNumber />
+<input type="hidden" name="caHost" value=$caHost />
+<input type="hidden" name="caPort" value=$caPort />
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/login.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/login.vm
new file mode 100644
index 000000000..dc9e7822d
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/login.vm
@@ -0,0 +1,109 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+  </head>
+
+
+  <body><div id="wrap">
+  
+#include ( "tps/admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+  -
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+         
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  Login</h1>
+
+A one time random pin has been generated during setup to protect unauthorized access to this configuration wizard. This pin has been stored in the "CS.cfg" configuration file as the value of the 'preop.pin' parameter. Please enter this pin to continue.
+
+    <p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <p>
+    <form name="f" action="login" method="post">
+                                                                                
+    <table class="details">
+      <tr>
+        <th>PIN:</th>
+        <td><input type=password name="pin"></td>
+      </tr>
+    </table>
+                                                                                     <div align="right">
+      <hr />
+    </div>
+    </form>
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+<td align=right>
+<input type=button onclick="javascript: document.f.submit();" name=login value="Login">
+</td>
+</tr>
+</table>
+
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+#include ( "tps/admin/console/config/footer.vm" )
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/modulepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/modulepanel.vm
new file mode 100644
index 000000000..d3e525f45
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/modulepanel.vm
@@ -0,0 +1,157 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Two lists of security modules are provided below. The <b>Supported Security Modules</b> list consists of both software-based and hardware-based security modules that this PKI solution supports, while the <b>Other Security Modules</b> list consists of any other security modules found by this PKI subsystem that are not recognized as one of the supported security modules. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<br/>
+Key pairs for this instance will be generated and stored on a device called a security module.
+<br/>
+A <b><i>key pair</i></b> consists of a public key and a private key. A <b><i>private key</i></b> is a secret entity which is never exposed to the public, will generally be protected via a security module, and is commonly referred to simply as the <b><i>key</i></b>. A <b><i>public key</i></b> is open, distributable, and while it may also be stored on a security module, it is not protected by this device. A public key, once signed by a CA, is more generally referred to as a <b><i>certificate</i></b>.
+<br/>
+<b><i>Security modules</i></b> can be either hardware-based or software-based. Although hardware-based security modules provide more security for the secret, or private portion of this key, they must be obtained from a third-party vendor and installed prior to deployment of this PKI solution. For this particular PKI implementation, a software-based FIPS 140-1 security module has been included.
+<br/>
+Before any security module solution can be used, a user must first always be authenticated to this security module via a token.  To support this, each security module consists of one or more <b><i>slots</i></b>. For hardware-based security modules, a slot often consists of one or more physical contact points to the device itself (e.g. - a card reader or USB receptacle), while for software-based security modules, these may be thought of as merely a functional entry point into the software.
+<br/>
+Finally, a <b><i>token</i></b> (often generically referred to as a <b><i>smartcard</i></b>), which contains the actual key material, interfaces with the security module via a slot. For hardware-based security modules, this may be something like a physical card containing a chip, or a USB device that can be physically inserted into a USB slot.  For software-based security modules, this can be thought of as an entry in a database. In the case of both hardware-based as well as software-based security modules, a password is the most commonly used method to complete this authentication.
+<br/>
+Since a security module may consist of slots for one or more tokens, the user must be successfully authenticated to each token of the chosen security module before this configuration can continue.
+</div>
+<br/>
+<H2>Supported Security Modules</H2>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $sms)
+<tr bgcolor="#eeeeee">
+  <td><img alt="" src=$module.getImagePath()><br>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	   Logged In
+	#else
+       	   Not logged In
+	#end
+    </td>
+  <td>
+   #if ($token.isLoggedIn())
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+   #end
+  </td>
+  <td>
+	#if (!$token.isLoggedIn())
+<a href="wizard?p=$subpanelno&amp;SecToken=$token.getNickName()">Login</a>
+	#end
+</td>
+</tr>
+#end
+#end
+
+</table>
+<H2>Other Security Modules</H2>
+<h3>The security modules listed below are modules found by the server but not recognized as one of the supported modules. If the user believes that any listed modules below should have been supported, please check the "CS.cfg" configuration file to see if there is a name mismatch and adjust this accordingly.</h3>
+<table width=100%>
+<tr bgcolor="#cccccc">
+  <td width=20%><b>Module/Token</b></td>
+  <td width=10%><b>Status</b></td>
+  <td width=10%><b>Default</b></td>
+  <td width=10%><b>Operations</b></td>
+</tr>
+#foreach ($module in $oms)
+<tr bgcolor="#eeeeee">
+  <td>$module.getUserFriendlyName()</td>
+  <td>
+	#if ($module.isFound())
+		Found
+	#else
+		Not Found
+	#end
+  </td>
+  <td></td>
+  <td></td>
+</tr>
+#foreach ($token in $module.getTokens())
+<tr>
+  <td>- $token.getNickName()</td>
+    <td>
+	#if ($token.isLoggedIn())
+	  Logged In
+	#else
+          Not logged In
+	#end
+    </td>
+  <td>
+    #if ($defTok == $token.getNickName())
+      <input checked type=radio name="choice" value="$token.getNickName()">
+    #else
+      <input type=radio name="choice" value="$token.getNickName()">
+    #end
+  </td>
+  <td></td>
+</tr>
+#end
+#end
+
+</table>
+
+
+    <br/>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/namepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/namepanel.vm
new file mode 100644
index 000000000..c506180b5
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/namepanel.vm
@@ -0,0 +1,90 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+Each certificate associated with this instance needs to have a unique name within the PKI hierarchy. The following information will be used to generate these unique names.  Each certificate will be stored in the security module using a unique nickname.<a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+Each unique name, called the certificate's subject name, is referenced as the distinguished name (DN). A DN may be composed of multiple comma separated name=value fields.
+<br/>
+</div>
+
+    <p>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#foreach ($item in $certs)
+<H2>$item.getUserFriendlyName()</H2>
+                                                                                
+    <table class="details">
+      <tr>
+        <th>DN:</th>
+        <td><input type="text" size="70" name="$item.getCertTag()" value="$item.getDN()"/></td>
+      </tr>
+      <tr> 
+        <th>Nickname:</th>
+        <td><input type="text" size="70" name="$item.getCertTag()_nick" value="$item.getNickname()"/></td>
+      </tr>
+    </table>
+<p>
+#end
+<p>
+<hr>
+<p>
+Please select the CA to submit these system certificate requests:
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+                                                                                
+   <div align="right">
+      <hr />
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainloginpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainloginpanel.vm
new file mode 100644
index 000000000..04fd723f8
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainloginpanel.vm
@@ -0,0 +1,108 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/ca/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/pki-base.css" type="text/css" />
+<META http-equiv=Content-Type content="text/html; charset=UTF-8">
+  </head>
+
+
+<div id="wrap">
+<div id="header">
+    <a href="http://pki.fedoraproject.org/" title="Visit pki.fedoraproject.org for more information about Dogtag products and services"><img src="/ca/admin/console/img/logo_header.gif" alt="Dogtag" id="myLogo" /></a>
+    <div id="headerpaddedtitle">
+    <a href="/" title="Dogtag Network homepage">Dogtag<sup><font size="-2">&reg;</font></sup> Certificate System</a>
+    </div>
+    <div id="account">
+          <dl><dt><span></span></dt><dd></dd></dl>
+    </div>
+</div>
+
+<div id="mainNavOuter">
+<div id="mainNav">
+                                                                                
+<div id="mainNavInner">
+                                                                                
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td width="100%">
+  <h1><img src="/ca/admin/console/img/pki-icon-software.gif" />
+  Security Domain ($name) Login </h1>
+
+    <form name=sdForm action="getCookie" method="post">
+    <p>The Enterprise $subsystem Administrator will register this $subsystem Subsystem located at $host under this Security Domain located at $sdhost. The credential information will be provided to the Security Domain for authentication.<p>
+#if ($errorString != "")
+<img src="/ca/admin/console/img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+    <table class="details">
+      <tr>
+        <th>Uid:</th>
+                                                                                
+        <td><input type="text" length="128" size="40" name="uid" value="$sd_uid" /></td>
+      </tr>
+                                                                                
+      <tr>
+        <th>Password:</th>
+                                                                                
+        <td><input type="password" length="64" size="40" name="pwd" value="$sd_pwd" autocomplete="off" /></td>
+      </tr>       
+<input type=hidden name=url value="$url">
+
+    </table>
+                                                                                
+    <div align="right">
+      <hr />
+      &nbsp;
+    </div>
+                                                                                
+
+<p>
+<table width=100%>
+<tr bgcolor="#eeeeee">
+  <td>
+<div align="right">
+<input onclick="sdForm.submit()" type="button" name="sd_next" value="Login"> 
+</div>
+  </td>
+</tr>
+</table>
+
+    </form>
+
+	</td>
+      </tr>
+    </table>
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm
new file mode 100644
index 000000000..f54703668
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/securitydomainpanel.vm
@@ -0,0 +1,114 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<h2>$panelname</h2>
+<br/>
+A security domain is a registry for all of the PKI services within an enterprise. Applications may use the security domain to locate other PKI services. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<br/>
+This PKI solution allows multiple security domains within an organization, but each security domain must host a Certificate Authority.
+<br/>
+If the user is creating a new security domain, this CA Administrator is also
+the security domain Administrator.
+<br/>
+If this subsystem is joining an existing security domain, the user will need to provide the credential information of the security domain Administrator
+requested in the next panel.
+</div>
+#if ($errorString != "")
+<img alt="" src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<br/>
+#if ($cstype == "CA") 
+<b><input $check_newdomain type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTP EE URL (unsecure): </th>
+        <td>http://$machineName:$http_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Agent URL (clientauth): </th>
+        <td>https://$machineName:$https_agent_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS EE URL (non-clientauth): </th>
+        <td>https://$machineName:$https_ee_port</td>
+      </tr>
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td>https://$machineName:$https_admin_port</td>
+      </tr>
+    </table>
+<br/>
+<b><input $check_existingdomain type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#else
+<b><input disabled="disabled" type=radio name=choice value="newdomain">&nbsp;Create a New Security Domain </b>
+<br/>
+If no security domain exists, a new one must be created for this CA.
+    <table class="details">
+      <tr>
+        <th>Security Domain Name: </th>
+        <td><input disabled="disabled" type=text size="40" name="sdomainName" value="$sdomainName"> (e.g. - Dogtag Security Domain)</td>
+      </tr>
+    </table>
+<br/>
+<b><input checked type=radio name=choice value="existingdomain">&nbsp;Join an Existing Security Domain </b>
+#end
+<br/>
+Enter the URL to an existing security domain.
+<br/>
+    <table class="details">
+      <tr>
+        <th>Security Domain HTTPS Admin URL (non-clientauth): </th>
+        <td><input type=text size="40" name="sdomainURL" value="$sdomainURL"> (e.g. - https://example.com:9445)</td>
+      </tr>
+    </table>
+<br/>
+<table>
+<tr>
+<td valign="top"><b>NOTE:&nbsp;&nbsp; </b></td>
+<td>Since a Security Domain MUST be a CA (although all CAs are NOT necessarily Security Domains), an appropriate value for this URL may be obtained by logging into the machine which hosts the desired Security Domain CA as 'root' and running the command "$initCommand status $instanceID" from the command-line.</td>
+</tr>
+</table>
+<br/>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/sidemenu.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/sidemenu.vm
new file mode 100644
index 000000000..c3dbf1410
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/sidemenu.vm
@@ -0,0 +1,29 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<div id="sidenav">
+<ul>
+  <li><a href="welcome">Welcome</a></li>
+  <li><a href="database">Internal Database</a></li>
+  <li><a href="module">Security Modules</a></li>
+  <li><a href="size">Key Size</a></li>
+  <li><a href="name">Issuer Name</a></li>
+  <li><a href="hierarchy">PKI Hierarchy</a></li>
+  <li><a href="admin">Administrator</a></li>
+  <li><a href="done">Finish</a></li>
+</ul>
+</div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/sizepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/sizepanel.vm
new file mode 100644
index 000000000..eeb62f6d8
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/sizepanel.vm
@@ -0,0 +1,234 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<style type="text/css">
+div#advance
+{
+  margin: 0px 20px 0px 20px;
+  display: none;
+}
+div#simple
+{
+  margin: 0px 20px 0px 20px;
+  display: block;
+}
+</style>
+
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+function toggleLayer(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function toggleLayer1(whichLayer)
+{
+  if (document.getElementById) {
+    // this is the way the standards work
+    var style2 = document.getElementById(whichLayer).style;
+    if (style2.display == "block") {
+      style2.display = "none";
+    } else if (style2.display == "") {
+      style2.display = "none";
+    } else {
+      style2.display = "block";
+    }
+  }
+}
+
+function keyTypeChange()
+{
+  var form = document.forms[0];
+  var keyTypeSelect = document.forms[0].elements['keytype'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_keytype') != -1) {
+      form.elements[name].selectedIndex = keyTypeSelect.selectedIndex;
+    }
+  }
+}
+
+function defaultChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function customChange()
+{
+  var form = document.forms[0];
+  var choiceSelect = document.forms[0].elements['choice'];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_choice') != -1) {
+      for (var j = 0; j < form.elements[name].length; j++) {
+        var c = form.elements[name];
+        c[j].checked = choiceSelect[j].checked;
+      }
+    }
+  }
+}
+
+function textChange()
+{
+  var customSize = document.forms[0].elements['custom_size'];
+  var form = document.forms[0];
+  for (var i = 0; i < form.length; i++) {
+    var name = form[i].name;
+    if (name.indexOf('_custom_size') != -1) {
+      form.elements[name].value = customSize.value;
+    }
+  }
+}
+
+</SCRIPT>
+Select the key pair type(s) and associated key pair size(s) from the pulldown menus. <a href="javascript:toggle_details();">[Details]</a>
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+<div id=details style="display: none;">
+<p>
+Each key pair is comprised of a <b><i>key type</i></b> and a <b><i>key size</i></b>. Based upon the key type selected from the first pulldown menu, associated key sizes (in bits) will be selectable from the second pulldown menu.
+<p>
+Within each key pair type (but not comparable between two different key pair types), the size of the key is a measure of how secure a given system is (i.e. - the longer the key pair size, the more secure the system). Unfortunately, longer key pair sizes increase the time required to perform operations such as signing certificates.
+<p>
+</div>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+<div id="simple">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple'); toggleLayer('advance');" title="Advanced">[Advanced]</a></td>
+</tr>
+</table>
+<p>
+<H2>Common Key Settings</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+        <td><select name="keytype" onChange="keyTypeChange()"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td>
+      </tr>
+</table>
+<p>
+    <input
+#if ($select == "default")
+ checked
+#end
+ onChange="defaultChange()" type=radio name="choice" value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC)</b>.
+    <p>
+    <input
+#if ($select == "custom")
+ checked
+#end
+ onChange="customChange()" type=radio name="choice" value="custom"><b>Use the following custom key size:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size:</th>
+        <td><input onChange="textChange()" type="text" size="20" name="custom_size" value="2048" /></td>
+      </tr>
+</table>
+</div>
+<p>
+<div id="advance">
+<p>
+<table width=100%>
+<tr>
+  <td align=right><a href="javascript:toggleLayer1('simple');toggleLayer('advance');" title="Simple">[Simple]</a></td>
+</tr>
+</table>
+#foreach ($item in $certs)
+<H2>Key for $item.getUserFriendlyName()</H2>
+<p>
+<table width=100% class="details">
+      <tr>
+        <th width="30%">Key Type:</th>
+        <td><select name="$item.getCertTag()_keytype"><option value=rsa>RSA</option><option value=ecc>ECC</option></select></td>
+      </tr>
+</table>
+<p>
+    <input
+#if ($item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="default"><b>Use the default key size ($default_keysize bits for RSA, $default_ecc_keysize bits for ECC).
+    <p>
+    <input
+#if (!$item.useDefaultKey())
+ checked
+#end
+ type=radio name=$item.getCertTag()_choice value="custom"><b>Use the following custom key size:</b>
+                                                                                
+    <p>
+<table width=100% class="details">
+      <tr>
+        <th>Key Size:</th>
+        <td><input type="text" size="20" name=$item.getCertTag()_custom_size value="$item.getCustomKeysize()" /></td>
+      </tr>
+</table>
+#end
+</div>
+<br/>
+<br/>
+<br/>
+#if ($firsttime == 'false')
+<input type="CHECKBOX" NAME="generateKeyPair">New Keys<p>
+#end
+<p>
+    <div align="right">
+      <hr />
+<i>Note: After pressing Next, keys will be generated on the server, which will take some time to complete.  Please wait for the next panel to appear.</i>
+      &nbsp;
+    </div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm
new file mode 100644
index 000000000..5cc18c29d
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/tksinfopanel.vm
@@ -0,0 +1,50 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT LANGUAGE="JavaScript">
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+
+</SCRIPT>
+The Token Key Service (TKS) is responsible for managing master keys that are used for establishing secure channels. Select an HTTPS Agent URL of a TKS from the list below.
+<p>
+#if ($errorString != "")
+<img src="../img/icon_crit_update.gif">&nbsp;<font color="red">$errorString</font>
+#end
+<p>
+    <table class="details">
+      <tr>
+        <th>URL:</th>
+        <td><select name="urls">
+           #if ($urls_size != 0)
+           #set ($x=0)
+           #foreach ($p in $urls)
+               <option value="$x">$p</option>
+               #set ($x=$x+1)
+           #end
+           #end
+            </select>
+        </td>
+      </tr>
+    </table>
+    <div align="right">
+      <hr />
+    </div>
+<p>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/topmenu.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/topmenu.vm
new file mode 100644
index 000000000..c76b2e8fa
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/topmenu.vm
@@ -0,0 +1,20 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">Setup Wizard</a></li>
+</ul>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/welcomepanel.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/welcomepanel.vm
new file mode 100644
index 000000000..619560dd3
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/welcomepanel.vm
@@ -0,0 +1,57 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<SCRIPT type="text/JavaScript">
+function myOnLoad() {
+}
+
+function performPanel() {
+    with (document.forms[0]) {
+        submit();
+    }
+}
+</SCRIPT>
+<H2>$wizardname</H2>
+The $fullsystemname
+ configuration wizard will guide the administrator through the process of configuring a single instance of the $fullsystemname
+ ($systemname). <a href="javascript:toggle_details();">[Details]</a>
+                                                                                
+<SCRIPT type="text/JavaScript">
+function toggle_details()
+{
+  d = document.getElementById('details');
+  if (d.style.display == "block") {
+    d.style.display="none";
+  } else {
+    d.style.display="block";
+  }
+}
+</script>
+                                                                                
+<div id=details style="display: none;">
+<p>
+A Public Key Infrastructure (PKI) system creates, manages, and revokes keys and certificates.
+<p>
+Dogtag Certificate System (DCS) $productversion &nbsp;
+is a robust PKI system consisting of numerous subsystems including a Certificate Authority (CA), a Registration Authority (RA), a Data Recovery Manager (DRM), an Online Certificate Status Protocol (OCSP) Manager, a Token Key Service (TKS), and a Token Processing System (TPS), as well as a multi-platform smartcard middleware software client called Enterprise Security Client (ESC).
+<p>
+For any subsystem to be useable, a user must use this wizard to configure an instance of this subsystem.
+#if ($systemType != "tps")
+<p>
+Additionally, this wizard may also be used to clone any existing instance to achieve scalability and high-availability.
+#end
+</div>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/wizard.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/wizard.vm
new file mode 100644
index 000000000..9d16ad8d3
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/wizard.vm
@@ -0,0 +1,147 @@
+<!-- --- BEGIN COPYRIGHT BLOCK ---
+     This program is free software; you can redistribute it and/or modify
+     it under the terms of the GNU General Public License as published by
+     the Free Software Foundation; version 2 of the License.
+
+     This program is distributed in the hope that it will be useful,
+     but WITHOUT ANY WARRANTY; without even the implied warranty of
+     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+     GNU General Public License for more details.
+
+     You should have received a copy of the GNU General Public License along
+     with this program; if not, write to the Free Software Foundation, Inc.,
+     51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+     Copyright (C) 2007 Red Hat, Inc.
+     All rights reserved.
+     --- END COPYRIGHT BLOCK --- -->
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+
+<html>
+  <head>
+    
+    <title>Dogtag Certificate System</title>
+
+    <link rel="shortcut icon" href="/tps/admin/console/img/favicon.ico" />
+    <link rel="stylesheet" href="/css/pki-base.css" type="text/css" />
+
+    <META http-equiv=Content-Type content="text/html; charset=UTF-8">
+
+  </head>
+
+<SCRIPT LANGUAGE="JavaScript">
+function process(fop) {
+    with (document.forms[0]) {
+        op.value = fop;
+        if (fop == 'next') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else if (fop == 'apply') {
+            document.getElementById('progress').style.visibility = "visible";
+            performPanel();
+        } else {
+            document.getElementById('progress').style.visibility = "visible";
+            submit();
+        }
+    }
+}
+
+</SCRIPT>
+
+  <body><div id="wrap">
+  
+#include ( "tps/admin/console/config/header.vm" )
+
+<div id="mainNavOuter">
+<div id="mainNav">
+
+<div id="mainNavInner">
+
+
+<ul>
+<li id="mainFirst-active"><a href="wizard" class="mainFirstLink">$name</a></li>
+</ul>
+
+</div><!-- end mainNavInner -->
+</div><!-- end mainNav -->
+</div><!-- end mainNavOuter -->
+
+
+<div id="bar">
+
+<div id="systembar">
+<div id="systembarinner">
+
+<div>
+</div>
+
+
+</div>
+</div>
+
+</div>
+<!-- close bar -->
+
+  <div id="content">
+    <table width="100%" cellspacing="0">
+      <tr>
+        <td class="sidebar">
+          
+<div id="sidenav">
+<ul>
+#foreach ($pn in $panels)
+#if (!$pn.isSubPanel())
+  #if ($pn.isPanelDone() == "false")
+    <li><center><font color=black size="2">$pn.getName()</font></center></li>
+  #else
+    <li><center><font color=white size="2">$pn.getName()</font></center></li>
+  #end
+#end
+#end
+</ul>
+</div>
+
+	</td>
+        <td class="page-content" width="100%">
+  <h1><img src="../img/pki-icon-software.gif" />
+  $title </h1>
+
+<form name=f method=post action="wizard">
+<input type=hidden name=p value="$p">
+
+#parse ( $panel )
+
+<input type=hidden name="op" value=''>
+
+</form>
+
+<table width=100% border=0 cellspacing=0 cellpadding=0>
+<tr bgcolor="#eeeeee">
+<td><img id=progress style="visibility: hidden;" src="../img/bigrotation2.gif" /></td>
+<td align=right>
+
+#if ($showApplyButton == "true")
+<input type=button onclick="process('apply')" name=back value="Apply">
+#end
+
+#if ($lastpanel)
+&nbsp;
+#else
+<input type=button onclick="process('next')" name=back value="Next>">
+#end
+
+</td>
+</tr>
+</table>
+
+	</td>
+      </tr>
+    </table>
+
+#include ( "tps/admin/console/config/footer.vm" )
+
+  </div> <!-- close content -->
+  </div> <!-- close wrap -->
+
+  </body>
+</html>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/config/xml.vm b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/xml.vm
new file mode 100644
index 000000000..31ff72aa2
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/config/xml.vm
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<response>
+  $xml 
+</response>
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/badge.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/badge.png
new file mode 100644
index 000000000..5fe0223b5
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/badge.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/bigrotation2.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/bigrotation2.gif
new file mode 100644
index 000000000..5bb90fd6a
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/bigrotation2.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-clear.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-clear.gif
new file mode 100644
index 000000000..336e6e5d9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-clear.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-manage.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-manage.gif
new file mode 100644
index 000000000..8f2f3db5e
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-manage.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-search.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-search.gif
new file mode 100644
index 000000000..b015c82a9
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/button-search.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/certificate.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/certificate.png
new file mode 100644
index 000000000..2ea9f88bb
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/certificate.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/clearpixel.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/clearpixel.gif
new file mode 100644
index 000000000..ae710460b
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/clearpixel.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/favicon.ico b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/favicon.ico
new file mode 100644
index 000000000..efc1d33f4
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/favicon.ico
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_checkin.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_checkin.gif
new file mode 100644
index 000000000..cb77e9f3f
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_checkin.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_crit_update.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_crit_update.gif
new file mode 100644
index 000000000..cf3c47907
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_crit_update.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_locked.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_locked.gif
new file mode 100644
index 000000000..fa0989276
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_locked.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_reg_update.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_reg_update.gif
new file mode 100644
index 000000000..662e17a84
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_reg_update.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_up2date.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_up2date.gif
new file mode 100644
index 000000000..7f2f9d4c0
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/icon_up2date.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/id.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/id.png
new file mode 100644
index 000000000..2c54191e1
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/id.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/idkey.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/idkey.png
new file mode 100644
index 000000000..3e27d2d05
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/idkey.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/key.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/key.png
new file mode 100644
index 000000000..db2896248
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/key.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/lock.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/lock.png
new file mode 100644
index 000000000..56be3b755
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/lock.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/logo_header.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/logo_header.gif
new file mode 100644
index 000000000..573482227
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/logo_header.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/no-certificate.png b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/no-certificate.png
new file mode 100644
index 000000000..7d93a41c3
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/no-certificate.png
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-help.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-help.gif
new file mode 100644
index 000000000..21d9f13d6
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-help.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-home.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-home.gif
new file mode 100644
index 000000000..ef1726b74
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-home.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-software.gif b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-software.gif
new file mode 100644
index 000000000..dd64b485c
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/img/pki-icon-software.gif
diff --git a/dogtag/tps-ui/shared/docroot/tps/admin/console/js/misc.js b/dogtag/tps-ui/shared/docroot/tps/admin/console/js/misc.js
new file mode 100644
index 000000000..d4dc336ab
--- /dev/null
+++ b/dogtag/tps-ui/shared/docroot/tps/admin/console/js/misc.js
@@ -0,0 +1,30 @@
+// --- BEGIN COPYRIGHT BLOCK ---
+// This program is free software; you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation; version 2 of the License.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License along
+// with this program; if not, write to the Free Software Foundation, Inc.,
+// 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+//
+// Copyright (C) 2007 Red Hat, Inc.
+// All rights reserved.
+// --- END COPYRIGHT BLOCK ---
+
+/**
+ * This function is to submit the form's parameters and to decide if the 
+ * window should remain open.
+ *
+ * @param f The form
+ * @param fclose true if you want to close the window; otherwise false.
+ */
+function saveConfig(f, fclose) {
+    f.submit();
+    if (fclose == true)
+        window.close();
+}
author	Endi Sukma Dewata <edewata@redhat.com>	2012-03-24 02:27:47 -0500
committer	Endi Sukma Dewata <edewata@redhat.com>	2012-03-26 11:43:54 -0500
commit	621d9e5c413e561293d7484b93882d985b3fe15f (patch)
tree	638f3d75761c121d9a8fb50b52a12a6686c5ac5c /dogtag
parent	40d3643b8d91886bf210aa27f711731c81a11e49 (diff)
download	pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.gz pki-621d9e5c413e561293d7484b93882d985b3fe15f.tar.xz pki-621d9e5c413e561293d7484b93882d985b3fe15f.zip