Solved

PKI Certificate Authority (CA) appliance

Posted on 2014-10-01
2
661 Views
Last Modified: 2014-10-26
Looking to deploy a CA application and need some recommendations / link to documentation (preferrably an appliance).  Ideally, the application would be easy to administrate and troubleshoot.  Trying to stay with a unix OS, but willing to entertain other OS'.

Thanks in advance,
0
Comment
Question by:Pereda
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 64

Accepted Solution

by:
btan earned 500 total points
ID: 40356127
Come to mind is openCA (https://pki.openca.org/), that is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. OR using the software libraries such as openssl (http://novosial.org/openssl/).

But above are software and not always running in harden box most of the time, you likely to look at dedicated appliance that passed CC EAL 4 above and with crypto chip certified FIPS140-2 (or mostly known as Hardware Security Module (HSM) - an harden h/w storing crypto keys).

On the PKI environment, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. Also in the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

May want to explore http://www.securemetric.com/PKI-in-a-Box.php or http://pkiappliance.strongauth.com/
Other - http://www.primekey.se/Products/EJBCA+PKI/PKI+Appliance/
0
 

Author Closing Comment

by:Pereda
ID: 40404845
Thank you. The comment gave a direction in which to focus. I think both were strong possibilities, though I chose to go with the the more cost effective solution of MS AD with an additional role of CA.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…
Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question