User Tools

Site Tools


sig:sysadmin:projects:project0

ACM PKI

Project Member(s)

*Project Not Yet Picked Up*

Purpose

A private in-house certificate authority allows for the use of SSL between internal servers without the need of purchasing certificates from a public CA. Managing this CA and the resulting certificates, however, provides some problems. Such as: updating certificates when they have expired, deploying new cert versions cleanly, publishing a Certificate Revocation List for your CA, and simply keeping track of them all. While one or more custom CAs currently exists, for the wifi and VPNs for example, they are managed manually and are not centralized. This project is meant to solve this problem and improve the ACM inferstructure making it more robust and allowing for easy and clean creation, deployment, and revocation.

Software looked at so far

Foreman/Puppet

  • Foreman can provision, install, and manage bare metal and VM machines
  • Foreman also helps with network related services
  • Foreman is built on top of puppet, which handles configuration management, validation, and enforcement
  • Puppet by default configures an internal Puppet CA and has CA management functionality

XCA

  • Application runs locally, but works on a database file that can be securely shared
  • May not have built in CRL mechanism
  • Minimal setup required, knowledge of CA concepts required

GnoMint

  • Hasn't been explored well

EJBCA

  • Web interface
  • Very large application
  • Built-in CRL publishing
  • Significant inferstucture setup required

Concepts

  • PKI (Public Key Infrastructure)
  • CA (Certificate Authority)
  • CRL (Certificate Revokation List) Publishing/Client Updates

Resources

Progress

*Fill in when updates to document*

sig/sysadmin/projects/project0.txt · Last modified: 2021/05/02 21:36 (external edit)