NSS/PSM onlys supports locally (client-side) generated keys. I know that testca.netscape.com issues certificates for keys that are generated on the client then passed to the CA. The key generation happens before the CRMF request is sent.
bob Michael Str�der wrote: > HI! > > Going through the enrollment process for dual-key certificates issued by > https://testca.netscape.com/ I really wonder where the keys were > generated. AFAIK CMP/CRMF allows key generation on client- and at the > CA's side? > > Can the user rely to be warned if key generation happens at the CA's side? > > Ciao, Michael. >
