Centos 7 - DogTag - PKI

Issues related to applications and software problems
Post Reply
Joe1989
Posts: 3
Joined: 2015/01/05 09:25:40

Centos 7 - DogTag - PKI

Post by Joe1989 » 2015/01/05 09:27:57

Hi there,

We have been looking for a replacement PKI system to replace out currently soloution, we therefore though Dogtag would be worth a look given its bundled with RedHat/Centos. However upon trying to configure following this WIKI:

https://fedoraproject.org/wiki/QA:Testc ... _Configure

subsystem_type "ca" is not available, Only the following appear to be installed:

-subsystem_type=<subsystem_type> # Subsystem type
# [ra | tps]

I wonder if i have a missing package or something?

Thanks

Joe.

aks
Posts: 2538
Joined: 2014/09/20 11:22:14

Re: Centos 7 - DogTag - PKI

Post by aks » 2015/01/05 19:29:18

Sometime back I tried to get dogtag up on CentOS 6 (I know this is 7, but 7 wasn't around at that time). I mandated that I wanted to install via a repo, rather than coinfigure from source (because of patches and the like). I tore my hair out (several times) and ended up installing on Fedora, because the dogtag thing was so far ahead (in terms of libaraies) than CentOS. I think there are some packages somewhere, but I seem to recall they where not up to date, nor where they maintained.

I suggest putting dogtag on a Fedora (or equivalent) machine - it's complex software that often requires libraries well beyond what's available from official repos.

orever
Posts: 10
Joined: 2005/11/03 19:44:29

Re: Centos 7 - DogTag - PKI

Post by orever » 2015/01/21 23:19:03

I've been working on this myself and currently the CentOS 7 packages are only for the "CA" component, mainly with the goal of supporting FreeIPA. The other components of Dogtag are not part of the C7 packages.

One issue I ran into is the web interface did not load correctly, and this required an additional theme package installed. This package is not part of C7, but the one from Fedora 19 works fine and does not conflict with anything (it's just some extra web files). The caveat is that you need to install the theme package prior to creating the PKI instance, so it will not fix an existing instance with a broken web interface.

Packages can be found here:
https://archives.fedoraproject.org/pub/ ... noarch.rpm
https://archives.fedoraproject.org/pub/ ... noarch.rpm

Post Reply