John, Thanks. Had a quick look at the project. Seems nice and will dig deep. <div class="gmail_quote">On Thu, Sep 27, 2012 at 7:03 PM, John Dennis <<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a>> wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="HOEnZb"><div class="h5">On 09/27/2012 04:24 AM, pki tech wrote: <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> Hi all, Im planning to go for a Large scale CA implementation with Current DogTag release 9.0 on Fedora 15. But the main worry that i have is the Fedora Support Cycle, which makes an doubt on the security of the Systems at the long run. Are there anyone who has successfully deployed a complete CA, OCSP and RA based solution on CentOS platform? If so I can continue my implementations with CentOS. What I found while googling was there are package issues while deploying DogTag over CentOS. Although the main site says DogTag 9.0 is tested for up to only Fedora 15, I found rpms for the subsystems pki-ca, pki-ocsp and pki-ra in other Fedora repositories for example Fedora 16. So will it be possible to have a stable PKI infrastructure over Fedora 16 with DogTag 9.0 (DogTag 10 is still in alpha stage) In the meantime I'm locally testing all the functionalities of DogTag 9.0 over Fedora 16 and CentOS. Will update as I progress. </blockquote> </div></div> The IPA project (<a href="http://www.freeipa.org" target="_blank">www.freeipa.org</a>) uses dogtag as a core component of it's infrastructure. On Fedora IPA is known as freeipa and on RHEL (CentOS is a RHEL clone) it's known as just ipa. IPA is a critical component of many new deployments (RHEL, Fedora, and hopefully soon others) and since dogtag heavily is used by IPA you can be assured it's getting a lot attention and will run well on our targeted distributions (especially RHEL and it's derivatives). I'm not sure what you plan to use dogtag for, but IPA may give a much friendlier way to access the functionality found in dogtag, as well as a host of other features. The packaging issues you refer to are likely solved now largely because when IPA started making heavy use of dogtag a few years ago those issues percolated to the top and were addressed. The dogtag and IPA teams work very closely together and are constantly refining both products, you shouldn't worry in this regard. HTH, John -- John Dennis <<a href="mailto:jdennis@redhat.com" target="_blank">jdennis@redhat.com</a>> Looking to carve out IT costs? <a href="http://www.redhat.com/carveoutcosts/" target="_blank">www.redhat.com/carveoutcosts/</a> </blockquote></div>