If the Microsoft CA settings configure Request Handling as follows.
Parameter | Value |
|---|---|
Purpose | Signature |
Delete revoked or expired certificates | |
Allow private key to be exported | |
For automatic renewal of smart card certificates, use the existing key if a new key cannot be created | |
Do the following when the public subject is enrolled and when the private key associated with this certificate is used | Prompt the user during enrollment |
As we see, the Archive subject's encryption private key option is disabled when selecting the Signature template.
