The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.
The Dogtag PKI suite provides the following subsystems:
- Certificate Authority (CA)
- Key Recovery Authority (KRA)
- Online Certificate Status Protocol (OCSP) Responder
- Token Key Service (TKS)
- Token Processing System (TPS)
- Automatic Certificate Management Environment (ACME) Responder
The best place to start learning about the product is the Dogtag PKI Wiki.
To install the whole Dogtag PKI suite:
$ sudo dnf install dogtag-pkiTo install specific subsystems only:
$ sudo dnf install dogtag-pki-ca dogtag-pki-kraTo install the theme package:
$ sudo dnf install dogtag-pki-themeAfter successful installation of the packages, follow the below steps to deploy intended subsystems:
For other types of deployments (Sub-CA, Clones, HSMs, etc) please see the Installation Guide.
$ sudo dnf install dnf-plugins-core rpm-build git
# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
$ sudo dnf copr -y enable @pki/master
$ sudo dnf builddep -y --spec pki.specAfter successfully installing the prerequisites, the project can be built with a one-line command:
$ ./build.sh rpmThe built RPMS will be placed in ~/build/pki/ directory.
See also Building PKI.
| Test | Status |
|---|---|
| SonarCloud | |
| CA Tests |  |
| CA Tests 2 |  |
| CA Clone Tests |  |
| SubCA Tests |  |
| KRA Tests |  |
| OCSP Tests |  |
| TKS Tests |  |
| TPS Tests |  |
| ACME Tests |  |
| EST Tests |  |
| Server Tests |  |
| Python Tests |  |
| Tools Tests |  |
| IPA Tests |  |
There are multiple ways for you to be part of this project. Please see CONTRIBUTING to learn more.
See Contact Us.
