[Pki-users] Dogtag profile for encryption certificate with storing private key in DRM/KRA
Marcin Mierzejewski
marcinmierzejewski1024 at gmail.com
Tue Oct 13 14:36:26 UTC 2015
there is a caEncECUserCert that works as I expect but generates Eliptic
curve certificate. Is there any eqiuvalent for RSA? And next question is:
could I use this profile to generate enduser certificate remote by calling
REST service?
2015-10-13 15:51 GMT+02:00 Marcin Mierzejewski <
marcinmierzejewski1024 at gmail.com>:
> Hi All,
>
> What I want is simple profile for requesting encryption(not sign) personal
> certificate that will private key be stored in KRA/DRM. I check existing
> profiles and found profile that name and description meet the goals I want
> to achieve.
>
> *CaEncUserCert.cfg*
>
> this profile was not visible I change that. I opened this profile in end
> user CA application
>
>
> *Certificate Profile - Manual User Encryption Certificates Enrollment *
>
> This certificate profile is for enrolling user encryption certificates
> with option to archive keys.
> *Certificate Request Input *
> - Certificate Request Type list ( pcks10 or crmf)
> - Certificate Request (text area for request)
> * Subject Name * -fields with info about user(propably should be same
> values that were in certificate request)
>
> *Requestor Information *- info about requestor
>
> How it's possible to store private key without even sending it to CA? can
> be private key enclosed into "Certificate Request"? If answer is no - as I
> think why there is a "option to archieve keys"?
>
>
>
> Marcin
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151013/6d9d8216/attachment.htm>
More information about the Pki-users
mailing list