[Pki-users] DogTag CS for CentOS or later Fedora Versions

John Dennis jdennis at redhat.com
Thu Sep 27 13:33:26 UTC 2012 

On 09/27/2012 04:24 AM, pki tech wrote:
> Hi all,
>
> Im planning to go for a Large scale CA implementation with Current
> DogTag release 9.0 on Fedora 15. But the main worry that i have is the
> Fedora Support Cycle, which makes an doubt on the security of the
> Systems at the long run.
>
> Are there anyone who has successfully deployed a complete CA, OCSP and
> RA based solution on CentOS platform? If so I can continue my
> implementations with CentOS. What I found while googling was there are
> package issues while deploying DogTag over CentOS.
>
> Although the main site says DogTag 9.0 is tested for up to only Fedora
> 15, I found rpms for the subsystems pki-ca, pki-ocsp and pki-ra in other
> Fedora repositories for example Fedora 16. So will it be possible to
> have a stable PKI infrastructure over Fedora 16 with DogTag 9.0 (DogTag
> 10 is still in alpha stage)
>
> In the meantime I'm locally testing all the functionalities of DogTag
> 9.0 over Fedora 16 and CentOS. Will update as I progress.

The IPA project (www.freeipa.org) uses dogtag as a core component of 
it's infrastructure. On Fedora IPA is known as freeipa and on RHEL 
(CentOS is a RHEL clone) it's known as just ipa. IPA is a critical 
component of many new deployments (RHEL, Fedora, and hopefully soon 
others) and since dogtag heavily is used by IPA you can be assured it's 
getting a lot attention and will run well on our targeted distributions 
(especially RHEL and it's derivatives).

I'm not sure what you plan to use dogtag for, but IPA may give a much 
friendlier way to access the functionality found in dogtag, as well as a 
host of other features.

The packaging issues you refer to are likely solved now largely because 
when IPA started making heavy use of dogtag a few years ago those issues 
percolated to the top and were addressed. The dogtag and IPA teams work 
very closely together and are constantly refining both products, you 
shouldn't worry in this regard.

HTH,

John



-- 
John Dennis <jdennis at redhat.com>

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/

More information about the Pki-users mailing list