Skip to content
/ pki Public

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

License

Notifications You must be signed in to change notification settings

dogtagpki/pki

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Dogtag PKI

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.

There are 6 different subsystems included in the Dogtag PKI suite:

  1. Certificate Authority (CA) subsystem
  2. Key Recovery Authority (KRA) subsystem
  3. Online Certificate Status Protocol (OCSP) subsystem
  4. Token Key Service (TKS) subsystem
  5. Token Processing System (TPS) subsystem
  6. ACME Responder

Documentation

The best place to start learning about the product is the Dogtag PKI Wiki

Installing

Fedora

To install the whole Dogtag PKI suite:

sudo dnf install dogtag-pki

To install individual subsystems:

sudo dnf install pki-ca pki-kra pki-ocsp pki-tks pki-tps

To install web UI theme packages:

sudo dnf install dogtag-pki-server-theme dogtag-pki-console-theme

Deploying

After successful installation of the packages, follow the below steps to deploy intended subsystems:

For other types of deployments (Sub-CA, Clones, HSMs, etc) please see under docs/installation

Building

Fedora/CentOS/RHEL

Prerequisites

sudo dnf install dnf-plugins-core rpm-build git

# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
sudo dnf copr enable @pki/10.13

sudo dnf builddep pki.spec

Build Procedure

After successfully installing the prerequisites, the project can be built with a one-line command:

./build.sh

The built RPMS will be placed in ~/build/pki/ directory.

See also Building PKI

Testing

Test Status
CA CA Tests
KRA KRA Tests
OCSP OCSP Tests
TKS TKS Tests
TPS TPS Tests
ACME ACME Tests
Python Python Tests
Tools Python Tests
QE QE Tests
IPA IPA Tests

Contributing

There are multiple ways for you to be part of this project. Please see CONTRIBUTING to learn more.

Contact Us

See Contact Us.

License

GPL-2.0 License