Solved

PKI Certificate Authority (CA) appliance

Posted on 2014-10-01
2
530 Views
Last Modified: 2014-10-26
Looking to deploy a CA application and need some recommendations / link to documentation (preferrably an appliance).  Ideally, the application would be easy to administrate and troubleshoot.  Trying to stay with a unix OS, but willing to entertain other OS'.

Thanks in advance,
0
Comment
Question by:Pereda
2 Comments
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 40356127
Come to mind is openCA (https://pki.openca.org/), that is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. OR using the software libraries such as openssl (http://novosial.org/openssl/).

But above are software and not always running in harden box most of the time, you likely to look at dedicated appliance that passed CC EAL 4 above and with crypto chip certified FIPS140-2 (or mostly known as Hardware Security Module (HSM) - an harden h/w storing crypto keys).

On the PKI environment, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. Also in the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

May want to explore http://www.securemetric.com/PKI-in-a-Box.php or http://pkiappliance.strongauth.com/
Other - http://www.primekey.se/Products/EJBCA+PKI/PKI+Appliance/
0
 

Author Closing Comment

by:Pereda
ID: 40404845
Thank you. The comment gave a direction in which to focus. I think both were strong possibilities, though I chose to go with the the more cost effective solution of MS AD with an additional role of CA.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now