PKI Documentation

Dogtag Certificate System (DCS) is a complete open source implementation of an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments.

Overview

The DCS has six highly-configurable subsystems, which provide flexibility in designing the PKI. The six subsystems that comprise DCS are as follows:

• Certificate Authority
• Key Recovery Authority
• OCSP Manager
• Registration Authority
• Token Key Service
• Token Processing System

Use and Deployment

Dogtag Documentation

• Release Notes
• Frequently Asked Questions
• Architecture
• Quick Start
• Installation Guide
• Command-Line Interface
• Manual Pages

Red Hat Documentation

• Red Hat Documentation

Quick Links

• Fedora Directory Server
• Fortitude
• Coolkey
• Windows Certificate Auto Enrollment
• Netscape Portable Runtime (NSPR)
• Network Security Services (NSS)
• Network Security Services for Java (JSS)

Howtos

Software Developers

Building and Installing

• PKI Development
• Public Key Infrastructure with Dogtag (German)

Known Issues

• PKI Known Issues: Problems and Solutions

Design Docs

• PKI Design
• PKI Features
• Dogtag Future Directions

How To Docs

• How Tos

Data Storage

• A Fedora Directory Server is used for data storage by the CA, DRM, OCSP, TKS, and TPS subsystems.
• An SQLite database is used for data storage by the RA subsystem.

RFCs

Some relevant Request For Comments (RFC)s that Dogtag Certificate System supports include:

• RFC 2560 - X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
• RFC 3280 - Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
• RFC 4211 - Internet X.509 Certificate Request Message Format (CRMF)