Re: [Pki-users] Anybody got dual kay certs and key archiving working with Dogtag?

Hi! I've set up pki-ca, pki-ocsp, pki-ra and pki-kra. However, it seems that pki-kra doesn't archive any keys. I've tested it with the following profiles when issuing certificates: Using the CA instance: * caUserCert (Manual User Dual-Use Certificate Enrollment) - I know, it won't work, it's Dual-Use, not Dual-Key. However, the protocol used is CRMF. * caDirUserCert (Directory-Authenticated User Dual-Use Certificate Enrollment) - another Dual-Use, not Dual-Key. But CRMF-based. * caDualRAuserCert (RA Agent-Authenticated User Certificate Enrollment) - they don't write what "Dual" means here. Is it Dual-Use too? Using the RA instance: * caDualRAuserCert (RA Agent-Authenticated User Certificate Enrollment) - it has "Dual" in its name... So it seems that there's potential confusion over which "Dual" is implied in the profile names (does it correspond to key usage, or the amount of keys?). Based on my experiments, either all those profiles are single key, or my client doesn't support dual key generation (it's Firefox 3 nightly build). So the question is - what combination of certificate profiles and client (web browser) versions allows for generating dual key certificates whose keys will be correctly archived by KRA/DRM?