I am looking for certificate management based on PIN. The system I would like to have is this: I give my client a PIN (e.g., on a piece of label note) and he can use it as proof-of-identity to send request and acquire a certificate (preferably through HTTPS?). Where can I find more detailed information regarding this technique? So far, I've checked the RFC of CMS but there is no mentioning that you can use a PIN as proof-of-identity (only if the client has some type of certificate).
Thank you very much for the hint!
Instead of a PIN on a label, why not give your client a private key and certificate that you generate? You can put them on a USB drive, or even a special USB token device where the private key cannot be extracted. The client could then use that to connect to your service via 2-way SSL.