Fedora CA Project

Brett Lentz wakko666 at gmail.com
Tue Mar 25 23:38:05 UTC 2008

On Tue, 2008-03-25 at 18:04 -0500, Dennis Gilmore wrote:
> Products to be evaluated:
> http://pki.fedoraproject.org/wiki/PKI_Main_Page  
> https://www.openca.org/
> http://ejbca.sourceforge.net/
> Something custom

> So this is a brief overview of whats needed.  Im going to open the floor for a 
> week for open discussion on how we should best do this.
> Dennis

My vote is for EJBCA. It's very easy to use, and has fairly low
administrative requirements. It's very easy to delegate capabilities.

It's main dependencies are JBoss and Java, and uses OJDBC to connect to
any SQL database. It's also capable of interacting with LDAP, if need

It has built-in support for the usual alphabet soup of PKI services such
as OCSP, SCEP, CMP, and auto-generates CRLs.

If this is the route we go, I'm also happy to help set up an EJBCA

I also have experience with OpenCA and want to explicitly vote _against_
it. It's a pain to set up and use, and development as basically
stagnated. (last release was 0.9.3-rc1 on Oct 2006, with RPMs for FC4)


Many hands make light work.
		-- John Heywood

More information about the infrastructure mailing list