In CA Gateway, you must create profiles for each Managed CA that will issue certificate for EST enrollment. Each profile must issue one of the EST certificate types you added earlier to the Managed CA.
When adding these profiles to CA Gateway:
- The Subject Variable Requirements settings are not supported.
- The Subject Builder Configuration settings are not supported.
- The values for the Certificate Type and Certificate Definition settings must match the values specified in the Managed CA.
- The LDAP entry creation mode setting must be false.
- The value for User Role must match a role that allows PKCS #12 export. You may have created a role that allows PKCS #12 export named End User P12.