Hi All,
What I want is simple profile for requesting encryption(not sign) personal certificate that will private key be stored in KRA/DRM. I check existing profiles and found profile that name and description meet the goals I want to achieve.
CaEncUserCert.cfg
this profile was not visible I change that. I opened this profile in end user CA application
Certificate Profile - Manual User Encryption Certificates Enrollment
This certificate profile is for enrolling user encryption certificates with option to archive keys.
Certificate Request Input
|
Certificate Request Type list ( pcks10 or crmf) |
|
Certificate Request (text area for request)
Subject Name -fields with info about user(propably should be same values that were in certificate request) Requestor Information - info about requestor
How it's possible to store private key without even sending it to CA? can be private key enclosed into "Certificate Request"? If answer is no - as I think why there is a "option to archieve keys"?
|
|
Marcin