pyca(8) [debian man page]

pyca(8) 						      System Manager's Manual							   pyca(8)

NAME

       pyca - CA written in python

DESCRIPTION

       The  scripts  in this suite are basically wrappers around openssl(1). Additionally the scripts integrates the generic CA-functionality with
       the mail-system and apache for handling certificate requests; with LDAP for handling distributing certificates and  revocation  lists;  and
       cron for maintenance tasks.

PROGRAMMES

       pickle-cnf.py
	      Create  a pickled copy the OpenSSL configuration object for faster reading of the configuration. The pickle-file name is the name of
	      the OpenSSL configuration file plus .pickle.

       ca-make.py
	      Generate a CA hierarchy, all necessary files and directories and all initial CRLs (see also signedby extension in OpenSSL configura-
	      tion file). This is intended to be run under user root since it sets the ownership and permissions.

       ca-certreq-mail.py
	      Handles  the  mail  dialogue  after  certificate	request.  The  SPKAC certificate request and LDIF data is moved from the directory
	      pend_reqs_dir to new_reqs_dir. Set this script in your /etc/aliases, procmailrc or similar to receive mails for the  address  speci-
	      fied in caCertReqMailAdr.

       ca-cycle-pub.py
	      This  script  is typically run by the CA admin user via CRON or a similar task manager on a networked system holding the public cer-
	      tificate data. It does several jobs:

	      * Publish new certificates and inform user via e-mail where to download his certificate

	      * Remove stale certificate requests from pend_reqs_dir.

	      *  Spool certificate requests and certificate revocation requests to the system holding the CA's private keys. (not implemented yet)

	      *  Spool certificates and certificate revocation lists from the system holding the CA's private keys. (not implemented yet)

       ca-cycle-priv.py
	      This script is run on the system where the private keys of the CA are stored. It does several jobs:

	      * Mark expired certificates in OpenSSL certificate database

	      * Generate new CRLs, move old CRLs to archive (not implemented yet)

	      * Process certificate requests and certificate revocation requests (not implemented yet)

	      * Spool certificate database, issued certificates and CRLs to public WWW and LDAP server (not implemented yet)

SEE ALSO

       pyca(1)

       The programs are documented fully by the HTML documents in /usr/share/doc/pyca/htdocs/

COPYRIGHT

       Copyright (C) 2001 - 2003 Michael Stroeder <michael@stroeder.com>

       This software including all modules is Open Source and given away under: GPL (GNU GENERAL PUBLIC LICENSE) Version 2.

       The author refuses to give any warranty of any kind.

AUTHOR

       Michael Stroeder <michael@stroeder.com>

       This manual page was written by Lars Bahner <bahner@debian.org>, for the Debian GNU/Linux system (but may be used by others).

								   june 30, 2002							   pyca(8)

eurephiadm certs(7)													       eurephiadm certs(7)

NAME

       eurephiadm-certs - Certificate management for eurephia

DESCRIPTION

       Available modes for the certificate command are:

       -A | --add
	      Register a new certificate

       -D | --delete
	      Delete a registered certificate

       -l | --list
	      List all registered certificates

       -h | --help <mode>
	      Help about a specific mode

LIST MODE

       The list mode will list all registered certificates.  It accepts one parameter:

       -S | --sort <sort key>
	      Decide the sort order of the certificate list

       Available sort keys are:

	      certid
	       Numeric certificate ID

	      depth
	       Certificate depth

	      digest
	       Certificate SHA1 digest

	      cname
	       Certificate Common Name field

	      org
	       Certificate organisation field

	      email
	       Certificate e-mail address field

	      registered
	       When the certificate was registered in eurephia.

ADD MODE

       The add mode will register a new certificate.

       -d | --depth
	      Certificate depth, required.

       -D | --digest
	      SHA1 fingerprint/digest of the new certificate

       -C | --common-name
	      Common name (CN) field of the certificate

       -O | --organisation
	      Organisation (O) field of the certificate

       -E | --email
	      e-mail address (emailAddress) of the certificate

       Usually	the  certificate depth value needs to be 0, if you are registering user account certificates. CA certificates usually have a value
       bigger than 0.

       If you have the certificate file available, you can use the following options to retrieve the needed information directly from  a  certifi-
       cate file.

       -f | --certfile
	      File name of the certificate file.

       -p | --pkcs12
	      If the file is in PKCS#12 format.

       The default format is PEM format, unless --pkcs12 is given.  These two options cannot be used together with -D, -C, -O or -E.  But the cer-
       tificate depth must be given to indicate the certificate depth.

DELETE MODE

       The delete mode will remove a certificate from the certificate database.

       -i | --certid
	      Indicates a unique certificate ID

       -d | --digest
	      A unique SHA1 fingerprint/digest value

       -C | --common-name
	      Common Name (CN) field of a certificate

       -O | --organisation
	      Organisation (O) field of a certificate

       -E | --email
	      e-mail address (emailAddress) of a certificate

       You can use any of these parameters to indicate a search criteria for the certificate (or certificates) you want to delete.   You  will	be
       provided  with  a  list over certificates which matches your search criteria and you will need to approve the deletion of the matching cer-
       tificate(s).

SEE ALSO

       eurephiadm-users(7), eurephiadm-usercerts(7)

AUTHOR

       Copyright (C) 2008-2010	David Sommerseth <dazo@users.sourceforge.net>

David Sommerseth						     July 2010						       eurephiadm certs(7)