For MDMWS PKCS #12 (P12) enrollment, you must add the following certificate types to the Security Manager CA: signing, encryption, dual usage (signing and encryption), non-repudiation.

To add MDMWS P12 certificate types to Security Manager

  1. Log in to Security Manager Administration.
  2. Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
  3. Open the certificate specifications file in a text editor.

  4. Add the following lines to the [Certificate Types] section.

    ; ----------------------------------------------------------------------
    ; Certificate types to be used with MDM for P12 Enrollments
    ; ----------------------------------------------------------------------
    ent_mdm_p12_sig=enterprise,MDM P12 Signing,MDM P12 Signing Certificate
    ent_mdm_p12_enc=enterprise,MDM P12 Encryption,MDM P12 Encryption Certificate
    ent_mdm_p12_sig_enc=enterprise,MDM P12 Signing and Encryption,MDM P12 Signing and Encryption Certificate
    ent_mdm_p12_nonrep=enterprise,MDM P12 Signing and Nonrepudiation,MDM P12 Signing and Nonrepudiation Certificate
    ; ----------------------------------------------------------------------

  5. Add the following lines to the [Extension Definitions] section.

    ; ----------------------------------------------------------------------
    ; Certificate definitions to be used with MDM for P12 Enrollments
    ; ----------------------------------------------------------------------
    [ent_mdm_p12_sig Certificate Definitions]
    1=Verification
     
    [ent_mdm_p12_sig Verification Extensions]
    keyusage=2.5.29.15,n,m,BitString,1
     
    [ent_mdm_p12_sig Advanced]
    noUserInDirectory=1
     
    [ent_mdm_p12_enc Certificate Definitions]
    1=Encryption
     
    [ent_mdm_p12_enc Encryption Extensions]
    keyusage=2.5.29.15,n,m,BitString,001
     
    [ent_mdm_p12_enc Advanced]
    noUserInDirectory=1
     
    [ent_mdm_p12_sig_enc Certificate Definitions]
    1=Dual Usage
     
    [ent_mdm_p12_sig_enc Dual Usage Extensions]
    keyusage=2.5.29.15,n,m,BitString,101
     
    [ent_mdm_p12_sig_enc Advanced]
    noUserInDirectory=1
     
    [ent_mdm_p12_nonrep Certificate Definitions]
    1=Nonrepudiation
     
    [ent_mdm_p12_nonrep Nonrepudiation Extensions]
    keyusage=2.5.29.15,n,m,BitString,11
     
    [ent_mdm_p12_nonrep Advanced]
    noUserInDirectory=1
    ;-----------------------------------------------------------------------
  6. Save and close the file.
  7. Import the certificate specifications back into Security Manager. In Security Manager Administration, select File > Certificate Specifications > Import.