When Manchester had dcache on the WNs we had 1000 to request and we used the PeCR tools. We used the bulk.pl tool with a null passphrase. When we eliminated dcache I passed the bucket and I know that the old sys admin had resorted to requesting the certs one at the time. It was clearly considered easier by them. I preferred going through the pain for all the certificates once a year instead even if the procedure is more complicated and requires interacting with the CA they never made it easier. cheers alessandra On 02/08/2011 21:43, Christopher J. Walker wrote: > How do other people renew host certificates? > > Currently to renew a certificate on one of our CEs/SEs/APEL etc > machines, I combine the private key and certificate into .p12 format, > load it into my browser and renew it over the web. > > This is all a bit of a pain - there's got to be a better way. I've > previously been pointed at http://wiki.ngs.ac.uk/index.php?title=PeCR > > AFAICT, with this tool it is possible (or at least documented) to use > the --server option to request a certificate without a passphrase, but > this doesn't work for a renewal. > > Chris