For MDMWS enrollment with Certificate Enrollment Gateway, Entrust Certificate Authority must allow server-generated verification and nonrepudiation keys.

To allow server-generated verification and nonrepudiation keys in Entrust Certificate Authority

1. Edit the entmgr.ini configuration file.
2. Add the following settings. 
   [policy]

   allowServerGenVerCert=true

   allowServerGenNonRepudCert=true
3. Save the changes.