Hi All,
What I want is simple profile for requesting encryption(not sign) personal
certificate that will private key be stored in KRA/DRM. I check existing
profiles and found profile that name and description meet the goals I want
to achieve.
*CaEncUserCert.cfg*
this profile was not visible I change that. I opened this profile in end
user CA application
*Certificate Profile - Manual User Encryption Certificates Enrollment *
This certificate profile is for enrolling user encryption certificates with
option to archive keys.
*Certificate Request Input *
- Certificate Request Type list ( pcks10 or crmf)
- Certificate Request (text area for request)
* Subject Name * -fields with info about user(propably should be same
values that were in certificate request)
*Requestor Information *- info about requestor
How it's possible to store private key without even sending it to CA? can
be private key enclosed into "Certificate Request"? If answer is no - as I
think why there is a "option to archieve keys"?
Marcin