1. Login to the system under service account (serviceca) and open the Certificates tool for the User.
2. Run the New certificate issuance wizard.
3. Select the Enrollment Agent certificate type, maximize the Details section and click Properties button, see Figure 6.

Figure 6 – Properties of Enrollment Agent template.

4. Switch to the Private key tab and expand the Key options menu and activate Make private key exportable option. See Figure 7.

Figure 7 – Properties of Enrollment Agent template - Private Key.

5. Move the issued certificate and its private key to certificate storage of the PC, where Indeed CM server is deployed.
6. Allow the service user (serviceca) to read the private key of Enrollment Agent certificate.

    • To do so, right-click the certificate in the Certificates tool of the PC.
    • Select All tasks > Manage Private Keys...
    • Item, click Add, specify the service account (serviceca).
    • Set Full control option.
    • Click Apply.


  • No labels