[Openca-Users] Batch approval of many certificates

Tue, 28 Nov 2006 05:01:26 -0800 

Hello,

For an initial rollout of VPN servers I need the possibility to do
mass approval of certificate requests and ideally signing of those
requests. We will have to issue roughly 500 certs in one week, and we
don't want to klick on "approve cert" in the web interface for each of
them. Since we create these initial CSRs ourselves, authentication of
the requests is no issue.

Does there exist a method in OpenCA to do this?
(I'm using OpenCA 0.9.3-rc1.)

Specifically, I would need the following one or two functions:

 1) Approval of all available CSRs.

    They will have been submitted by SCEP. (At least, that's the plan,
    configuration of OpenCA's SCEP interface is next on my list to do. ;-)

    Signed approval might be a problem: Of course, I can make the RA
    Operator's private key availabe to the function. A method to use
    it and sign all requests as well would be best, because it would
    make the next function unnecessary. Does such a method exist?

 2) Issue certificates to all available approved, but unsigned, CSRs.
    I assume that I have to change lib/cmds/bpIssueCertificate for
    that?

I started to look at the batch processing system, if it would be the
framework for a solution. But the available workflow seems to be more
something for creation of complete keys and certs on the CA node. On
the RA node, it is not installed at all, cgi-bin/batch/batch is
missing. Or am I wrong here?

Any help for pointers how I must approach this task would be very
appreciated,

        Joachim

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod                          Email: [EMAIL PROTECTED]
Roedermark, Germany

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to