Answer the question
In order to leave comments, you need to log in
I
I
IOV2015-11-09 00:31:26
IOV, 2015-11-09 00:31:26
What software is used to generate an ssl certificate?
Interested in OP for PKI deployment. Not openssl, I believe large CAs (Certification Authorities) clearly do not use it.
And what in general can be required for deployment? What are the requirements for servers and their characteristics? Perhaps someone studied or works in this area.
Thanks in advance for any information!
1 answer(s)
@nmk2002
N
Nikolai Korabelnikov, 2015-11-09 @nmk2002
For industrial use, I would recommend OpenTrust PKI or neXus Certificate Manger. For personal use or small installations, see retrust.me.
When choosing a PKI, there are a number of nuances. For example: what certificates do you plan to issue, what issuance scheme (centralized, decentralized), do you need SCEP support, do you need OCSP, do you need to issue certificates in accordance with GOST, are you planning to archive encryption keys, etc.
Technically, deployment is not so complicated. It is important to consider PKI use cases, architecture, develop policies and regulations, appoint "key custodians", hold a key ceremony...
Hardware requirements depend on the software. But in general, you may need:
- offline CA either in the form of a server or in the form of a flash drive (several flash drives)
- online CA - a virtual machine or a separate server
- HSM - for protecting keys
Trite, but I will mention that for everything you need to have a reserve for equipment.
And yes, I work in this area.
Similar questions
P
R
rinaz222021-03-25 20:26:25
Why is the site in the iframe loaded via http, although it costs https?
1Reply
A
A
A
anton13ms2019-09-18 12:56:45
How to configure openfire jabber server to work with encryption?
1Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question