Certification Authority Systems on Linux

Are the any Certification Authority or PKI Systems based on Linux out there?
I would prefer something that could be easily used with openVPN. I know a openVPN server comes with a CA, but I was thinking something alternative. My problem is that I want the client to create they'r keypairs by they'r own, and nobody having to distribute them in any way. I would offcourse also want the certificate of the client to be authorized by the CA, so that it can be used.

I am also looking for a automatic way to do all this. When creating the clients key pairs, there are many questions asked. The answers should be put in a configuration file and automatically read, or something like that.
LVL 2
itniflAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NopiusCommented:
Hi.

Try to use TinyCA (http://tinyca.sm-zone.net/). It requires some additional Perl modules to be installed (or even GTK libraries and some others), but once it is up and running your certificates issuing/signature efforts will be minimal.

P.S. I'm using this GUI on CentOS 5.4, though it was not easy to make it running.

Regards,
Arty
0
itniflAuthor Commented:
I guess I still have to manually distribute the certificates to the clients? I also have to have the clients key pairs to create they'r certificates?
0
NopiusCommented:
> I guess I still have to manually distribute the certificates to the clients?

Yes. There is no server in TinyCA.

> I also have to have the clients key pairs to create they'r certificates?

I don't understad how clients key pairs are related to certificates? Please clarify.

You may generate new key pair and new certificate request and sign it in TinyCA, then distribute it to client.
Or you may take existing client's public key, sign it and send it back to the client.

Anyway there are no server, you are right. But GUI for standalone CA.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

NopiusCommented:
I just found one Java based: http://odyssipki.sourceforge.net/
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NopiusCommented:
Here is another one, but it seems there is no server there.

http://xca.hohnstaedt.de/?page_id=11

0
itniflAuthor Commented:
> I don't understad how clients key pairs are related to certificates? Please clarify.
I think you clarified it. I had unprecise knowledge, the public key of the client should be enough.

I was looking for something that was more automatic. Something so that the generation and signing of keys and certificates would happen more automatic for the client.
0
itniflAuthor Commented:
Yes, this looks pretty good (http://odyssipki.sourceforge.net/index.html), a full-fledged PKI would propably give me the service I could get I assume?
0
NopiusCommented:
Yes, it seems to be pretty good, but it's development had stopped in 2006 on revision 0.1

Just try it if it works good stay there...
0
NopiusCommented:
This one seems to be more active/supported http://www.ejbca.eu/adminguide.html
0
itniflAuthor Commented:
Thanks! Great! :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.