Re: Local CA on Gentoo

Re: Local CA on Gentoo

Hi,

IMHO EJBCA (http://www.ejbca.org) from the kind people at PrimeKey is
a very good open source CA solution. It is used in many large,
professional and certified/audited environments worldwide.

Regards,

Ewald

Op 10 feb. 2012 om 02:04 heeft "Vinícius Ferrão"
<viniciusferrao <at> cc.if.ufrj.br> het volgende geschreven:

> Hi peeps,
>
> I would like to know if someone successfully implemented a Local CA to sign services and servers using
Gentoo or other Linux.
>
> I'm currently in a Mixed Environment (we have: Windows 2008R2, OS X Lion, Linux and FreeBSD), and I really
want a single solution, since I need certs for my servers, as example: a Postfix Mail Gateway, a W2k8 Domain
Controller, Exchange Server, Mac OS X Time Machine Server, etc.
>
> Thanks in advance,
> Vinícius

Re: Local CA on Gentoo

I did, but it is far from trivial to do right....
And even then the mess in certificate fields and the non-standard way
all kinds of implementations are done over various services sometimes
drives me insane.....

Anyway, if your needs are fairly simple (1-2 level CA + signing
certificates) I can definitly recommend xca:
http://xca.sourceforge.net/

I has reasonable documentation and a nice GUI. It also produces well
defined certificates and most importantly has the ability to revoke
certificates that you have issued...

If you stick it's database into a VCS you can share the work.

/Ramon

2012/2/10 Vinícius Ferrão <viniciusferrao <at> cc.if.ufrj.br>:
> Hi peeps,
>
> I would like to know if someone successfully implemented a Local CA to sign services and servers using
Gentoo or other Linux.
>
> I'm currently in a Mixed Environment (we have: Windows 2008R2, OS X Lion, Linux and FreeBSD), and I really
want a single solution, since I need certs for my servers, as example: a Postfix Mail Gateway, a W2k8 Domain
Controller, Exchange Server, Mac OS X Time Machine Server, etc.
>
> Thanks in advance,
> Vinícius