/pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.

Primary LanguageJavaGNU General Public License v2.0GPL-2.0

Dogtag PKI

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.

The Dogtag PKI suite provides the following subsystems:

Documentation

The best place to start learning about the product is the Dogtag PKI Wiki.

Installing

Fedora

To install the whole Dogtag PKI suite:

$ sudo dnf install dogtag-pki

To install specific subsystems only:

$ sudo dnf install dogtag-pki-ca dogtag-pki-kra

To install the theme package:

$ sudo dnf install dogtag-pki-theme

Deploying

After successful installation of the packages, follow the below steps to deploy intended subsystems:

For other types of deployments (Sub-CA, Clones, HSMs, etc) please see the Installation Guide.

Building

Fedora/CentOS/RHEL

Prerequisites

$ sudo dnf install dnf-plugins-core rpm-build git

# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
$ sudo dnf copr -y enable @pki/master

$ sudo dnf builddep -y --spec pki.spec

Build Procedure

After successfully installing the prerequisites, the project can be built with a one-line command:

$ ./build.sh rpm

The built RPMS will be placed in ~/build/pki/ directory.

See also Building PKI.

Testing

Test Status
SonarCloud Quality Gate Status
CA CA Tests
KRA KRA Tests
OCSP OCSP Tests
TKS TKS Tests
TPS TPS Tests
ACME ACME Tests
Python Python Tests
Tools Python Tests
IPA IPA Tests

Contributing

There are multiple ways for you to be part of this project. Please see CONTRIBUTING to learn more.

Contact Us

See Contact Us.

License

GPL-2.0 License