the Import-Manager of Windows 10 asks for a passphrase of the private key, after downloading an enrolled certificate-token.
I just created a local test-CA; enrolled a certificate for a user and downloaded the pkcs12-File.
Does privacyIDEA encrypt the private key with a certain passphrase by default?
you have been 30 Minutes faster than me.
Found out that a pkcs12-installation does not like the “otp_pin_random”-Policy that much.
We generally did not want the user to have the pin-option at all.
In the end we will enable this possibility for the user…
Thanks for your reply
when I allow the user to enroll TOTP and Certificates, he can only set the PIN for TOTP in the WebUI (The Pin-Fields in the Certificate-View are missing).
When I allow him only to enroll Certificates, he is able to set a pin for this certificates?
Why does privacyIDEA behave like this?
could be some broken logic in the webui.
You could open an issue at github, including your policies.