Setting up a PKI Environment using OpenSSL
Newbie User
n3wbie001 at gmail.com
Tue Mar 28 14:25:16 UTC 2023
Hello Mark,
I am familiar with the setup of these in MS PKI environment, so thought to
explore the same in OpenSSL. There are also other vendors like OpenTrust,
EJBCA however the first choice for lab setup is OpenSSL to explore the
Swiss Knife (As they call it).
Regards
On Tue, Mar 28, 2023 at 7:33 PM Dmitry Belyavsky <beldmit at gmail.com> wrote:
> Hello,
>
> On Tue, Mar 28, 2023 at 4:01 PM Mark Hack <markhack at markhack.com> wrote:
> >
> > You are asking for a full blown PKI and rolling your own is less than
> prudent for a complex area with a lot of security and availability
> implications.
> >
> > Look at http://www.openxpki.org/
>
> Or easyRSA
>
> > On Tue, 2023-03-28 at 19:14 +0530, Newbie User wrote:
> >
> > Hello All,
> >
> > I would like to explore OpenSSL more by setting up a PKI environment to
> test. Please let me know relevant resources that would be helpful in
> setting up a:
> >
> > 1) Root CA
> > 2) Sub-ordinate CA
> > 3) Clustering of CA for load balancing
> > 4) Managing the internal DB (if any) by OpenSSL or recommended to use as
> we need to cleanup MS DBs for CA
> > 5) Setting up Policy Servers, 3 tier CA hierarchy
> > 6) Setting up network devices enrollment servers, OCSP servers the way
> we have in MS PKI
> > 7) Web Enrollment Servers, CRL Servers setup
> > 8) Cross forest enrollment, publishing certificate templates
> >
> > There are many resources available but need to know the right ones to
> save time as per experience of other people. Please let me know if you have
> some tested links to setup these topics as mentioned above
> >
> > Regards
>
>
>
> --
> SY, Dmitry Belyavsky
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230328/fca134fc/attachment-0001.htm>
More information about the openssl-users
mailing list