Dogtag PKI

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.

The Dogtag PKI suite provides the following subsystems:

Documentation

The best place to start learning about the product is the Dogtag PKI Wiki.

Installing

Fedora

To install the whole Dogtag PKI suite:

$ sudo dnf install dogtag-pki

To install specific subsystems only:

$ sudo dnf install dogtag-pki-ca dogtag-pki-kra

To install the theme package:

$ sudo dnf install dogtag-pki-theme

Deploying

After successful installation of the packages, follow the below steps to deploy intended subsystems:

For other types of deployments (Sub-CA, Clones, HSMs, etc) please see the Installation Guide.

Building

Fedora/CentOS/RHEL

Prerequisites

$ sudo dnf install dnf-plugins-core rpm-build git

# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
$ sudo dnf copr -y enable @pki/master

$ sudo dnf builddep -y --spec pki.spec

Build Procedure

After successfully installing the prerequisites, the project can be built with a one-line command:

$ ./build.sh rpm

The built RPMS will be placed in ~/build/pki/ directory.

Testing

| Test | Status | | -------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | SonarCloud | | | CA Tests | | | CA Tests 2 | | | CA Clone Tests | | | SubCA Tests | | | KRA Tests | | | OCSP Tests | | | TKS Tests | | | TPS Tests | | | ACME Tests | | | EST Tests | | | Server Tests | | | Python Tests | | | Tools Tests | | | IPA Tests | |