In CA Gateway, you must create profiles for each Managed CA that will issue certificate for MDM Web Service enrollment (PKCS #12 enrollment over the MDMWS protocol). Each profile must issue one of the MDMWS P12 certificate types you added earlier to the Managed CA.
When adding these profiles to CA Gateway:
- The Subject Variable Requirements settings are not supported.
- The Subject Builder Configuration settings are not supported.
- The values for the Certificate Type and Certificate Definition settings must match the values specified in the Managed CA.
- The LDAP entry creation mode setting must be false.
- The value for User Role must match a role that allows PKCS #12 export. You may have created a role that allows PKCS #12 export named End User P12.