there is a caEncECUserCert that works as I expect but generates Eliptic curve certificate. Is there any eqiuvalent for RSA? And next question is: could I use this profile to generate enduser certificate remote by calling REST service?2015-10-13 15:51 GMT+02:00 Marcin Mierzejewski <marcinmierzejewski1024@gmail.com>:Hi All,What I want is simple profile for requesting encryption(not sign) personal certificate that will private key be stored in KRA/DRM. I check existing profiles and found profile that name and description meet the goals I want to achieve.CaEncUserCert.cfgthis profile was not visible I change that. I opened this profile in end user CA applicationCertificate Profile - Manual User Encryption Certificates EnrollmentThis certificate profile is for enrolling user encryption certificates with option to archive keys.
Certificate Request Input Certificate Request Type list ( pcks10 or crmf) Certificate Request (text area for request) Subject Name
-fields with info about user(propably should be same values that were in certificate request)
Requestor Information
- info about requestor
How it's possible to store private key without even sending it to CA? can be private key enclosed into "Certificate Request"? If answer is no - as I think why there is a "option to archieve keys"?
Marcin
_______________________________________________
Pki-users mailing list
Pki-users@redhat.com
https://www.redhat.com/mailman/listinfo/pki-users