Use your CA to generate a PKCS #12 containing:

• A TLS client certificate for Entrust Validation Authority to authenticate on CA Gateway. 
• The private key of the certificate.

To generate the PKCS #12 with Entrust Security Manager:

• Select the 1-Key-Pair User (1-Key-Pair User with Dual Usage Key) certificate type to generate a PKCS #12 with a single client certificate.
• Check the Export PKCS #12 and All exportable options so the user can export the generated PKCS #12.