We are currently running Unix dedicated servers for everything (Web cluster, database, FTP, batch, ...) except for a Microsoft Active Directory Certificate Services. The sole purpose of this Windows box is to provide client side certificates to our clients browsers. All our clients are required to install a client side certificate on order for them to be able to access our website. Is there an alternative in the Unix space? The purpose is to make sure only the approved hardware of an approved client can access our website. I'm open for any solution that provides me with this level of security. We are however talking about thousands of certified computers just so you can factor that in in a proposed solution. Optionally we would also like to be able to revoke access.
Asked
Active
Viewed 220 times
1 Answers
0
Though I have not used it specifically for client certificate enrollment, you might investigate a Fedora project named Dogtag Certificate System. (list of features)
It's been well-established project used by higher ed frequently for PKI and certificate management.
Jeff Stice-Hall
- 349
- 2
- 5