On 09/27/2012 04:24 AM, pki tech wrote:
Hi all,
Im planning to go for a Large scale CA implementation with Current
DogTag release 9.0 on Fedora 15. But the main worry that i have is the
Fedora Support Cycle, which makes an doubt on the security of the
Systems at the long run.
Are there anyone who has successfully deployed a complete CA, OCSP and
RA based solution on CentOS platform? If so I can continue my
implementations with CentOS. What I found while googling was there are
package issues while deploying DogTag over CentOS.
Although the main site says DogTag 9.0 is tested for up to only Fedora
15, I found rpms for the subsystems pki-ca, pki-ocsp and pki-ra in other
Fedora repositories for example Fedora 16. So will it be possible to
have a stable PKI infrastructure over Fedora 16 with DogTag 9.0 (DogTag
10 is still in alpha stage)
In the meantime I'm locally testing all the functionalities of DogTag
9.0 over Fedora 16 and CentOS. Will update as I progress.
The IPA project (
www.freeipa.org) uses dogtag as a core component of
it's infrastructure. On Fedora IPA is known as freeipa and on RHEL
(CentOS is a RHEL clone) it's known as just ipa. IPA is a critical
component of many new deployments (RHEL, Fedora, and hopefully soon
others) and since dogtag heavily is used by IPA you can be assured it's
getting a lot attention and will run well on our targeted distributions
(especially RHEL and it's derivatives).
I'm not sure what you plan to use dogtag for, but IPA may give a much
friendlier way to access the functionality found in dogtag, as well as a
host of other features.
The packaging issues you refer to are likely solved now largely because
when IPA started making heavy use of dogtag a few years ago those issues
percolated to the top and were addressed. The dogtag and IPA teams work
very closely together and are constantly refining both products, you
shouldn't worry in this regard.
HTH,
John
--
John Dennis <jdennis(a)redhat.com>
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/