Hi,
I am not sure if this is the right place for this… but here goes anyway.
I am developing a web site which I need to use Client Side Authentication by way of certificates to validate registered users of the site. I was just wondering if anyone is doing this, and if so how have they deployed the certificates to the clients? I was thinking of secure e-mail for the certificate, and then sending the password to the certificate via secure text message. If I implement that approach I will have to generate the certificates on the fly as it were -> PHP calls shell script containing openssl commands. I think there are probably security implications to that approach, as you are blindly signing certificates. I can’t think of any other way to do it. If I was to generate the certs “offline” as it were, I think that might render the whole thing unusable, and I would have to be available 24/7 to generate the certificates.
Any ideas greatly appreciated?
/jlar