[security-devroom] [Talk/Demo Submission] Dogtag Certificate System (open source PKI)

Kashyap Chamarthy kashyap.cv at gmail.com
Wed Nov 16 16:59:57 CET 2011


Here is my talk/demo submission for "Hardware Security and
Cryptography" room  at Fosdem.  I also added it to the below wiki (I'd
prefer to do a demo if time permits)


Abstract for 'Dogtag Certificate System':
This talk gives a brief overview of Dogtag Certificate System, an
open-source and open-standards based scalable PKI(public-key
infrastructure) solution. It lets you manage digital certificate life
cycle -- common operations like certificate issuance, revocation,
retrieval, renewal, manage Certificate Revocation Lists, certificate
status checking using OCSP, key archival/recovery.

The talk also provides a deployment overview of different configurable
subsystems like CA(Certificate Authority) -- this is the core part of
certificate system which handles basic certificate management
operations. Other subsystems include DRM(data recovery manager) --
which is used for 'key' archival and recovery; OCSP(online certificate
status protocol) -- for checking whether a certificate is valid.
RA(Registration Authority) -- for locally generating and submitting
certificate requests(and validate them) effectively reducing load on
CA. There are couple of other subsystems for token management

If possible, I'd also prefer to show a quick demo of configuring
different subsystems like CA, KRA(Key Recovery Archival), OCSP,
RA(Registration Authority) using virtual machines on my laptop with
the current upstream dogtag pki . This would hopefully be useful for
sys. admins trying to deploy an enterprise class PKI. (I'd be using
some test scripts[2], but, I may use slightly updated scripts at that
time of demo.)

I'm Kashyap Chamarthy, a test engineer at Red Hat. I help test open
source Identity and Security(PKI) technologies[2][3]. I also test and
deploy a lot of  upstream Linux(KVM based) virtualization as part of
my lab infrastructure.

Looking ahead to learn some finer details about open-source crypto at
FOSDEM and meet some cool folks.

[1] http://kashyapc.fedorapeople.org/dogtag-pki/
[2] http://pki.fedoraproject.org
[3] http://freeipa.org

More information about the Security-devroom mailing list