John,
Thanks. Had a quick look at the project. Seems nice and will dig deep.
On Thu, Sep 27, 2012 at 7:03 PM, John Dennis <jdennis(a)redhat.com> wrote:
On 09/27/2012 04:24 AM, pki tech wrote:
> Hi all,
>
> Im planning to go for a Large scale CA implementation with Current
> DogTag release 9.0 on Fedora 15. But the main worry that i have is the
> Fedora Support Cycle, which makes an doubt on the security of the
> Systems at the long run.
>
> Are there anyone who has successfully deployed a complete CA, OCSP and
> RA based solution on CentOS platform? If so I can continue my
> implementations with CentOS. What I found while googling was there are
> package issues while deploying DogTag over CentOS.
>
> Although the main site says DogTag 9.0 is tested for up to only Fedora
> 15, I found rpms for the subsystems pki-ca, pki-ocsp and pki-ra in other
> Fedora repositories for example Fedora 16. So will it be possible to
> have a stable PKI infrastructure over Fedora 16 with DogTag 9.0 (DogTag
> 10 is still in alpha stage)
>
> In the meantime I'm locally testing all the functionalities of DogTag
> 9.0 over Fedora 16 and CentOS. Will update as I progress.
>
The IPA project (
www.freeipa.org) uses dogtag as a core component of it's
infrastructure. On Fedora IPA is known as freeipa and on RHEL (CentOS is a
RHEL clone) it's known as just ipa. IPA is a critical component of many new
deployments (RHEL, Fedora, and hopefully soon others) and since dogtag
heavily is used by IPA you can be assured it's getting a lot attention and
will run well on our targeted distributions (especially RHEL and it's
derivatives).
I'm not sure what you plan to use dogtag for, but IPA may give a much
friendlier way to access the functionality found in dogtag, as well as a
host of other features.
The packaging issues you refer to are likely solved now largely because
when IPA started making heavy use of dogtag a few years ago those issues
percolated to the top and were addressed. The dogtag and IPA teams work
very closely together and are constantly refining both products, you
shouldn't worry in this regard.
HTH,
John
--
John Dennis <jdennis(a)redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/