New Thawte Enterprise Certificate Center

[Gary Flynn <flynngn () JMU EDU>]

I have a question to those of you who have transitioned from Thawte's old
SPKI center to the new
enterprise certificate center.

In the old system, our "technical officers" could see all certs so they
could back each other
up in renewing certs when people were on vacation, out sick, etc. In the new
system, "subscribers"
can only see certs they requested. So other "subscribers" can no longer back
them up. Thawte's
suggested solution was to promote all the subscribers to
administrators/security officers which
subverts the request/approval mechanism as they'd be able to approve their
own (and others') cert
requests. I do not want to do that. The only other option that comes to mind
would be to use
shared accounts and passwords for the subscriber accounts which I'm
philosophically opposed to.
How would I know who was actually requesting a cert or renewal if the
request comes from a
shared account?

Have you figured out a way to allow your subscribers to back each other up?

Gary Flynn
Security Engineer
James Madison University