1. Login to the system under service account (serviceca) and open the Certificates tool for the User.
2. Run the New certificate issuance wizard.
3. Select the Enrollment Agent certificate type, maximize the Details section and click Properties button.
4. Switch to the Private key tab and expand the Key options menu and activate Make private key exportable option.
5. Move the issued certificate and its private key to certificate storage of the PC, where Indeed CM server is deployed.
6. Allow the service user (serviceca) to read the private key of Enrollment Agent certificate.
- To do so, right-click the certificate in the Certificates tool of the PC.
- Select All tasks – Manage Private Keys...
- Item, click Add, specify the service account (serviceca).
- Set Full control option.
- Click Apply.