For MDMWS PKCS #12 (P12) enrollment, you must add the following certificate types to Entrust Certificate Authority CA.
- signing
- encryption
- dual usage (signing and encryption)
- non-repudiation
See below for the required steps.
To add MDMWS P12 certificate types
- Log in to Entrust Certificate Authority Administration.
- Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
- Open the certificate specifications file in a text editor.
Add the following lines to the
[Certificate Types]section.; ----------------------------------------------------------------------; Certificate types to be used with MDM for P12 Enrollments; ----------------------------------------------------------------------ent_mdm_p12_sig=enterprise,MDM P12 Signing,MDM P12 Signing Certificateent_mdm_p12_enc=enterprise,MDM P12 Encryption,MDM P12 Encryption Certificateent_mdm_p12_sig_enc=enterprise,MDM P12 Signing and Encryption,MDM P12 Signing and Encryption Certificateent_mdm_p12_nonrep=enterprise,MDM P12 Signing and Nonrepudiation,MDM P12 Signing and Nonrepudiation Certificate; ----------------------------------------------------------------------Add the following lines to the
[Extension Definitions]section.; ----------------------------------------------------------------------; Certificate definitions to be used with MDM for P12 Enrollments; ----------------------------------------------------------------------[ent_mdm_p12_sig Certificate Definitions]1=Verification[ent_mdm_p12_sig Verification Extensions]keyusage=2.5.29.15,n,m,BitString,1[ent_mdm_p12_sig Advanced]noUserInDirectory=1[ent_mdm_p12_enc Certificate Definitions]1=Encryption[ent_mdm_p12_enc Encryption Extensions]keyusage=2.5.29.15,n,m,BitString,001[ent_mdm_p12_enc Advanced]noUserInDirectory=1[ent_mdm_p12_sig_enc Certificate Definitions]1=Dual Usage[ent_mdm_p12_sig_enc Dual Usage Extensions]keyusage=2.5.29.15,n,m,BitString,101[ent_mdm_p12_sig_enc Advanced]noUserInDirectory=1[ent_mdm_p12_nonrep Certificate Definitions]1=Nonrepudiation[ent_mdm_p12_nonrep Nonrepudiation Extensions]keyusage=2.5.29.15,n,m,BitString,11[ent_mdm_p12_nonrep Advanced]noUserInDirectory=1;------------------------------------------------------------------------ Save and close the file.
- Import the certificate specifications back into Entrust Certificate Authority. In Entrust Certificate Authority Administration, select File > Certificate Specifications > Import.