Actually I am looking for a simple software with command line interface
to operate a CA, sub-CA then client and server certs, that is eventually
capable of publishing into the web public certs and crl / policies.
If I can't find a package around openssl, I will probably end up using
direct openssl commands ..., but I need something to publish CA
certificate and CRL on a web page .
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026&a=3290 was very good
at that, but it dates now from 2005, I'am afraid it won't be updated .
Here's a list of opensource pki software I run into with my comment (#)
http://ejbca.sourceforge.net/ #complex and no tomcat (jboss etc ...)
http://pki.openca.org/ #complex
http://www.opentrust.com/index.php?lang=en #licence ...
http://www.newpki.org/ # Last update December 14, 2005
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026&a=3290 #What I use
but dates 2005-10-22
http://tinyca.sm-zone.net/ #Last update 2006, perhaps too much gui ? gtk !
http://www.pyca.de/ # Last update 29-Apr-2003
http://www.vpnc.org/SimpleCA/ #no date !?
http://xca.sourceforge.net/ #Last update 2007
http://www.cymc.online.fr/openwebpki/ #windows only
http://sourceforge.net/projects/phpki/ #perhaps too gui (web) , no-way
to use direct cli !? no fully tested yet ...
other list http://middleware.internet2.edu/hepki-tag/opensrc.html
If you have others ? let me know, thanks .
Mounir IDRASSI a écrit :
Hi,
You can have a look at PHPki (http://sourceforge.net/projects/phpki) :
it's has the advantage of publishing a CRL and certificates on a web
pages, plus enrollment and revocation pages. It's based on PHP and it
invokes the openssl utility with conf files created on the fly for each
operation.
I have been using it for a year now and it was easy to modify it to
accommodate my own requirements (like supporting SHA1 instead of the
default MD5 and adding new templates). I hope it can be useful for you
as it is for me.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
jehan procaccia wrote:
Good initiative I'll give it a try ...
although I am looking for "intermediate" size PKI free software,
I am a bit confused with large scale software like openca or ejbca ,
too complex :-(
I used to operate my pki with a perl-openssl package from
http://devel.it.su.se/pub/jsp/polopoly.jsp?d=1026&a=3290
but it dates from 2005 without evolution ...
Now that I am about to re-create a new root, I'am looking for a new
software very close to openssl with command line interface, but still
able to publish crl and certs on a web page .
any advice ?
Regards .
Richard Salz a écrit :
>From my blog, at
https://www.ibm.com/developerworks/mydeveloperworks/blogs/soma/entry/a_pki_in_a_web_page10
I'm making available my small set of web pages and Perl script that
implement a self-service PKI built around OpenSSL. The Perl script
and config are under 250 lines and the couple of web pages involved
are under 200 lines; there's also a couple of screen shots to guide
someone through installing a cert on Microsoft Windows. It's all in
the public domain. Enjoy.
--
STSM, DataPower CTO
WebSphere Appliance Architect
http://www.ibm.com/software/integration/datapower/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
