The certificate type created in Creating a certificate type for the administrator profile has a Dual Usage certificate definition. You must create a new certificate definition policy for this certificate definition that disables private key backup and enforces generating the key at the client application.
To create a new certificate definition policy for the new certificate type
- Log in to Security Manager Administration for the Security Manager CA.
In the tree view, expand Security Policy > User Policies.
Select Dual Usage Policy.
Select Policies > User Policies > Selected User Policy > Copy.
The Copy User Policy dialog box appears.- In the Label field, enter
Dual Usage CAGW Admin Policy. - In the Common name field, enter
Dual Usage CAGW Admin Policy. - In the Add to drop-down list, select the searchbase where you want to store the user policy.
- Under Policy Attributes:
- Deselect Backup private key.
- Select Generate key at client.
- Click OK.
- If prompted, authorize the operation. The operation may require more than one authorization. See the Security Manager Administration documentation for details.