From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 16 12:37:54 2014
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DBE0D43C
 for <freebsd-questions@freebsd.org>; Sun, 16 Mar 2014 12:37:54 +0000 (UTC)
Received: from cerebro.liukuma.net (cerebro.liukuma.net
 [IPv6:2a00:d1e0:1000:1b00::2])
 by mx1.freebsd.org (Postfix) with ESMTP id 88A3824B
 for <freebsd-questions@freebsd.org>; Sun, 16 Mar 2014 12:37:54 +0000 (UTC)
Received: from cerebro.liukuma.net (localhost [127.0.0.1])
 by cerebro.liukuma.net (Postfix) with ESMTP id A74888A0123
 for <freebsd-questions@freebsd.org>; Sun, 16 Mar 2014 14:37:53 +0200 (EET)
DKIM-Filter: OpenDKIM Filter v2.8.3 cerebro.liukuma.net A74888A0123
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=liukuma.net;
 s=liukudkim; t=1394973473;
 bh=yKQfg+n+V06u0e+wayElVPZHhRIYgm77o03OR6mEopQ=;
 h=From:To:Subject:Date;
 b=r100e3lt32VWBAep9n/x3pUo8SxwnivY8QNhbQ4E7/L1lJOKGXUs89QQTcsTXbFRE
 JDxmy3/ncyO6fHSzzTcZg91YiIMmr4WYugQ1OuWdFFPECKd36ud9StdlUZcBPaXWE3
 se/h1hsCO/4jaNwd0YkvF3EdPCOZCpqWlRp1fm8I=
X-Virus-Scanned: amavisd-new at liukuma.net
Received: from cerebro.liukuma.net ([127.0.0.1])
 by cerebro.liukuma.net (cerebro.liukuma.net [127.0.0.1]) (amavisd-new,
 port 10026)
 with ESMTP id d9r5aC1zv_na for <freebsd-questions@freebsd.org>;
 Sun, 16 Mar 2014 14:37:52 +0200 (EET)
Received: from Rivendell (dsl-kmibrasgw1-54f8d4-179.dhcp.inet.fi
 [84.248.212.179]) (using TLSv1 with cipher AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 (Authenticated sender: ignatz@cerebro.liukuma.net)
 by cerebro.liukuma.net (Postfix) with ESMTPSA id 697058A0114
 for <freebsd-questions@freebsd.org>; Sun, 16 Mar 2014 14:37:52 +0200 (EET)
DKIM-Filter: OpenDKIM Filter v2.8.3 cerebro.liukuma.net 697058A0114
Message-ID: <07AB53E5C79B4D519054ED32967719C7@Rivendell>
From: "Reko Turja" <reko.turja@liukuma.net>
To: <freebsd-questions@freebsd.org>
Subject: CA and certificate management software choices?
Date: Sun, 16 Mar 2014 14:37:50 +0200
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="utf-8"; reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3555.308
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3555.308
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Mar 2014 12:37:54 -0000

Hello!

I've been looking around the web for a while trying to find something to
ease management of my certs. There is openxpki in the ports, but it seems to
be somewhat heavy for my needs. There are several PHP ones in sourceforge,
but they are more or less broken with recent PHP/Apache versions.

There is of course https://pki.openca.org/ but it isn't in the ports - does
anyone have experience running OpenCA suite on FreeBSD?

As free CA's usually need to be anyways imported into users trusted CA
stores, I'd like to keep my root CA separate, and leave the users the
decision to trust - or not to trust - the free CA's.

Any ideas/suggestions?

-Reko