Setting up PKI Services to create private keys for CMP clients

PKI Services can create private keys for CMP clients and return a private key with a certificate. It uses the PKCS #11 API provided by ICSF to create private keys. Note, however, that PKI Services does not archive the private keys in the ICSF token data set (TKDS), as it does for private keys that it creates for certificate requests it receives from the end-user web application. To allow PKI Services to create private keys, you must ensure that the ICSF programmer has installed and configured ICSF, and has set up the TKDS. For more information, see Installing and configuring ICSF (optional).
Note: You do not need to perform any of the other tasks that are described in Steps for setting up PKI Services to generate keys for certificate requests, such as setting the TokenName parameter in the configuration file, to allow the PKI Services CMP CGI program to generate private keys for CMP clients. Those tasks apply only to private key generation done by the PKI Services daemon, for certificates requested from the PKI Services web application.
Parent topic: Setting up PKI Services to process CMP requests