Solved

PKI Certificate Authority (CA) appliance

Posted on 2014-10-01
2
617 Views
Last Modified: 2014-10-26
Looking to deploy a CA application and need some recommendations / link to documentation (preferrably an appliance).  Ideally, the application would be easy to administrate and troubleshoot.  Trying to stay with a unix OS, but willing to entertain other OS'.

Thanks in advance,
0
Comment
Question by:Pereda
2 Comments
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40356127
Come to mind is openCA (https://pki.openca.org/), that is a full fledge PKI suite, which includes an OCSP server to immediately revoke certificates. It also has a PKI Resource Protocol server. OR using the software libraries such as openssl (http://novosial.org/openssl/).

But above are software and not always running in harden box most of the time, you likely to look at dedicated appliance that passed CC EAL 4 above and with crypto chip certified FIPS140-2 (or mostly known as Hardware Security Module (HSM) - an harden h/w storing crypto keys).

On the PKI environment, the HSMs may be used by certification authorities (CAs) and registration authorities (RAs) to generate, store, and handle key pairs. Also in the PKI environment, the device performance is much less important in both online and offline operations as Registration Authority procedures represent the performance bottleneck of the Infrastructure.

May want to explore http://www.securemetric.com/PKI-in-a-Box.php or http://pkiappliance.strongauth.com/
Other - http://www.primekey.se/Products/EJBCA+PKI/PKI+Appliance/
0
 

Author Closing Comment

by:Pereda
ID: 40404845
Thank you. The comment gave a direction in which to focus. I think both were strong possibilities, though I chose to go with the the more cost effective solution of MS AD with an additional role of CA.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've all had that page pop up telling us there is a problem with the certificate and some of us continue on anyways and others run away to a safer competing site.  But what to do when you get the error - is it your problem or theirs?  What can you …
Convert websphere application server default chained Certificates from 1024 to 2048 keysize or higher size and also you can change signatureAlgorithm . Please make sure Websphere Application Server fixpack 7.0.0.23 or Above. The following steps a…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question