Hello Nitin, OpenCA supports two ways to automatically issue certificates. The first is to use the AutoCA function that let you issue certificates automatically based on several criteria (request is singed, approved, role, etc.) and you can activate it via the web interface. For CRLs there is the AutoCRL command that provide similar functionality but for CRLs. Also, for automatic emailing to users/clients there is the Auto-Email command that allows you to automatically send warnings (eg., for expiration) or emails (eg., on certificate issuing) to clients.
The other option is to use the batch interface that lets you issue requests/ certificates without user actions. The downside of the batch interface is the lack of a good documentation. To use automated clients you might want to consider using the SCEP protocol/ interface. There are several clients out there available for free and we do provide a client in LibPKI. Also, you might want to consider installing the PRQP server which allows clients to ask "Where is the CRL from this CA ?" or "Where is the SCEP gatway ?" or, again "Where is the HTML revocation gateway for this CA ?". We are starting to deploy the protocol in several communities and we hope to have it as a IETF standard soon. Cheers, Max On 04/06/2010 07:13 AM, Nitin Mahajan wrote:
HI! I am completely new to OpenCA. I just wanted to know, whether OpenCA once setup, can automatically sign and issue client certificates(based on predetermined criteria), with out a human intervention to every certificate request? I just wanted to use this to issue first time certificates to automated clients. Would this be right approach? regards -Nitin
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
