Home

Awesome

Dogtag PKI

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.

The Dogtag PKI suite provides the following subsystems:

Documentation

The best place to start learning about the product is the Dogtag PKI Wiki.

Installing

Fedora

To install the whole Dogtag PKI suite:

$ sudo dnf install dogtag-pki

To install specific subsystems only:

$ sudo dnf install dogtag-pki-ca dogtag-pki-kra

To install the theme package:

$ sudo dnf install dogtag-pki-theme

Deploying

After successful installation of the packages, follow the below steps to deploy intended subsystems:

For other types of deployments (Sub-CA, Clones, HSMs, etc) please see the Installation Guide.

Building

Fedora/CentOS/RHEL

Prerequisites

$ sudo dnf install dnf-plugins-core rpm-build git

# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
$ sudo dnf copr -y enable @pki/master

$ sudo dnf builddep -y --spec pki.spec

Build Procedure

After successfully installing the prerequisites, the project can be built with a one-line command:

$ ./build.sh rpm

The built RPMS will be placed in ~/build/pki/ directory.

See also Building PKI.

Testing

TestStatus
SonarCloudQuality Gate Status
CA TestsCA Tests
CA Tests 2CA Tests 2
CA Clone TestsCA Clone Tests
SubCA TestsSubCA Tests
KRA TestsKRA Tests
OCSP TestsOCSP Tests
TKS TestsTKS Tests
TPS TestsTPS Tests
ACME TestsACME Tests
EST TestsEST Tests
Server TestsServer Tests
Python TestsPython Tests
Tools TestsTools Tests
IPA TestsIPA Tests

Contributing

There are multiple ways for you to be part of this project. Please see CONTRIBUTING to learn more.

Contact Us

See Contact Us.

License

GPL-2.0 License