I just added "Certificate Request Agent" for Issuance Requirements , for 1 authorized signature: Application Policy

I think this was it . Can anybody confirm ?