Hi Michael's :)
so I suggest the following....
The dataexchange will split up into two parts - first packaging all data into an archive to export the stuff from the CA (no network connection) to a "batch roll-out maschine" (can be the RA)
For this step I will create a directory structure "userid/processid/" in the dataexchange tree and put all relevant data (plain certs, pkcs12 key files, etc.) there
The whole tree for ALL users is put into a tar when runing an export request, so we receive an archive like this:
dataexchange/
oliwel/
batch05/
cert25.pem
privatekey.p12
cabundle.crt
michael
batch06/
cert26.pem
privatekey.p12
cabundle.crtThe RA side can now unpack the stuff and do the rollout - as this is differnt for every environment, I think about building a generic "provider" that does the rollout via the RA Interface
Make your beds ppls - I will start after lunch ;)
Oliver -- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
