> 2) Issuing client certs isn't that difficult.� with windows vista/7,if dealing with client keys - most of the times its just PEAP with user/pass
> installing a cert is a simple double-click operation, so if they have a
> usb flash, you can use linux to zip a copy of their private key and a .doc
> with instructions (including screenies!) on configuring their OS in a
> matter of seconds, all they have to do is stop by IT to request a key
> once, and it's good for as long as you honour it.
and its the CA thats an issue. even then there are ways of doing this quite
easily... eg https://su1x.sf.net