How to create a (complete) certification authority for P2P system

Question

I need a to create a certification authority server for a P2P system, aka, I need a system that:

Receives requests for certificates
Create certificates from the requests
Provide certificates as asked

All this must be done through APIs, so it can be automated. Is there any system that does this? I have been oriented OpenCA but the whole thing is so poorly documented that it fells almost like dark magic. EJBCA would be an option? Or maybe easy-rsa? Any suggestion is welcome.

score 0 · Answer 1 · answered Oct 27 '21 at 14:26

0

EJBCA can certainly do that. There are a number of APIs to choose from. From a proprietary REST API to standardized EST or CMP to name a few. I'm biased here, so it is clear that there are other implementations suitable as well. Did you look at DogTag or Smallstep? A benefit of using a standardized protocol is that in many cases you can switch out the CA without affecting your application at all.

answered Oct 27 '21 at 14:26

primetomas

524
2
5

"DogTag or Smallstep" --> I didn't but I will! Thanks! – Joao Pedro Lourenco Affonso Oct 27 '21 at 16:24

How to create a (complete) certification authority for P2P system

1 Answers1