One way is to create a client script that generates the keypair/CSR and uses SCEP to send it to the RA. Set it up so students authenticate using their NetID or something to run the script. Then direct them to install the issued cert from the RA or LDAP. These tasks can be done for most platforms using OpenSSL and sscep. I'm working on a similar plan using PKCS#11 smart cards.
Mike Mike Wiseman Manager, Computer Security Administration Computing and Networking Services University of Toronto > > Hi > > Before re-inventing the wheel, I am wondering if anyone has had > experience > in issuing certificates in bulk to a known group of, say, students > (such > as course intake). The usual process of presenting identification > individually does not apply in this case and that step can legitimately > be > omitted - the student's identity has been well and truly established > and > documented before having to present to the RA operator. > > Incidentally, we are talking about the issue of thousands of > certificates > at least initially when we introduce PKI certicates. > > I suppose we could require the student to submit a certificate signing > request and allow the RA Operator to process those automatically > without > face to face proof of identity. However, is there another way to do > this. > > I am interested in what people think about how to handle this situation > efficiently and what are the alternatives. If I can, I would like not > to > have the student re-prove identity. I am prepared to discuss off list > if > that helps. > > Regards > > > > Rob... > Robert Hazeltine Phone: +61(2) 9678-7621 > Senior Analyst/Programmer Mobile: 0410311656 > BIS Hawkesbury Email: [EMAIL PROTECTED] > University of Western Sydney > > ----------------------------------------------------------------------- > -- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > _______________________________________________ > Openca-Users mailing list > Openca-Users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openca-users ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
