HI! Going through the enrollment process for dual-key certificates issued by https://testca.netscape.com/ I really wonder where the keys were generated. AFAIK CMP/CRMF allows key generation on client- and at the CA's side?
Can the user rely to be warned if key generation happens at the CA's side? Ciao, Michael.
