OpenXPKI is interesting, it's a bit more enterprise grade than PHP-CA is aiming for.
We've been using PHP-CA in our organization here for near on 5 years now, and it's doing the task admirably. The main purpose that we are aiming for is a low maintenance, internal CA that allows people to self enroll themselves merely by proving their email address.
We then go ahead and use the supplied certificate as a single-sign on for all of our web applications, our OpenVPN authentication, email fetching, SCM, SVN, etc.
All of our internal servers use the certificates signed by PHP-CA as well.
Despite that, PHP-CA may be too simple for anybody who's looking at a full PKI / trust center, and who need to review applicants on a per case basis.
In this case, I fully agree that there are other solutions out there, and they would be crazy to use PHP-CA.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It might be an idea to point people in the direction of openxpki even though it is not finished, just to see where things are going.
R
OpenXPKI is interesting, it's a bit more enterprise grade than PHP-CA is aiming for.
We've been using PHP-CA in our organization here for near on 5 years now, and it's doing the task admirably. The main purpose that we are aiming for is a low maintenance, internal CA that allows people to self enroll themselves merely by proving their email address.
We then go ahead and use the supplied certificate as a single-sign on for all of our web applications, our OpenVPN authentication, email fetching, SCM, SVN, etc.
All of our internal servers use the certificates signed by PHP-CA as well.
Despite that, PHP-CA may be too simple for anybody who's looking at a full PKI / trust center, and who need to review applicants on a per case basis.
In this case, I fully agree that there are other solutions out there, and they would be crazy to use PHP-CA.