-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Barry Brimer Sent: Friday, April 24, 2009 5:44 PM To: CentOS mailing list Subject: Re: [CentOS] Certificate system
Quoting J.Witvliet@MINDEF.NL:
Hi all,
Can anybody inform me wether the "RedHat Certificate System" or actually a CentOS equivalent is available for CentOS. Just skimmed on a download site through the RPM's for 5.3 and I couldn't find it. According to their pressrelease, it the code should be gpl, allthough I can't find any rpm for RH, FC or Centos.
It seems that this is one of the few CA-packages for large scale deployment of certificates. Only alternative AFAIK is OpenCA, which seems to be hardly
maintained...
( binaries on their site are old, and source code yields lots of errors during build..)
The Fedora version of RHCS is called Dogtag http://pki.fedoraproject.org/wiki/PKI_Main_Page You might have to modify/rebuild their SRPMS.
Yes, i came across dogtag. However i got the impression it was something in the same category like tinyca or pyca. Perhaps it is based on the code of RHCS, and all documentation is just some wiki pages. Bit different from the docu from RHCS-7.3 (Their admin guide is over 600 pages)
I was asked to make a proposal for an (large) opensource CA/RA/ocsp/....
If selected, i make them order an official package with support from RH. But i would like to have some hands-on experience before, and not get all my information from paper. OpenCA has also quite some nice docu (but doesn't live up to it), and used to be included in some distro's.
So, ejbca seems to be more appropiate than dogtag (if i can't get RHCS)
hw
______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
Does anyone know if I can integrate any of these systems with ssh keys?
For example I'd like to be able to hold and revoke ssh keys centrally, and then systems would be allowed to accept keys at certain times from certain individuals. This is similar to http://web.monkeysphere.info/ but I think I'm after something goes a bit further.
Thanks
J.Witvliet@MINDEF.NL wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Barry Brimer Sent: Friday, April 24, 2009 5:44 PM To: CentOS mailing list Subject: Re: [CentOS] Certificate system
Quoting J.Witvliet@MINDEF.NL:
Hi all,
Can anybody inform me wether the "RedHat Certificate System" or actually a CentOS equivalent is available for CentOS. Just skimmed on a download site through the RPM's for 5.3 and I couldn't find it. According to their pressrelease, it the code should be gpl, allthough I can't find any rpm for RH, FC or Centos.
It seems that this is one of the few CA-packages for large scale deployment of certificates. Only alternative AFAIK is OpenCA, which seems to be hardly
maintained...
( binaries on their site are old, and source code yields lots of errors during build..)
The Fedora version of RHCS is called Dogtag http://pki.fedoraproject.org/wiki/PKI_Main_Page You might have to modify/rebuild their SRPMS.
Yes, i came across dogtag. However i got the impression it was something in the same category like tinyca or pyca. Perhaps it is based on the code of RHCS, and all documentation is just some wiki pages. Bit different from the docu from RHCS-7.3 (Their admin guide is over 600 pages)
I was asked to make a proposal for an (large) opensource CA/RA/ocsp/....
If selected, i make them order an official package with support from RH. But i would like to have some hands-on experience before, and not get all my information from paper. OpenCA has also quite some nice docu (but doesn't live up to it), and used to be included in some distro's.
So, ejbca seems to be more appropiate than dogtag (if i can't get RHCS)
hw
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
J.Witvliet@MINDEF.NL -
Philip Manuel