In Entrust Certificate Authority, create a client policy and a role to allow PKCS #12 enrollment through the MDMWS protocol.
Creating a client policy for MDMWS P12 enrollment
See below to create an Entrust Certificate Authority client policy for MDMWS P12 enrollment.
To create a client policy for MDMWS P12 enrollment
- Log in to Entrust Certificate Authority Administration.
- In the tree view, select Security Policy > User Policies > End User Policy.
- Select User Policies > Selected User Policy > Copy. The Copy User Policy dialog box appears.
- In the Label field, enter
End User P12 Policy. - In the Common name field, enter
End User P12 Policy. - Under Policy Attributes:
- Select Allow PKCS#12 Export.
- Deselect All exportable.
- Click Apply.
- If prompted, authorize the operation.
Creating a role for MDMWS P12 enrollment
See below to create an Entrust Certificate Authority role allowing PKCS #12 export.
In CA Gateway, the CA profile Certificate Enrollment Gateway will use for MDMWS enrollment must assign this role to end users. The XAP administrator profile used to manage the CA profile must also have permission to administer this role.
To create a role for MDMWS P12 enrollment
- Log in to Entrust Certificate Authority Administration.
- In the tree view, select Security Policy > Roles > End User.
- Select User Policies > Selected Role > Copy. A copy of the role appears at the bottom of the list of roles in the tree view, and the new role’s properties appear in the right pane.
- In the Unique name field, enter End User P12.
- In the User Policy drop-down list, select End User P12 Policy.
- Click Apply.
- If prompted, authorize the operation.