Certification server

We have linux and windows in our environment. Its kind of mix environment.

What is the best way to implement a certification server in our environment.

I was thinking if i have solution from linux side like open ssl.
Please give me suggestions.
ittechlabLinux SupportAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dave HoweSoftware and Hardware EngineerCommented:
I am assuming you mean a CA.

If you have it (by which I mean you have a windows server such as Win2003 or Win2008), then the Enterprise CA from windows is probably easier - it comes bundled with windows servers, so there is no additional cost involved, and many auto-enrollment solutions assume you will be using it.

On linux, the best available CA is OpenCA - packages are available for most major distros.

If you don't need a full featured CA (but just want to issue a handful of certificates) then XCA is often simplest. It is also useful if the certificates and keys you have need converting to (say) PEM for use with linux servers.
0
btanExec ConsultantCommented:
this is setting up PKI per se that should consists of:
1) a separate certificate (also known as a public key) and private key for the server and each client, (of course that can include the SSL certificate) and
2) a master Certificate Authority (CA) certificate and key which is used to sign each of the server and client certificates. (i believe this is what you are looking at also)

In the setting up steps and use case of openvpn, "easy-rsa" is suggested to achieve the above. understand that you may not be looking at vpn but may be good to check out below for the possibilities.
https://openvpn.net/index.php/open-source/documentation/howto.html#pki

Note that on top of the PKI setup, transfer of the generated key to client and server can be manual as depicted above article, The other (preferable) means is to have the client generate its own private key locally, and then submit a Certificate Signing Request (CSR) to the key-signing machine. In turn, the key-signing machine could have processed the CSR and returned a signed certificate to the client.

Other CA can have web console to request and submit as well like the MS windows CA, there is nice (but lengthy) article on the design consideration using MS PKI.
http://blogs.technet.com/b/askds/archive/2009/09/01/designing-and-implementing-a-pki-part-i-design-and-planning.aspx

It would be able to have linux client and server having the certificate req generated from openssl and submit to MS Window standalone or Enterprise CA. http://blogx.co.uk/ViewItem.asp?Entry=813
And if you already have MS SCCM, then the step to deploy to linux or UNix machine is stated  http://technet.microsoft.com/en-us/library/jj573947.aspx

Of course the MS CA is not freely available compared to openssl and the earlier candidate from the openvpn package

Finally OpenSSL is worth considering as you suggested
http://www.linux.com/community/blogs/133-general-linux/742528-pki-implementation-for-the-linux-admin

In the Windows Server world, this is quite easy using their PKI Services Manager. If you are anything like me you cringe at the thought of Windows Servers! In the Linux world there is TinyCA, but it depends on a graphical environment. I am sort of a minimalist, so a Desktop GUI on my servers is just not going to work for me. Under this dilemma I decided to use OpenSSL which has all the necessary functions built within it. However, these commands are long and difficult to remember and I hate having to look up syntax or notes every time I want to perform a task.

Here is where my bash script comes in. Using whiptail to add a decent interface while keeping everything within one script I included functions that:

    Manages multiple domains
    Creates a Root Certificate for each domain
    Unlimited subdomains
    Certificate revocation
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.