[CentOS] Certificate system

Philip Manuel phil at zomojo.com
Mon Apr 27 00:16:27 UTC 2009 

Does anyone know if I can integrate any of these systems with ssh keys?

For example I'd like to be able to hold and revoke ssh keys centrally, 
and then systems would be allowed to accept keys at certain times from 
certain individuals.  This is similar to http://web.monkeysphere.info/ 
but I think I'm after something goes a bit further.

Thanks

J.Witvliet at MINDEF.NL wrote:
>  
>
> -----Original Message-----
> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Behalf Of Barry Brimer
> Sent: Friday, April 24, 2009 5:44 PM
> To: CentOS mailing list
> Subject: Re: [CentOS] Certificate system
>
> Quoting J.Witvliet at MINDEF.NL:
>
>   
>> Hi all,
>>
>> Can anybody inform me wether the  "RedHat Certificate System" or 
>> actually a CentOS equivalent is available for CentOS.
>> Just skimmed on a download site through the RPM's for 5.3 and I 
>> couldn't find it.
>> According to their pressrelease, it the code should be gpl, allthough 
>> I can't find any rpm for RH, FC or Centos.
>>
>> It seems that this is one of the few CA-packages for large scale 
>> deployment of certificates.
>> Only alternative AFAIK is OpenCA, which seems to be hardly
>>     
> maintained...
>   
>> ( binaries on their site are old, and source code yields lots of 
>> errors during build..)
>>     
>
> The Fedora version of RHCS is called Dogtag
> <http://pki.fedoraproject.org/wiki/PKI_Main_Page>
> You might have to modify/rebuild their SRPMS.
>
>
> Yes, i came across dogtag.
> However i got the impression it was something in the same category like
> tinyca or pyca.
> Perhaps it is based on the code of RHCS, and all documentation is just
> some wiki pages.
> Bit different from the docu from RHCS-7.3 (Their admin guide is over 600
> pages)
>
> I was asked to make a proposal for an (large) opensource CA/RA/ocsp/....
>
> If selected, i make them order an official package with support from RH.
> But i would like to have some hands-on experience before, and not get
> all my information from paper.
> OpenCA has also quite some nice docu (but doesn't live up to it), and
> used to be included in some distro's. 
>
> So, ejbca seems to be more appropiate than dogtag (if i can't get RHCS)
>
> hw
>
> ______________________________________________________________________
> Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.
>
> This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

More information about the CentOS mailing list