Barbara Gengler | April 08, 2008
COMMERCIAL Linux distributor Red Hat says it has released all of the source code to the Red Hat Certificate System, its security framework for managing network user identities and transactions.
Until now the only parts of the system freely available as open source code were Apache web server, Red Hat Directory Server and FIPS140-2 level 2 validated NSS cryptographic libraries.Red Hat bought the Netscape server code from Time Warner's AOL unit in October 2004 for $US23.5 million ($25.6 million) and relaunched it as the Red Hat Certificate System.
Red Hat Certificate System, (formerly Netscape Certificate Management System), extends the scalability, security and ease of use provided by Netscape Security Solutions with the choice and value provided through the Open Source Architecture.
It provides a security framework to guarantee the identity of users and ensure privacy of communications.
"With the Certificate System code now available under an open source licence, it will be much easier to integrate these proven technologies with other open-source projects," the company says.
An example of this is the Red Hat-sponsored freeIPA project, which provides central identity, policy and audit (IPA) management for Unix and Linux, using open source and open standards.
The code, being made available through the freeIPA project, is a development release that includes Fedora Linux, the Fedora Directory Server (the developmental version of the Netscape code) as well as Kerberos, NTP, DNS and web server tools.
The Linux distributor says the certificate system will incorporate technology from the freeIPA project, eventually making it able to centrally manage machine and service digital certificates, including providing certificates to the machine when it joins the IPA realm, and renewing them when they expire.
This will improve enterprise security by streamlining the use of certificates in the environment.
Red Hat's security team said the move "further demonstrates Red Hat's belief that the open source development model creates more secure software".
IDC Australia security solutions and system management software analyst Patrik Bihammar says he has not looked into the Red Hat Certificate System closely but it is interesting that Red Hat is making it available as open source, "which could lead to broader adoption and usage than if it remained Red Hat's property".
As well as offering the Red Hat Certificate System to users of its Red Hat Enterprise Linux product, the company uses it internally. According to the Red Hat security team, now the system is open-source, it will be easier for developers to integrate the technology with other security and network management projects from Red Hat.
Red Hat Certificate System Capabilities include support for all aspects of deploying and maintaining a Public Key Infrastructure for managing user identities, integrates easily with third-party security software and existing applications through published APIs, and scales to manage millions of digital certificates.
Further capabilities include scaling to manage millions of digital certificates and enabling clients and servers to communicate with the Certificate Management System by way of Online Certificate Status Protocol for revocation checking.
As with other open source development projects, Red Hat is depending on external developers and other interested parties to contribute to the code behind its certificate system.