Security Basics mailing list archives
Re: openssl.. web based certificate management
From: "Saqib Ali" <docbook.xml () gmail com>
Date: Wed, 22 Nov 2006 14:45:54 -0500
Hi Florian, Certificate management is a serious business. I am not sure why a small org which can't afford a commercial CA suite would even want to manage their certificates. If the organization doesn't have a proper "Certificate Policy" and "Certification Practice Statement" in place the Verisign won't even sign the root cert of the organization. For Smaller organizations Managed PKI with enTrust, Verisign or RSA is the way to go. I wouldn't recommend any small Org to install their own web based PKI management suite. Maybe that is why there isn't any OSS project for this.... :-) saqib http://www.full-disk-encryption.net On 11/21/06, Florian Rommel <frommel () gmail com> wrote:
Hi list, I have been googling for a while now and I haven't found an answer to this so I am writing this here, sorry if it is completely off-topic. As some of you have read I am writing a rather long(ish) paper/ tutorial/intro/guide to Certificate management for small organizations (here is the brief: http://blog.2blocksaway.com/ 2006/11/02/the-openssl-for-everything-project-brief/ ). Which basically guides the reader thru the simple steps of building a CA and how to implement certificates into the various applications etc. etc. etc. (btw, whoever wants to help writing or shoot me pointers to the non and covered subjects already, please I like constructive criticism..) . Anyway, I have the 4 first chapters done and now come to the streamlining the process part. Here is the problem I would like to introduce and help the user/reader to get a web-based certificate management ready, which should run on apache and should be free (OSS). I have checked phpki but a) their documentation is, well, bad (and i am being nice) and somehow it gives the impression that it is meant for email certificates only. My question, does anyone know any other free (OSS) project or software of the kind. Or do you have a "home" made package? If so can you give me some pointers? I wouldn't mind writing an application for this purpose in php and making it publicly (OSS) available, however I am a bit in the dark as to how to get php to talk to openssl back- end, SECURELY... Anyway, any help will be really appreciated and I will make all my findings available, including the paper as it progresses and when it is done. Thanks a lot already //Flosse http://blog.2blocksaway.com --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
-- Saqib Ali, CISSP, ISSAP http://www.full-disk-encryption.net
Current thread:
- openssl.. web based certificate management Florian Rommel (Nov 22)
- Re: openssl.. web based certificate management Saqib Ali (Nov 23)