Flock has ended
Back To Schedule
Sunday, August 11 • 11:00am - 11:50am
PKI Made Easy: Managing Certificates With Dogtag

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Dogtag is the community upstream project for the Red Hat Certificate System, an enterprise Public Key Infrastructure (PKI) implementation used by the largest PKI deployments in the world. Dogtag encompasses the full lifecycle of certificate management: certificate issuance, publishing and revocation, generation of CRLS and OCSP responses, key escrow, and smart token management. Its also used for certificate management in FreeIPA.
In the latest version of Dogtag, a new RESTful interface has been added, leveraging the RESTEasy framework. This new API makes it simple to install and write clients to interact with Dogtag servers to perform certificate operations.
In addition, the Data Recovery Manager (DRM), the Dogtag subsystem that is used to securely escrow private data encryption keys, was enhanced to be able to store secrets of any type - such as symmetric keys (like data encryption keys) and passwords. This ability is also exposed through REST resources. There is an active collaboration with CloudKeep to use the DRM as the backend storage for a cloud-wide secret storing server.
In this talk, we'll introduce Dogtag, describe the interface and show how to write Java and Python clients. We'll also talk about current integration efforts (FreeIPA and CloudKeep), and future plans for expanding the REST API.

avatar for Ade Lee

Ade Lee

Principal Software Engineer, Red Hat Project Lead - Dogtag Certificate System, Red Hat
Ade works for Red Hat, and has been involved in Dogtag development (and its integration into FreeIPA) for a number of years now. Most recently, he has worked to integrate Dogtag and FreeIPA with Openstack, becoming a core contributor to the Barbican project.

Sunday August 11, 2013 11:00am - 11:50am EDT
ECTR 112

Attendees (0)