Hi all,
the Import-Manager of Windows 10 asks for a passphrase of the private key, after downloading an enrolled certificate-token.
I just created a local test-CA; enrolled a certificate for a user and downloaded the pkcs12-File.
Does privacyIDEA encrypt the private key with a certain passphrase by default?
Kind regards
Axel Czuck
Hi Axel,
Set a PIN and use the PIN.
https://privacyidea.readthedocs.io/en/latest/modules/lib/tokentypes/certificate.html
Kind regards
Cornelius
Hi Cornelius,
you have been 30 Minutes faster than me.
Found out that a pkcs12-installation does not like the “otp_pin_random”-Policy that much.
We generally did not want the user to have the pin-option at all.
In the end we will enable this possibility for the user…
Thanks for your reply
Kind regards
Axel
Hi Cornelius,
when I allow the user to enroll TOTP and Certificates, he can only set the PIN for TOTP in the WebUI (The Pin-Fields in the Certificate-View are missing).
When I allow him only to enroll Certificates, he is able to set a pin for this certificates?
Why does privacyIDEA behave like this?
Kind regards
Axel
Hi Axel,
could be some broken logic in the webui.
You could open an issue at github, including your policies.
Kind regards
Cornelius