Hi all, Can anybody inform me wether the "RedHat Certificate System" or actually a CentOS equivalent is available for CentOS. Just skimmed on a download site through the RPM's for 5.3 and I couldn't find it. According to their pressrelease, it the code should be gpl, allthough I can't find any rpm for RH, FC or Centos. It seems that this is one of the few CA-packages for large scale deployment of certificates. Only alternative AFAIK is OpenCA, which seems to be hardly maintained... ( binaries on their site are old, and source code yields lots of errors during build..) Defensie/CDC/IVENT/Research en Innovation Centrum Ing J. (Hans) Witvliet Systeembeheer, CAcert-assurer T 0174-539053 mailto:j.witvliet at mindef.nl Coldenhovelaan 1, 3155RC Maasland, kamer A109 ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20090424/f74f5ade/attachment-0002.html>
J.Witvliet at MINDEF.NL schrieb:> > Hi all, > > Can anybody inform me wether the "RedHat Certificate System" or > actually a CentOS equivalent is available for CentOS. > Just skimmed on a download site through the RPM's for 5.3 and I > couldn't find it. > According to their pressrelease, it the code should be gpl, allthough > I can't find any rpm for RH, FC or Centos. > > It seems that this is one of the few CA-packages for large scale > deployment of certificates. > Only alternative AFAIK is OpenCA, which seems to be hardly maintained? > ( binaries on their site are old, and source code yields lots of > errors during build..) >You can try ejbca (.sf.net). In CA-land, few stuff is plug- and play. Rainer
Quoting J.Witvliet at MINDEF.NL:> Hi all, > > Can anybody inform me wether the "RedHat Certificate System" or > actually a CentOS equivalent is available for CentOS. > Just skimmed on a download site through the RPM's for 5.3 and I couldn't > find it. > According to their pressrelease, it the code should be gpl, allthough I > can't find any rpm for RH, FC or Centos. > > It seems that this is one of the few CA-packages for large scale > deployment of certificates. > Only alternative AFAIK is OpenCA, which seems to be hardly maintained... > ( binaries on their site are old, and source code yields lots of errors > during build..)The Fedora version of RHCS is called Dogtag <http://pki.fedoraproject.org/wiki/PKI_Main_Page> You might have to modify/rebuild their SRPMS. Barry
-----Original Message----- From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On Behalf Of Barry Brimer Sent: Friday, April 24, 2009 5:44 PM To: CentOS mailing list Subject: Re: [CentOS] Certificate system Quoting J.Witvliet at MINDEF.NL:> Hi all, > > Can anybody inform me wether the "RedHat Certificate System" or > actually a CentOS equivalent is available for CentOS. > Just skimmed on a download site through the RPM's for 5.3 and I > couldn't find it. > According to their pressrelease, it the code should be gpl, allthough > I can't find any rpm for RH, FC or Centos. > > It seems that this is one of the few CA-packages for large scale > deployment of certificates. > Only alternative AFAIK is OpenCA, which seems to be hardlymaintained...> ( binaries on their site are old, and source code yields lots of > errors during build..)The Fedora version of RHCS is called Dogtag <http://pki.fedoraproject.org/wiki/PKI_Main_Page> You might have to modify/rebuild their SRPMS. Yes, i came across dogtag. However i got the impression it was something in the same category like tinyca or pyca. Perhaps it is based on the code of RHCS, and all documentation is just some wiki pages. Bit different from the docu from RHCS-7.3 (Their admin guide is over 600 pages) I was asked to make a proposal for an (large) opensource CA/RA/ocsp/.... If selected, i make them order an official package with support from RH. But i would like to have some hands-on experience before, and not get all my information from paper. OpenCA has also quite some nice docu (but doesn't live up to it), and used to be included in some distro's. So, ejbca seems to be more appropiate than dogtag (if i can't get RHCS) hw ______________________________________________________________________ Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten. This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
On Fri, 2009-04-24 at 17:22 +0200, J.Witvliet at MINDEF.NL wrote:> Hi all, > > Can anybody inform me wether the "RedHat Certificate System" or > actually a CentOS equivalent is available for CentOS. > Just skimmed on a download site through the RPM's for 5.3 and I > couldn't find it. > According to their pressrelease, it the code should be gpl, allthough > I can't find any rpm for RH, FC or Centos. > > It seems that this is one of the few CA-packages for large scale > deployment of certificates. > Only alternative AFAIK is OpenCA, which seems to be hardly > maintained? > ( binaries on their site are old, and source code yields lots of > errors during build..)Build? Why build? Check out TinyCA2, for which you can find rpms in rpmforge... -I