Lal Samuel Varghese
We would like to extend the validity period of an end entity certificate automatically without involving the client or its private key. Is this possible?
Saw the following comment in the user guide in the Certificate Renewal section:
"Since the CA has all public keys of end entities, as they are in the certificates that the CA stores, this process can be automated. How to automate that is more advanced and can be done in many ways, suitable for different work-flows. How to do that is not described here."
Where is it described then?
The thing is that this process depends on your environment and your work-flows. There are hundreds, or thousands, of different variations on this, so no description of them as far as I know.
You need to know your environment, and what you want to accomplish. The first pre-requisite is of course that you have full control of the clients, in order to do anything automatically on them.
If you have that, you just have to specify exactly what you want to do and how it should be done on a way that is easy to manage, robust and transparent for the users.