Hello, Attached is a patch that will allow arbitrary enrollment profiles to utilize a KRA, if one is set up. Simply add an "archive=true" line to the profile and restart the CA. No additional logic is added on the client/js side to see if the profile really is an encryption and not a signing cert request. Comments? Thanks, Joshua Roys