Setting up PKI Services to create private keys for CMP clients
PKI Services can create private keys for CMP clients and return
a private key with a certificate. It uses the PKCS #11 API provided
by ICSF to create private keys. Note, however, that PKI Services does
not archive the private keys in the ICSF token data set (TKDS), as
it does for private keys that it creates for certificate requests it receives
from the end-user web application. To allow PKI Services to create
private keys, you must ensure that the ICSF programmer has installed
and configured ICSF, and has set up the TKDS. For more information, see Installing and configuring ICSF (optional).
Note: You do not need to perform any of
the other tasks that are described in Steps for setting up PKI Services to generate keys for certificate requests,
such as setting the TokenName parameter in the configuration
file, to allow the PKI Services CMP CGI program to generate private
keys for CMP clients. Those tasks apply only to private key generation
done by the PKI Services daemon, for certificates requested from the
PKI Services web application.