Reputation: 57
Alternative for openSSL
I have academical project to build communicator with Public Key Infrastructure. For communication between server and clients I'll use SSL/TLS and I need for them certificates. I have to build Certificate Authority with CRL and I can do this with openSSL but this tool is only good for manual administrative not for making certificates automatically in remote CA.
To be clear: Clients must register and login to communicator using certificates but it should be made invisible for them. I've tried running openSSL as process in Java but it's not working properly - my previous problem.
Have you any good advice for making simple PKI?
Upvotes: 0
Views: 2074
Answers (2)
Reputation: 156
A replacement for simple operations of OpenSSL, would be Bouncy castle. To have better CA support you should also use the EJBCA. To create certificates automatically in the client (I assume you use a client web browser) is a bit trickier. Some browser can generate private client keys and then get them signed by the CA server. Generating client side certificates in browser and signing on server In that case, I would also use the EJBCA to make it manageable.
Upvotes: 1
Reputation: 94038
You can use and extend EJBCA. It takes some getting used to but it has support for some HSM's, and it should not be hard to create a small PKI with it. Open source.
Upvotes: 2
Related Questions
- Is there an OpenSSL for windows?
- RSA public key encryption openssl
- Openssl library equivalent of java KeyPairGenerator
- How to create a CA with openssl *with minimal power*
- OpenSSL analogue for Java
- OpenSSL version 0.96d or later
- Alternative to PKI digital signature
- Are there any published extensions to PKCS#12?
- openssl ssl encryption
- openssl header ssl