Certification Authority Systems on Linux

Are the any Certification Authority or PKI Systems based on Linux out there?
I would prefer something that could be easily used with openVPN. I know a openVPN server comes with a CA, but I was thinking something alternative. My problem is that I want the client to create they'r keypairs by they'r own, and nobody having to distribute them in any way. I would offcourse also want the certificate of the client to be authorized by the CA, so that it can be used.

I am also looking for a automatic way to do all this. When creating the clients key pairs, there are many questions asked. The answers should be put in a configuration file and automatically read, or something like that.
LVL 2
itniflAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
NopiusConnect With a Mentor Commented:
I just found one Java based: http://odyssipki.sourceforge.net/
0
 
NopiusCommented:
Hi.

Try to use TinyCA (http://tinyca.sm-zone.net/). It requires some additional Perl modules to be installed (or even GTK libraries and some others), but once it is up and running your certificates issuing/signature efforts will be minimal.

P.S. I'm using this GUI on CentOS 5.4, though it was not easy to make it running.

Regards,
Arty
0
 
itniflAuthor Commented:
I guess I still have to manually distribute the certificates to the clients? I also have to have the clients key pairs to create they'r certificates?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
NopiusCommented:
> I guess I still have to manually distribute the certificates to the clients?

Yes. There is no server in TinyCA.

> I also have to have the clients key pairs to create they'r certificates?

I don't understad how clients key pairs are related to certificates? Please clarify.

You may generate new key pair and new certificate request and sign it in TinyCA, then distribute it to client.
Or you may take existing client's public key, sign it and send it back to the client.

Anyway there are no server, you are right. But GUI for standalone CA.
0
 
NopiusCommented:
Here is another one, but it seems there is no server there.

http://xca.hohnstaedt.de/?page_id=11

0
 
itniflAuthor Commented:
> I don't understad how clients key pairs are related to certificates? Please clarify.
I think you clarified it. I had unprecise knowledge, the public key of the client should be enough.

I was looking for something that was more automatic. Something so that the generation and signing of keys and certificates would happen more automatic for the client.
0
 
itniflAuthor Commented:
Yes, this looks pretty good (http://odyssipki.sourceforge.net/index.html), a full-fledged PKI would propably give me the service I could get I assume?
0
 
NopiusCommented:
Yes, it seems to be pretty good, but it's development had stopped in 2006 on revision 0.1

Just try it if it works good stay there...
0
 
NopiusConnect With a Mentor Commented:
This one seems to be more active/supported http://www.ejbca.eu/adminguide.html
0
 
itniflAuthor Commented:
Thanks! Great! :)
0
All Courses

From novice to tech pro — start learning today.