pyCA - List of files
Page last modified:
This is an overview of all Python programs in pyCA and is intented to give you
an idea of what every program does.
The scripts in this section handle administrative tasks.
- pickle-cnf.py
-
Create a pickled copy the OpenSSL configuration object for faster
reading of the configuration. The pickle-file name is the name of the
OpenSSL configuration file plus .pickle.
- ca-make.py
- Generate a CA hierarchy, all necessary files and directories
and all initial CRLs (see also signedby
extension in OpenSSL configuration file).
- print-ca-certs.py
- This simple script prints all CA certs on stdout.
It is intended to generate authentic printouts (on paper!) of the
CA certs fingerprints and is typically run on the private CA system.
Choose the option --html to generate nicer formatted HTML-output
instead of the default textual output in ISO-8859-1.
- ca-certreq-mail.py
-
Handles the mail dialogue after certificate request.
The SPKAC certificate request and LDIF data is moved from the
directory pend_reqs_dir
to new_reqs_dir.
Set this script in your /etc/aliases, procmailrc or similar to receive
mails for the address specified in
caCertReqMailAdr.
- ca-cycle-pub.py
-
This script is typically run by the CA admin user via CRON or
a similar task manager on a networked system holding the public
certificate data. It does several jobs:
- Publish new certificates and inform user via e-mail
where to download his certificate
- Remove stale certificate requests from
pend_reqs_dir.
- Spool certificate requests and certificate revocation requests
to the system holding the CA's private keys. (not implemented yet)
- Spool certificates and certificate revocation lists
from the system holding the CA's private keys. (not implemented yet)
- ca-cycle-priv.py
-
This script is run on the system where the private keys
of the CA are stored.
It does several jobs:
- Mark expired certificates in OpenSSL certificate database
- Generate new CRLs, move old CRLs to archive (not implemented yet)
- Process certificate requests and certificate revocation requests (not implemented yet)
- Spool certificate database, issued certificates and
CRLs to public WWW and LDAP server (not implemented yet)
There are some scripts available which helps with storing certificate
data into LDAP repositories.
- ca2ldif.py
- Write CA certificates to a LDIF file.
- certs2ldap.py
- Send all certs to a LDAP server.
- certs2ldif.py
- Write all certs to a LDIF file.
Several CGI-BIN programs provide comfortable user access to the PKI.
- browser-check.py
- Checks the SSL and key generation capabilities of a browser.
This is very handy to find out if a certain web client
has sufficient capabilities for the certification process or your policy.
Up to now this CGI-BIN does only make sense when being invoked on a
ApacheSSL server.
- ca-index.py
- Show a clickable table of CA data in the OpenSSL configuration file openssl.cnf.
- cert-query.py
- Query the OpenSSL certificate database.
- get-cert.py
- Load a certificate.
- get-crl.py
- Is obsolete with pyCA 0.4.5. CRL downloads are also handled by get-cert.py now.
- ns-check-rev.py
- On-line verification of a certificate
- ns-enroll.py
- Generate a certification request.
- ns-renewal.py
- Renew a certificate (not fully implemented yet)
- ns-revoke.py
- Revoke a certificate with checking of client certificate.
misc. modules