For MDMWS enrollment with Certificate Enrollment Gateway, Security Manager must allow server-generated verification and nonrepudiation keys. To allow server-generated verification and nonrepudiation keys in Security Manager, configure the following entmgr.ini settings:

For information about changing these settings, see the Security Manager documentation.