Robert Hazeltine wrote: > Hi > > Before re-inventing the wheel, I am wondering if anyone has had experience > in issuing certificates in bulk to a known group of, say, students (such > as course intake). The usual process of presenting identification > individually does not apply in this case and that step can legitimately be > omitted - the student's identity has been well and truly established and > documented before having to present to the RA operator. > > Incidentally, we are talking about the issue of thousands of certificates > at least initially when we introduce PKI certicates. > > I suppose we could require the student to submit a certificate signing > request and allow the RA Operator to process those automatically without > face to face proof of identity. However, is there another way to do this. > > I am interested in what people think about how to handle this situation > efficiently and what are the alternatives. If I can, I would like not to > have the student re-prove identity. I am prepared to discuss off list if > that helps.
If your campus already uses kerberos authentication you might be interested in kerberized CA services which could automatically issue certificates based on authentication of the student's existing kerberos principal. The ones I know of are K.X509 [1], Heimdal kerberos [2] (implementing the server side of the kx509 protocol), and MyProxy [3]. [1] http://www.kx509.org [2] http://www.h5l.org [3] http://grid.ncsa.uiuc.edu/myproxy --ben ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
