Question 1

How does OpenXPKI compare to EJBCA?

Accepted Answer

OpenXPKI is Perl-based and Unix-focused, emphasizing file-based configuration and HSM integration, while EJBCA is Java-based and more platform-agnostic. Both are enterprise-grade, but OpenXPKI suits teams preferring open-source flexibility with Unix ecosystems.

Question 2

How to install OpenXPKI on Ubuntu?

Accepted Answer

While Debian is the recommended platform, Ubuntu packages are available via subscription plans. For free use, consider using the Docker image or adapting Debian packages, but expect additional configuration effort due to dependency differences.

Question 3

Can OpenXPKI work with Let's Encrypt?

Accepted Answer

Yes, it supports ACME protocol, which Let's Encrypt uses, allowing integration for publicly trusted certificates. This is listed as a feature for issuing certificates with public CAs.

Question 4

What are the system requirements for OpenXPKI?

Accepted Answer

Runs on most Unix-like systems, with Debian being the primary supported OS for free packages. Hardware needs depend on scale, but HSM integration requires additional hardware, and sufficient RAM for Perl processes is recommended.

Question 5

Is OpenXPKI suitable for small businesses?

Accepted Answer

It can be overkill for small businesses due to its complexity and enterprise focus. Simpler solutions might be better unless there's a need for advanced features like multiple CAs or HSM integration.

Question 6

How to migrate from a commercial PKI to OpenXPKI?

Accepted Answer

Migration involves exporting certificates and configuring OpenXPKI workflows, which can be adjusted per the README. Use the sample config as a base, but plan for a phased deployment and leverage community support via mailing lists.

OpenXPKI

What is OpenXPKI?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions