From Dogtag

Overview

Welcome to the home page for the Dogtag Certificate System! We went live on March 19, 2008. Read the Red Hat announcement here, and Bob Lord's blog post here.

This site has everything you need to join the Dogtag community. Whether you are just looking for help and advice deploying and using Dogtag components, or you want to take a more active role and help shape the future of PKI, there are mailing lists and discussion channels for you to read or join.

The Dogtag Certificate System is an enterprise-class open source Certificate Authority (CA). It is a full-featured system, and has been hardened by real-world deployments. It supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management, and much more. The Dogtag Certificate System can be downloaded for free and set up in less than an hour.

Key Features

Dogtag is a collection of technologies that allow enterprises to deploy PKI on a large scale. It has features such as:

• Certificate issuance, revocation, and retrieval
• Certificate Revocation List (CRL) generation and publishing
• Certificate profiles
• Simple Certificate Enrollment Protocol (SCEP)
• Local Registration Authority (LRA) for organizational authentication and policies
• Encryption key archival and recovery
• Smartcard lifecycle management
  • Token profiles
  • Token enrollment, on-hold, key recovery, and format
  • Face-to-face enrollment with the security officer workstation interface
• Extensive documentation

For more, see the Features page.

Recent News

March 14, 2012:

The Dogtag team is pleased to announce the availability of an Alpha Release of the Dogtag 10.0 code for Fedora 16 and Fedora 17.

Although this new release is not yet available in Koji/Fedora, packages have been made available on the PKI Download page.

• See the Release Notes for more information

November 23, 2011:

It has been determined by our legal department that Dogtag no longer requires that a "Contributor License Agreement" be signed and filed prior to accepting code submittals for the Dogtag Certificate System!

October 28, 2011:

Dogtag is undergoing some exciting new changes which can be tracked on the top-level page entitled Dogtag.

As a part of this activity, the Dogtag trunk will be in flux, and so for the convenience of current Dogtag 9.0 users, we have created a source code branch entitled DOGTAG_9_BRANCH.

July 22, 2011:

We are pleased to announce the availability of both 32-bit and 64-bit versions of Dogtag Certificate System 9.0 for Fedora 15.

The new release is now included in the standard Fedora repositories allowing the packages to be installed on Fedora.

• See the Release Notes for more information

August 11, 2010:

The subversion source repositories that were originally hosted on 'pki.fedoraproject.org' have been moved to 'fedorahosted.org'.

Check-out details are documented at PKI Subversion Instructions (pki) and PKI Pre-Built Support Components (tomcatjss).

May 4, 2010:

We are pleased to announce the availability of both 32-bit and 64-bit versions of Dogtag Certificate System 1.3 for Fedora 11, Fedora 12 Fedora 13 and EPEL packages for RHEL 5.5.

The new release is now included in the standard EPEL and Fedora repositories allowing the packages to be installed on Fedora without configuring additional package repositories and on Red Hat Enterprise Linux systems that are configured to use the EPEL repositories.

• See the Release Notes for more information

August 26, 2009:

We are pleased to announce the availability of Dogtag Certificate System 1.2.0 for 32-bit and 64-bit versions of Fedora 11.

• See the Release Notes for more information

July 31, 2009:

We are pleased to announce the availability of Dogtag Certificate System 1.2.0. This release contains numerous bug fixes. It is available for Fedora 8, 9 and 10.

• See the Release Notes for more information

April 6, 2009:

We are pleased to announce the availability of Dogtag Certificate System 1.1.0. This release contains many new features and numerous bug fixes. It is available for Fedora 8, 9 and 10.

• See the Release Notes for more information

November 28, 2008:

The Dogtag Subversion Source Code Repository formerly consisted of a "pki/base/" directory which contained the PKI source code, and a "pki/linux/" directory which held all of the Dogtag-branding UI and PKI component build scripts. For reasons which were beyond our control when Dogtag was first released, suffice it to say that the benign name of "linux" was given to this branding directory. By fixing Bugzilla Bug#445402, this problem has been rectified, as the following changes were made to the Dogtag Subversion Source Code Repository:

• Subversion properties were applied to ALL shared files in the "config/" and "config-ext/" files (since this allows developers the ability to change one file and have those changes propogated to all other directories sharing this file).
• The directory called "pki/linux/" was renamed to "pki/dogtag/".
• All build scripts were renamed from "build_linux" to "build_dogtag".
• All UI packages were renamed from from "pki-<component>-ui" to "dogtag-pki-<component>-ui" which provides "pki-<component>-ui"; this does not alter any existing dependencies since upper-level components will still require "pki-<component>-ui". This affected the following eight packages:
  • pki-ca-ui --> dogtag-pki-ca-ui,
  • pki-common-ui --> dogtag-pki-common-ui,
  • pki-console-ui --> dogtag-pki-console-ui,
  • pki-kra-ui --> dogtag-pki-kra-ui,
  • pki-ocsp-ui --> dogtag-pki-ocsp-ui,
  • pki-ra-ui --> dogtag-pki-ra-ui,
  • pki-tks-ui --> dogtag-pki-tks-ui, and
  • pki-tps-ui --> dogtag-pki-tps-ui.
• The pki.fedoraproject.org Wiki and top-level pki/README file were updated to reflect these changes.

November 26, 2008:

It has recently been brought to the attention of the Dogtag developers that numerous users in the Dogtag community have encountered problems successfully running the TPS subsystem. On Fedora 8, we believe that we have isolated this issue as being related to normal Fedora 8 updates of the following two packages:

   NSS 3.11 --> NSS 3.12
   MOD_NSS 1.0.7-2 --> MOD_NSS 1.0.7-3 or later

Dogtag developers are currently working on a permanent fix for this issue. However, until such time, users wishing to run a TPS subsystem are urged to use the original Fedora 8 GOLD bits available via fedoraproject.org/en/get-fedora.

After this fresh install it is important not to apply any updates that affect either the nss or mod_nss packages.

As we believe a very similar problem exists on Fedora 9, we would urge users wishing to run a TPS subsystem install this component on the aforementioned Fedora 8 platform.

What Can You Do?

If you're a new user, check out the Users section. To run or deploy a Certificate System using pre-built components, see the following:

• PKI Installation Guide.

If you are interested in development, view the Developers section. To build a Certificate System, see the following:

• PKI Building Guide.

For information regarding exciting new directions for Dogtag (such as simplifying its ability to have many of its features embedded in other projects), see the following:

• Dogtag

Additional ideas for using Dogtag and participating in our community are in the following sections:

• How to contribute
• Roadmap
• Tech notes
• How tos
• Known Issues
• Wishlist

Community

Join our community and help shape the future of Dogtag! Here are some links to get you started:

• Ways to contribute
• Online documentation
• Mailing lists
• Online chat sites via IRC channels

Team, History, and Contributors

The Dogtag technology has roots that go back over 10 years. Here is some background:

• PKI Team, History, and Contributors

• Home
• Documentation
• FAQ
• Users
• Developers
• Download
• Bugs
• Recent changes

• What links here
• Related changes
• Special pages

• Log in