For WSTEP enrollment, you must add the following certificate types to the Security Manager CA: signing, encryption, dual usage (signing and encryption), non-repudiation.

To add WSTEP certificate types to Security Manager

  1. Log in to Security Manager Administration.
  2. Export the certificate specifications to a file by selecting File > Certificate Specifications > Export.
  3. Open the certificate specifications file in a text editor.

  4. Add the following lines to the [Certificate Types] section.

    ; ----------------------------------------------------------------------
    ; Certificate types to be used with WSTEP
    ; ----------------------------------------------------------------------
    ent_wstep_sig=enterprise,WSTEP Signing,WSTEP Signing Certificate
    ent_wstep_enc=enterprise,WSTEP Encryption,WSTEP Encryption Certificate
    ent_wstep_sig_enc=enterprise,WSTEP Signing and Encryption,WSTEP Signing and Encryption Certificate
    ent_wstep_sig_nonrep=enterprise,WSTEP Signing and Nonrepudiation,WSTEP Signing and Nonrepudiation Certificate
    ; ----------------------------------------------------------------------

  5. Add the following lines to the [Extension Definitions] section.

    ; ----------------------------------------------------------------------
    ; Certificate definitions to be used with WSTEP
    ; ----------------------------------------------------------------------
     
    [ent_wstep_sig Certificate Definitions]
    1=Verification
     
    [ent_wstep_sig Verification Extensions]
    keyusage=2.5.29.15,n,m,BitString,1
     
    [ent_wstep_sig Advanced]
    noUserInDirectory=1
     
    [ent_wstep_enc Certificate Definitions]
    1=Encryption
     
    [ent_wstep_enc Encryption Extensions]
    keyusage=2.5.29.15,n,m,BitString,001
     
    [ent_wstep_enc Advanced]
    noUserInDirectory=1
     
    [ent_wstep_sig_enc Certificate Definitions]
    1=Dual Usage
     
    [ent_wstep_sig_enc Dual Usage Extensions]
    keyusage=2.5.29.15,n,m,BitString,101
     
    [ent_wstep_sig_enc Advanced]
    noUserInDirectory=1
     
    [ent_wstep_sig_nonrep Certificate Definitions]
    1=Nonrepudiation
     
    [ent_wstep_sig_nonrep Nonrepudiation Extensions]
    keyusage=2.5.29.15,n,m,BitString,11
     
    [ent_wstep_sig_nonrep Advanced]
    noUserInDirectory=1
  6. Save and close the file.
  7. Import the certificate specifications back into Security Manager. In Security Manager Administration, select File > Certificate Specifications > Import.