Dogtag Certificate System

Summary

Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA) supporting all aspects of certificate lifecycle management including key archival, OCSP and smartcard management.

Owner

• Name: Scott Haines
• email: shaines AT redhat DOT com

Current status

• Targeted release: Fedora 13
• Last updated: 01-22-2010
• Percentage of completion: 98%

Detailed Description

Details can be found here.

Benefit to Fedora

All new feature. Full featured open source PKI comprised of 6 major subsystems (25 packages):

• Certificate Authority (CA)
• Data Recovery Manager (DRM)
• OCSP Manager (OCSP)
• Registration Authority (RA)
• Token Key Service (TKS)
• Token Processing System (TPS)

Package List:

• tomcatjss
• osutil (x86, x86_64, ppc, ppc64)
• pki-symkey (x86, x86_64, ppc, ppc64)
• pki-native-tools (x86, x86_64, ppc, ppc64)
• pki-util
  • pki-util-javadoc
• pki-java-tools
  • pki-java-tools-javadoc
• pki-selinux
• pki-setup
• dogtag-pki-common-ui
• pki-common
  • pki-common-javadoc
• pki-silent
• dogtag-pki-ca-ui
• pki-ca
• dogtag-pki-kra-ui
• pki-kra
• dogtag-pki-ocsp-ui
• pki-ocsp
• dogtag-pki-tks-ui
• pki-tks
• dogtag-pki-ra-ui
• pki-ra
• dogtag-pki-tps-ui
• pki-tps (x86, x86_64, ppc, ppc64)
  • pki-tps-devel
• dogtag-pki-console-ui
• pki-console

Scope

• Code complete. Awaiting Package Review on three remaining packages.
• FIXME: state which packages still need reviews

How To Test

FIXME section is incomplete

Hardware Requirements

System Prep

Testing

Expected Results

User Experience

FIXME

Dependencies

BuildRequires

Build-time packages already included in Fedora:

• ant
• apr-devel
• apr-util-devel
• cyrus-sasl-devel
• httpd-devel >= 2.2.3
• idm-console-framework
• java-devel >= 1:1.6.0
• jpackage-utils
• jss >= 4.2.6
• ldapjdk
• m4
• make
• mozldap-devel
• nspr-devel >= 4.6.99
• nss-devel >= 3.12.3.99
• pcre-devel
• pkgconfig
• policycoreutils
• selinux-policy-devel
• svrcore-devel
• tomcat5
• velocity
• xalan-j2
• xerces-j2
• zlib
• zlib-devel

Build-time Dogtag packages new to Fedora:

• osutil
• pki-common
• pki-symkey
• pki-util
• tomcatjss

Requires

Runtime packages already included in Fedora:

• idm-console-framework
• java >= 1:1.6.0
• jpackage-utils
• jss >= 4.2.6
• ldapjdk
• mod_nss >= 1.0.7
• mod_perl
• mod_perl >= 1.99_16
• mozldap
• mozldap >= 6.0.2
• mozldap-tools
• nss >= 3.12.3.99
• nss-tools >= 3.12.3.99
• perl-DBD-SQLite
• perl-DBI
• perl-HTML-Parser
• perl-HTML-Tagset
• perl-Parse-RecDescent
• perl-URI
• perl-XML-NamespaceSupport
• perl-XML-Parser
• perl-XML-Simple
• policycoreutils
• selinux-policy-targeted
• sendmail
• sqlite
• tomcat5
• velocity
• xalan-j2
• xerces-j2

Runtime Dogtag packages new to Fedora:

• osutil
• pki-ca-ui
• pki-common
• pki-common-ui
• pki-console-ui
• pki-java-tools
• pki-kra-ui
• pki-native-tools
• pki-ocsp-ui
• pki-ra-ui
• pki-selinux
• pki-setup
• pki-silent
• pki-symkey
• pki-tks-ui
• pki-tps-ui
• pki-util
• tomcatjss

Top-level Dogtag packages new to Fedora:

• pki-ca
• pki-console
• pki-kra
• pki-ocsp
• pki-ra
• pki-tks
• pki-tps

Dogtag Subpackages new to Fedora:

• osutil-debuginfo
• pki-common-javadoc
• pki-java-tools-javadoc
• pki-native-tools-debuginfo
• pki-symkey-debuginfo
• pki-tps-debuginfo
• pki-tps-devel
• pki-util-javadoc

Contingency Plan

In it's current state, Dogtag will work.<--FIXME: this is unclear... revert to previous working version?

Documentation

• Documentation can be found here.

Release Notes

• Release Notes can be found here.

Comments and Discussion

• See Talk:Features/DogtagCertificateSystem