Under this section, add the following profile settings for each Microsoft CA authority.

Certificate Template

The Microsoft Certificate name. No spaces.

Mandatory: Yes.

RA Enroll Key Store Provider Config

The SunPKCS11 configuration file described in the Thales Luna integration guide. Click Select Files to import this file.

Mandatory: Yes.

RA Enroll Key Store Provider

The security provider of the key store. When creating RA enrollment agent credentials in a Key Store file, supported values are the following.

When creating RA enrollment agent credentials in PKCS#11 HSM, supported values are the following.

Mandatory: Yes.

RA Enroll Key Store

The file generated when creating RA enrollment agent credentials in a Key Store file. Supported extensions for this file are:

• p12
• pfx
• Jks
• jceks

Click Select Files to import this file.

Mandatory: Yes.

RA Enroll Key Store Type

The type of key store. Supported values are:

• pkcs12
• pfx
• Jks
• jceks

Mandatory: Yes.

RA Enroll Key Store Password

The password of the key store containing the enrollment agent credential. Where the key store is either:

• A key store file.
• An HSM slot.

Mandatory: Yes.

RA Enroll Key Alias

The alias for accessing the enrollment agent's key in either:

• A key store file.
• An HSM slot. In this case, you can usually omit this value because most HSMs do not protect the slot objects with an additional password.

Mandatory: Yes.

RA Enroll Key Password

The password for accessing the enrollment agent's key in either:

• A key store file.
• An HSM slot. In this case, you can usually omit this value because most HSMs do not protect the slot objects with an additional password.

Mandatory: Yes.

Client Key Generation mode

The client key generation mode.

Mandatory: No. This optional parameter defaults to true.