Enrollment Interface50 Netscape Certificate Management System Customization Guide • October 2001Default FormsThere are two types of default HTML forms that use the enrollment interface:manual or automated enrollment. Forms that use automated enrollment send anauthentication plug-in name as a parameter in the request which the servlet canuse to authenticate and process the request without manual intervention.The default manual enrollment forms are:• ManUserEnroll.html for requesting client certificates.• ManServerEnroll.html for requesting server certificates.• ManObjSign.html for requesting object signing certificates.• ManCAEnroll.html for requesting subordinate Certificate Manager signingcertificates.• ManRAEnroll.html for requesting Registration Manager certificates.The default automated enrollment forms are:• DirUserEnroll.html uses a UserDirEnrollment instance of theUidPwdDirAuth plug-in class by default.• DirPinUserEnroll.html uses a PinDirEnrollment instance of theUidPwdPinDirAuth plug-in class by default.NOTE The forms rely on a shared library called xenroll.dll (downloadedfrom the CMS server) to generate keys for Microsoft InternetExplorer browsers. By default, the keys generated by xenroll.dllhave a “medium” security setting which means they will be storedunencrypted and that they can be used by the browser for signingwithout prompting the user for a password. A “high” securitysetting will store the keys in a separate, encrypted file and force theuser to enter a password to use the keys for signing. There is no wayto force a “high” setting for keys, but you can force a dialog toappear to allow the user to choose a security setting when the key isfirst generated. Edit the the VisualBasic script for xenroll.dll usedin the enrollment forms (listed in the next section). Set the value ofthe GenKeyFlags parameter to 3 to prompt the user for a securitysetting when a key is generated using Microsoft Internet Explorer.