Open Source CA / PKI


I am looking at deploying an open source CA/PKI for a client. It would
be only for internal users and systems. It would have to manage a few
hundred certificates against the organization's self-signed root cert.
It would be installed on a CentOS 5.x platform.

I have looked at OpenCA and Dogtag. Any other packages I should look at?

Does anyone have any opinions as to the pros and cons of either of these
packages or thoughts/comments/experience with other similar packages?

I would especially be interested in your experience with building /
installing the package and your opinion of the documentation available.

TIA for your help!

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

I've used pyca on debian, however it needs a few scripts to better
automate bits of key management, unfortunately I didn't get those
released by my former employer (although I'm sure I could arrange it).

It's really lightweight and for the few dozen certs was easy for the
sysadmins to self-manage.