Introduction

Public key infrastructures are one of the most widely accepted musts of the future. The problem is that more and more applications can be secured with such crude things like certificates and keys but it is really difficult to setup PKIs and it is really expensive too because flexible trustcentersoftware for Unix is expensive. This was the starting point of OpenCA. Our goal is the production of an open source trustcentersystem to support the community with a good, inexpensive and future-proof solution for their base infrastructure.

OpenCA started in 1999. The first idea consists of three major parts - a Perl webinterface, an OpenSSL backend for the cryptographic operation and a database. This simple concept is still the todays base. Nearly operations can be performed via some webinterfaces. The only difference is that we have six preconfigured interfaces and you can create so many interfaces like you want. The cryptographic backend is still OpenSSL. This is no disadvantage. We want to build the organizational infrastructure for an PKI. This is our major job and the guys from OpenSSL have much more experience with crypto than we. Our databases store all the needed informations about the users crypto objects like certificate signing requests, certificates, certificate revocation requests and CRLs.

If you think now that the development of OpenCA will be finished in some weeks or months then you are on the wrong way. There are many things which still wait to be implemented. Today we support the following things (this is an incomplete list just to give you an impression how complex the subject matter is):

OpenCA is designed for a distributed infrastructure. It cannot only handle an offline CA and an online RA. You can build a hierarchy with three or more levels. The goal is a maximum flexibility to support big organizations like universities, grids and global companies. OpenCA is not only a small solution ofr small and medium research facilities.

The OpenCA guides consist of four parts. The first part is a designguide which should help you to setup an good infrastructure. The second part describes all the activities which must be performed offline by some administrators. The third part is the user guide which describes all the available features. The last part is the technology guide which documents the ideas behind OpenCA. This documentation is only for developers and hardcore administrators to understand what's going on.

Finally we wish to thank everybody who helped us programming, testing and documenting OpenCA. This include of course all the universities and companies which finance the work of our developers.