[CentOS] Suggestions for a plug and play CA certificate manager?

Robert Moskowitz rgm at htt-consult.com
Tue Jun 24 22:50:33 UTC 2008

James B. Byrne wrote:
> I have played with self-signed end-use PKI certificates for about a decade
> now and would really like to set up a proper, albeit private, PKI using
> some sort of OFS CA management software. I have looked at OpenCA and found
> a few packages on sourceforge but they all seem to fall short of my
> desires in one form or another (rpm install, multiple subordinate CAs,
> certificate revocation and extension management, web-based or
> linux/microsoft GUI) .  I have even tried to use the scripts that come
> with OpenSSL with very limited success.
> What I would like to do is to set up a self-signed root CA certificate,
> then use that to issue one or more signing CA's, each possibly limited as
> to what type of certificate that they can sign. These issuing CAs would
> then sign certificate requests for end-use certificates for hosts, email
> accounts, document provenance, objects, etc.
Perhaps more than what you want, but Spyrus just released their 
PocketCA(tm). A complete CA on a USB dongle. I know a lot of people at 
Spyrus and they are among the best you will find in the PKI arena. So it 
is worth a look.

Otherwise, try TinyCA2. It will do what you want too.

More information about the CentOS mailing list