The one good thing that the Microsoft implementation of your own CA has, is that it includes a webinterface (screenshot below) and if you deploy the Microsoft Certificate Authority, it will integrate smoothly with your Active Directory, so you can actually request and get a certificate back from that IIS server that you are working on, withouth having to export anything. The bad part is that it all only runs on Windows Operating Systems and thata it is so tightly integrated into AD that switching anything later, for wahtever reason, will be nearly impossible. I know, a CA is there to stay, but I just like to have the possibility of having easy access to everything. There is also the matter of the Windows Server license(s) you will need for your CA.

Currently there are a VERY limited amount of Open Source Certificate Management interfaces. One of the most popular, PHPki , is not as easy to install and configure as many might like.

To streamline certificate issuing process in the short run, I would create a a textfile with all the users that will need certificates installed on their machines, and then make a shell script that will take that file, go though each name and generate a certificate for that person. Passwords are an issue, but you can always generate ?pins? as random passwords.

This is not an ideal solution but unless someone has some time to spare and would like to help me building a CA management Interface, not many options will be there. OpenCA is another option, but they require that you install everything ?their? way.
All in all, to make things very smooth I would say that you would have to cobble something together yourself.

//Flosse

Popularity: 3% [?]