PKI Certificate Authority (CA) appliance

Looking to deploy a CA application and need some recommendations / link to documentation (preferrably an appliance).  Ideally, the application would be easy to administrate and troubleshoot.  Trying to stay with a unix OS, but willing to entertain other OS'.

Thanks in advance,
PeredaAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Come to mind is openCA (https://pki.openca.org/), that is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. OR using the software libraries such as openssl (http://novosial.org/openssl/).

But above are software and not always running in harden box most of the time, you likely to look at dedicated appliance that passed CC EAL 4 above and with crypto chip certified FIPS140-2 (or mostly known as Hardware Security Module (HSM) - an harden h/w storing crypto keys).

On the PKI environment, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. Also in the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

May want to explore http://www.securemetric.com/PKI-in-a-Box.php or http://pkiappliance.strongauth.com/
Other - http://www.primekey.se/Products/EJBCA+PKI/PKI+Appliance/
0
 
PeredaAuthor Commented:
Thank you. The comment gave a direction in which to focus. I think both were strong possibilities, though I chose to go with the the more cost effective solution of MS AD with an additional role of CA.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.