Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: openssl.. web based certificate management

From: "Saqib Ali" <docbook.xml () gmail com>
Date: Wed, 22 Nov 2006 14:45:54 -0500
Hi Florian,

Certificate management is a serious business. I am not sure why a
small org which can't afford a commercial CA suite would even want to
manage their certificates. If the organization doesn't have a proper
"Certificate Policy" and "Certification Practice Statement" in place
the Verisign won't even sign the root cert of the organization.

For Smaller organizations Managed PKI with enTrust, Verisign or RSA is
the way to go.

I wouldn't recommend any small Org to install their own web based PKI
management suite. Maybe that is why there isn't any OSS project for
this.... :-)

saqib
http://www.full-disk-encryption.net


On 11/21/06, Florian Rommel <frommel () gmail com> wrote:

Hi list,
I have been googling for a while now and I haven't found an answer to
this so I am writing this here, sorry if it is completely off-topic.

As some of you have read I am writing a rather long(ish) paper/
tutorial/intro/guide to Certificate management for small
organizations (here is the brief: http://blog.2blocksaway.com/
2006/11/02/the-openssl-for-everything-project-brief/  ). Which
basically guides the reader thru the simple steps of building a CA
and how to implement certificates into the various applications etc.
etc. etc. (btw, whoever wants to help writing or shoot me pointers to
the non and covered subjects already, please I like constructive
criticism..) . Anyway, I have the 4 first chapters done and now come
to the streamlining the process part. Here is the problem I would
like to introduce and help the user/reader to get a web-based
certificate management ready, which should run on apache and should
be free (OSS).  I have checked phpki but a) their documentation is,
well, bad (and i am being nice) and somehow it gives the impression
that it is meant for email certificates only.

My question, does anyone know any other free (OSS) project or
software of the kind. Or do you have a "home" made package? If so can
you give me some pointers? I wouldn't mind writing an application for
this purpose in php and making it publicly (OSS) available, however I
am a bit in the dark as to how to get php to talk to openssl back-
end, SECURELY...

Anyway, any help will be really appreciated and I will make all my
findings available, including the paper as it progresses and when it
is done.

Thanks a lot already

//Flosse
http://blog.2blocksaway.com

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------





--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
Previous By Date Next
Previous By Thread Next

Current thread: