Enroll your first card with OpenTrust CMS

Create your profiles.
In Configuration  Protocols  CRMP you will have the possibility to setup your profiles.
Let’s create three profiles, that will later result in 3 certificates for each user: an authentication certificate, a signing certificate and an encryption certificate.
The first two will be decentralized profiles, and the encryption one will be centralized with escrow, so that we can always decrypt the user communications later. All configuration options are available in the profile section.

Create an account.
OpenTrust CMS will need access to Horizon in order to manage your cards certificates.
In order to do so, a certificate needs to be enrolled on a CA trusted by Horizon for client authentication.
This certificate should be able to enroll, revoke, recover and search on the CRMP profiles you want it to manage.
My certificate will here have for DN: CN=horizon-auth, and I will give it the appropriate rights.

Connect your applications.
For each of the profiles on Horizon, a CRMP application must be created (If CRMP is not available, it must be installed on your CMS: refer to OpenTrust CMS documentation).
It first needs to be able to connect.
The server url must be set to https://<horizon-url>/crmp.
The SSL client identity must then be set to the certificate created in step I.2.

Map your applications.
The information setup on Horizon will be displayed, and the fields can be mapped.
The enrolled certificate on Horizon will be the result of the values mapped in the Horizon Fields on the left.
It should be noted that some Horizon fields are indexed, but the CMS does not display numbers. They are ordered in the same order as on Horizon, with mandatory fields first and then optional fields.