there is a caEncECUserCert that works as I expect but generates Eliptic curve certificate. Is there any eqiuvalent for RSA? And next question is: could I use this profile to generate enduser certificate remote by calling REST service?

2015-10-13 15:51 GMT+02:00 Marcin Mierzejewski <marcinmierzejewski1024@gmail.com>:
Hi All,

What I want is simple profile for requesting encryption(not sign) personal certificate that will private key be stored in KRA/DRM. I check existing profiles and found profile that name and description meet the goals I want to achieve.

CaEncUserCert.cfg

this profile was not visible I change that. I opened this profile in end user CA application 


Certificate Profile - Manual User Encryption Certificates Enrollment

This certificate profile is for enrolling user encryption certificates with option to archive keys.

Certificate Request Input
  • Certificate Request Type list ( pcks10 or crmf)
    		•
  • Certificate Request (text area for request)
    •  Subject Name 
     -fields with info about user(propably should be same values that were in certificate request)
    Requestor Information 
    - info about requestor

    How it's possible to store private key without even sending it to CA? can be private key enclosed into "Certificate Request"? If answer is no - as I think why there is a "option to archieve keys"?



    Marcin