I'm not sure what you are trying to do but it sounds to me like your are going down the
wrong path.
It seems to me that if you are dealing with PKI then you would be using a CA server and
this would be done automatically and/or integrated with LDAP from the certiuficate issuing
authority.