(CATOOL) CATool question (HA, MySql, enrollment, template, ...)

Mike McCauley mikem at open.com.au
Fri Mar 17 17:22:25 CST 2006 

Hello,

On Friday 17 March 2006 21:52, Palmira Miriam Pilia wrote:
> Hi,
> We are proposing an 802.1x platform to one of our customer. We wish to
> suggest a solution based on Radius Radiator and your CaTool PKI solution
> (at this moment for machine certificates only).
> The platform should be linux based and in a high availability
> configuration.
> Anyone know if the CATool has the technical features that we describe
> above?
> - Certificate enrollment via web browser, web provisioning
> functionalities and configurability;

The standard CAtool web pages do not provide functions for importing 
externally generated certificates, but there is a command line script that 
can be used for that.

> - "template" customization;

Full source is provided and can be modified to suit your needs.

> - high-availability functionalities;

CAtool does not contain any special features for high-availability. It is 
suitable for use on a high availability host or cluster.

> - MySql integration.

Yes.
See also the MySQL clustering software available from www.continuent.com

>
> About the high-availability functionalities, anyone could you give us
> some suggestion on the better solution to adopt in this context?
> The two solution are:
> 1- have the only one CA server on Red Hat cluster, or
> 2- implementing three CATool servers, one root CA (that can be forever
> in stand-by) and two subordinate Ca that are operational.
> There is any other solution?

High availabiliy or clustered SQL server for the CATool database, but with 
multiple CATool installations all accessing the commmon SQL database?

>
> Our interest is in implementing an external workflow system that can
> automatically generate a certificate request to the CA, so we need a
> mechanism to integrate our workflow with the CA:
> Is there any way to do this?
>
> Do the DB MySql contain the certificate issue? 

Yes, the certificates are stored in the MySQL database.
The database  and certificate manipulation software is well modularised and 
could be called from any perl script.

> Is it possible to choose 
> that the DB MysSql run on another server?

Yes.

>
> Thank you

Hope that helps.
Cheers.

>
> Palmira
>
> --
> Archive at http://www.open.com.au/archives/catool/
> Announcements on catool-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe catool' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS, NetWare etc.

--
Archive at http://www.open.com.au/archives/catool/
Announcements on catool-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe catool' in the body of the message.

More information about the catool mailing list