[security-devroom] [Talk/Demo Submission] Dogtag Certificate System (open source PKI)

Бранко Мајић branko at majic.rs
Thu Nov 17 20:43:44 CET 2011


Hello Kashyap,

I look forward to hearing some more about Dogtag system, especially
from the system-administrator perspective. What I'd be interested as
well would be possibility of interoperability between EJBCA and Dogtag
(since I'm planning on extending my cookbook at some point).

Deploying Dogtag on a non-Fedora/RHEL/CentOS system would also be an
interesting thing to see.

Best regards :)

P.S.
Any chance of setting-up some kind of LiveCD with Dogtag on top of it
for handing out to people - or even downloadable image would do?

Дана Wed, 16 Nov 2011 21:29:57 +0530
Kashyap Chamarthy <kashyap.cv at gmail.com> написа:

> Heya,
> 
> Here is my talk/demo submission for "Hardware Security and
> Cryptography" room  at Fosdem.  I also added it to the below wiki (I'd
> prefer to do a demo if time permits)
> 
> http://www.opensc-project.org/opensc/wiki/FOSDEM2012
> 
> 
> 
> Abstract for 'Dogtag Certificate System':
> --------------------------------------------------
> This talk gives a brief overview of Dogtag Certificate System, an
> open-source and open-standards based scalable PKI(public-key
> infrastructure) solution. It lets you manage digital certificate life
> cycle -- common operations like certificate issuance, revocation,
> retrieval, renewal, manage Certificate Revocation Lists, certificate
> status checking using OCSP, key archival/recovery.
> 
> The talk also provides a deployment overview of different configurable
> subsystems like CA(Certificate Authority) -- this is the core part of
> certificate system which handles basic certificate management
> operations. Other subsystems include DRM(data recovery manager) --
> which is used for 'key' archival and recovery; OCSP(online certificate
> status protocol) -- for checking whether a certificate is valid.
> RA(Registration Authority) -- for locally generating and submitting
> certificate requests(and validate them) effectively reducing load on
> CA. There are couple of other subsystems for token management
> (TKS/TPS)
> 
> 
> Demonstration:
> -------------------
> If possible, I'd also prefer to show a quick demo of configuring
> different subsystems like CA, KRA(Key Recovery Archival), OCSP,
> RA(Registration Authority) using virtual machines on my laptop with
> the current upstream dogtag pki . This would hopefully be useful for
> sys. admins trying to deploy an enterprise class PKI. (I'd be using
> some test scripts[2], but, I may use slightly updated scripts at that
> time of demo.)
> 



-- 
Branko Majic
Jabber: branko at majic.rs
Please use only Free formats when sending attachments to me.

Бранко Мајић
Џабер: branko at majic.rs
Молим вас да додатке шаљете искључиво у слободним форматима.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <https://lists.fosdem.org/pipermail/security-devroom/attachments/20111117/9a6c54f3/attachment.pgp>


More information about the Security-devroom mailing list