[security-devroom] [Talk/Demo Submission] Dogtag Certificate System (open source PKI)

Kashyap Chamarthy kashyap.cv at gmail.com
Sat Feb 4 16:05:41 CET 2012

2011/11/18 Kashyap Chamarthy <kashyap.cv at gmail.com>:
> On Fri, Nov 18, 2011 at 1:13 AM, Бранко Мајић <branko at majic.rs> wrote:
>> Hello Kashyap,
>> I look forward to hearing some more about Dogtag system, especially
>> from the system-administrator perspective. What I'd be interested as
>> well would be possibility of interoperability between EJBCA and Dogtag
>> (since I'm planning on extending my cookbook at some point).
> Branko,
> Sure, we can try out. I haven't tried EJBCA yet, would be interesting
> to see how they play together.
>> Deploying Dogtag on a non-Fedora/RHEL/CentOS system would also be an
>> interesting thing to see.
>> Best regards :)
>> P.S.
>> Any chance of setting-up some kind of LiveCD with Dogtag on top of it
>> for handing out to people - or even downloadable image would do?
> That's a neat idea.  I'll spin up a live-iso(mostly Fedora-16 based)
> w/ dogtag pki and will put it out on web. Will respond here once I'm
> done.
> (My travel is not yet confirmed.)
> --
> /kashyap
>> Дана Wed, 16 Nov 2011 21:29:57 +0530
>> Kashyap Chamarthy <kashyap.cv at gmail.com> написа:
>>> Heya,
>>> Here is my talk/demo submission for "Hardware Security and
>>> Cryptography" room  at Fosdem.  I also added it to the below wiki (I'd
>>> prefer to do a demo if time permits)
>>> http://www.opensc-project.org/opensc/wiki/FOSDEM2012
>>> Abstract for 'Dogtag Certificate System':
>>> --------------------------------------------------
>>> This talk gives a brief overview of Dogtag Certificate System, an
>>> open-source and open-standards based scalable PKI(public-key
>>> infrastructure) solution. It lets you manage digital certificate life
>>> cycle -- common operations like certificate issuance, revocation,
>>> retrieval, renewal, manage Certificate Revocation Lists, certificate
>>> status checking using OCSP, key archival/recovery.
>>> The talk also provides a deployment overview of different configurable
>>> subsystems like CA(Certificate Authority) -- this is the core part of
>>> certificate system which handles basic certificate management
>>> operations. Other subsystems include DRM(data recovery manager) --
>>> which is used for 'key' archival and recovery; OCSP(online certificate
>>> status protocol) -- for checking whether a certificate is valid.
>>> RA(Registration Authority) -- for locally generating and submitting
>>> certificate requests(and validate them) effectively reducing load on
>>> CA. There are couple of other subsystems for token management
>>> (TKS/TPS)
>>> Demonstration:
>>> -------------------
>>> If possible, I'd also prefer to show a quick demo of configuring
>>> different subsystems like CA, KRA(Key Recovery Archival), OCSP,
>>> RA(Registration Authority) using virtual machines on my laptop with
>>> the current upstream dogtag pki . This would hopefully be useful for
>>> sys. admins trying to deploy an enterprise class PKI. (I'd be using
>>> some test scripts[2], but, I may use slightly updated scripts at that
>>> time of demo.)

Hi, for those interested, slides and some examples scripts for
instance creation - I've posted here:


>> --
>> Branko Majic
>> Jabber: branko at majic.rs
>> Please use only Free formats when sending attachments to me.
>> Бранко Мајић
>> Џабер: branko at majic.rs
>> Молим вас да додатке шаљете искључиво у слободним форматима.
>> _______________________________________________
>> Security-devroom mailing list
>> Security-devroom at lists.fosdem.org
>> http://lists.fosdem.org/mailman/listinfo/security-devroom

More information about the Security-devroom mailing list