Hi All,What I want is simple profile for requesting encryption(not sign) personal certificate that will private key be stored in KRA/DRM. I check existing profiles and found profile that name and description meet the goals I want to achieve.CaEncUserCert.cfgthis profile was not visible I change that. I opened this profile in end user CA applicationCertificate Profile - Manual User Encryption Certificates EnrollmentThis certificate profile is for enrolling user encryption certificates with option to archive keys.
Certificate Request Input Certificate Request Type list ( pcks10 or crmf) Certificate Request (text area for request) Subject Name
-fields with info about user(propably should be same values that were in certificate request)
Requestor Information
- info about requestor
How it's possible to store private key without even sending it to CA? can be private key enclosed into "Certificate Request"? If answer is no - as I think why there is a "option to archieve keys"?
Marcin