For MDMWS PKCS #12 (P12) enrollment, you created certificate types in Security Manager. You must create new certificate definition policies for these certificate types. These new certificate definitions will allow server-generated keys and private key backup. You will map these certificate definition policies to the certificate definitions later.

To create a Dual Usage P12 certificate definition policy in Security Manager

  1. Log in to Security Manager Administration.
  2. In the tree view, select Security Policy > User Policies > Dual Usage Policy.
  3. Select User Policies > Selected User Policy > Copy. The Copy User Policy dialog box appears.
  4. In the Label field, enter Dual Usage P12 Policy.
  5. In the Common name field, enter Dual Usage P12 Policy.
  6. Under Policy Attributes:
    • Select Back up private key.
    • Deselect Generate key at client.
  7. Click Apply.
  8. If prompted, authorize the operation.

To create an Encryption P12 certificate definition policy in Security Manager

  1. Log in to Security Manager Administration.
  2. In the tree view, select Security Policy > User Policies > Encryption Policy.
  3. Select User Policies > Selected User Policy > Copy. The Copy User Policy dialog box appears.
  4. In the Label field, enter Encryption P12 Policy.
  5. In the Common name field, enter Encryption P12 Policy.
  6. Under Policy Attributes:
    • Select Back up private key.
    • Deselect Generate key at client.
  7. Click Apply.
  8. If prompted, authorize the operation.

To create a Verification P12 certificate definition policy in Security Manager

  1. Log in to Security Manager Administration.
  2. In the tree view, select Security Policy > User Policies > Verification Policy.
  3. Select User Policies > Selected User Policy > Copy. The Copy User Policy dialog box appears.
  4. In the Label field, enter Verification P12 Policy.
  5. In the Common name field, enter Verification P12 Policy.
  6. Under Policy Attributes:
    • Select Back up private key.
    • Deselect Generate key at client.
  7. Click Apply.
  8. If prompted, authorize the operation.

To create a Nonrepudation P12 certificate definition policy in Security Manager

  1. Log in to Security Manager Administration.
  2. In the tree view, select Security Policy > User Policies > Encryption Policy.
  3. Select User Policies > Selected User Policy > Copy. The Copy User Policy dialog box appears.
  4. In the Label field, enter Nonrepudiation P12 Policy.
  5. In the Common name field, enter Nonrepudiation P12 Policy.
  6. Under Policy Attributes:
    • Select Back up private key.
    • Deselect Generate key at client.
  7. Click Apply.
  8. If prompted, authorize the operation.