Re: Open Source CA / PKI

["Dante Signal31" <dante.signal31 () gmail com>]

2008/8/17 Jon Kibler <Jon.Kibler () aset com>:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings,
>
> I am looking at deploying an open source CA/PKI for a client. It would
> be only for internal users and systems. It would have to manage a few
> hundred certificates against the organization's self-signed root cert.
> It would be installed on a CentOS 5.x platform.
>
> I have looked at OpenCA and Dogtag. Any other packages I should look at?
>
> Does anyone have any opinions as to the pros and cons of either of these
> packages or thoughts/comments/experience with other similar packages?
>
> I would especially be interested in your experience with building /
> installing the package and your opinion of the documentation available.
>
> TIA for your help!
>
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC  USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkin1F4ACgkQUVxQRc85QlOORQCdHOeIdpowTPtnEm2WEf3Lnk9f
> hEYAmwTZPJSJMcD0mpsao8ZcKToyN8Hj
> =+0lt
> -----END PGP SIGNATURE-----
>
>
>
>
> ==================================================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.



If you like J2EE for customization you should try EJBCA
(http://ejbca.sourceforge.net/). It is a complete CA/PKI built in
J2EE, we tried it at job and it was quite complete and well
documented.

Dante