Fedora CA Project
wakko666 at gmail.com
Tue Mar 25 23:38:05 UTC 2008
On Tue, 2008-03-25 at 18:04 -0500, Dennis Gilmore wrote:
> Products to be evaluated:
> Something custom
> So this is a brief overview of whats needed. Im going to open the floor for a
> week for open discussion on how we should best do this.
My vote is for EJBCA. It's very easy to use, and has fairly low
administrative requirements. It's very easy to delegate capabilities.
It's main dependencies are JBoss and Java, and uses OJDBC to connect to
any SQL database. It's also capable of interacting with LDAP, if need
It has built-in support for the usual alphabet soup of PKI services such
as OCSP, SCEP, CMP, and auto-generates CRLs.
If this is the route we go, I'm also happy to help set up an EJBCA
I also have experience with OpenCA and want to explicitly vote _against_
it. It's a pain to set up and use, and development as basically
stagnated. (last release was 0.9.3-rc1 on Oct 2006, with RPMs for FC4)
Many hands make light work.
-- John Heywood
More information about the infrastructure