The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more.
There are 6 different subsystems included in the Dogtag PKI suite:
- Certificate Authority (CA) subsystem
- Key Recovery Authority (KRA) subsystem
- Online Certificate Status Protocol (OCSP) subsystem
- Token Key Service (TKS) subsystem
- Token Processing System (TPS) subsystem
- ACME Responder
The best place to start learning about the product is the Dogtag PKI Wiki
To install the whole Dogtag PKI suite:
sudo dnf install dogtag-pkiTo install individual subsystems:
sudo dnf install pki-ca pki-kra pki-ocsp pki-tks pki-tpsTo install web UI theme packages:
sudo dnf install dogtag-pki-server-theme dogtag-pki-console-themeAfter successful installation of the packages, follow the below steps to deploy intended subsystems:
For other types of deployments (Sub-CA, Clones, HSMs, etc) please see under docs/installation
sudo dnf install dnf-plugins-core rpm-build git
# NOTE: Use the intendended branch name instead of "master" to pull right dependency version
sudo dnf copr enable @pki/master
sudo dnf builddep pki.specAfter successfully installing the prerequisites, the project can be built with a one-line command:
./build.shThe built RPMS will be placed in ~/build/pki/ directory.
See also Building PKI
There are multiple ways for you to be part of this project. Please see CONTRIBUTING to learn more.
You can reach the Dogtag PKI team over the #dogtag-pki channel on freenode.net. Note that you need to be a registered user to message on this channel. You can also send an email to pki-users@redhat.com.
See also Contact Us