[Pki-users] Dogtag profile for encryption certificate with storing private key in DRM/KRA

[Marcin Mierzejewski]

Hi All,

What I want is simple profile for requesting encryption(not sign) personal
certificate that will private key be stored in KRA/DRM. I check existing
profiles and found profile that name and description meet the goals I want
to achieve.

*CaEncUserCert.cfg*

this profile was not visible I change that. I opened this profile in end
user CA application


*Certificate Profile - Manual User Encryption Certificates Enrollment *

This certificate profile is for enrolling user encryption certificates with
option to archive keys.
*Certificate Request Input *
- Certificate Request Type list ( pcks10 or crmf)
- Certificate Request (text area for request)
*  Subject Name * -fields with info about user(propably should be same
values that were in certificate request)

*Requestor Information *- info about requestor

How it's possible to store private key without even sending it to CA? can
be private key enclosed into "Certificate Request"? If answer is no - as I
think why there is a "option to archieve keys"?



Marcin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151013/71de3efd/attachment.htm>