Awesome Open Source
Awesome Open Source

Dogtag PKI

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.

There are 6 different subsystems included in the Dogtag PKI suite:

  1. Certificate Authority (CA) subsystem
  2. Key Recovery Authority (KRA) subsystem
  3. Online Certificate Status Protocol (OCSP) subsystem
  4. Token Key Service (TKS) subsystem
  5. Token Processing System (TPS) subsystem
  6. ACME Responder

Documentation

The best place to start learning about the product is the Dogtag PKI Wiki

Installing

Fedora

To install the whole Dogtag PKI suite:

sudo dnf install dogtag-pki

To install individual subsystems:

sudo dnf install pki-ca pki-kra pki-ocsp pki-tks pki-tps

To install web UI theme packages:

sudo dnf install dogtag-pki-server-theme dogtag-pki-console-theme

Deploying

After successful installation of the packages, follow the below steps to deploy intended subsystems:

For other types of deployments (Sub-CA, Clones, HSMs, etc) please see under docs/installation

Building

Fedora/CentOS/RHEL

Prerequisites

sudo dnf install dnf-plugins-core rpm-build git

# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
sudo dnf copr enable @pki/master

sudo dnf builddep pki.spec

Build Procedure

After successfully installing the prerequisites, the project can be built with a one-line command:

./build.sh

The built RPMS will be placed in ~/build/pki/ directory.

See also Building PKI

Testing

Test Status
CA CA Tests
KRA KRA Tests
OCSP OCSP Tests
TKS TKS Tests
TPS TPS Tests
ACME ACME Tests
Python Python Tests
Tools Python Tests
QE QE Tests
IPA IPA Tests

Contributing

There are multiple ways for you to be part of this project. Please see CONTRIBUTING to learn more.

Contact

You can reach the Dogtag PKI team over the #dogtag-pki channel on freenode.net. Note that you need to be a registered user to message on this channel. You can also send an email to [email protected].

See also Contact Us

License

GPL-2.0 License


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
shell (10,290
ssl (195
certificate (97
acme (52
pki (30
certificate-authority (20
certificate-transparency (17