Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

pyca(1) [debian man page]

pyca(1) 						      General Commands Manual							   pyca(1)

NAME

       pyca - CA written in python

DESCRIPTION

       The  scripts  in  ths suite are basically wrappers around openssl(1). Additionally the scripts integrates the generic CA-functionality with
       the mail-system and apache for handling certificate requests; with LDAP for handling distributing certificates and  revocation  lists;  and
       cron for maintenance tasks.

PROGRAMMES

       ca2ldif.py
	      Write  CA  certificates  and CRLs to a LDIF file. This is intended for initially setting up the CA entries not for daily CRL update.
	      The entries are  of  objectclass	certificationAuthority	and  contain  the  attributes  cACertificate;binary,  authorityRevocation-
	      List;binary  and	certificateRevocationList;binary. This might require extending schemas on LDAPv2 servers. Have a look at your LDAP
	      servers configuration documentation.

       certs2ldap.py
	      Send all certs and CRLs to a LDAP repository.

       copy-cacerts.py
	      Copy all CA certificates defined in an OpenSSL configuration to a bundled PEM file or a directory with  hash-named  symbolic  links.
	      This is quite handy in conjunction with ApacheSSL or Apache with mod_ssl for copying the files for SSLCACertificateFile or SSLCACer-
	      tificatePath.

       ns-jsconfig.py
	      Create Javascript code containing all CA certificates defined in an OpenSSL configuration for use with the Netscape admin tool (cre-
	      ating netscape.cfg).

       print-cacerts.py
	      This simple script prints all CA certs on stdout. It is intended to generate authentic printouts (on paper!) of the CA certs finger-
	      prints and is typically run on the private CA system.  Choose the option --html to generate nicer formatted HTML-output  instead	of
	      the default textual output in ISO-8859-1.

       ns-jsconfig.py
	      Create a Javascript file to be included in a Netscape configuration file (netscape.cfg).

SEE ALSO

       pyca(8)

       The programs are documented fully by the HTML documents in /usr/share/doc/pyca/htdocs/

COPYRIGHT

       Copyright (C) 2001 - 2003 Michael Stroeder <michael@stroeder.com>

       This software including all modules is Open Source and given away under: GPL (GNU GENERAL PUBLIC LICENSE) Version 2.

       The author refuses to give any warranty of any kind.

AUTHOR

       Michael Stroeder <michael@stroeder.com>

       This manual page was written by Lars Bahner <bahner@debian.org>, for the Debian GNU/Linux system.

								   june 30, 2002							   pyca(1)

Check Out this Related Man Page

pyca(8) 						      System Manager's Manual							   pyca(8)

NAME

       pyca - CA written in python

DESCRIPTION

       The  scripts  in this suite are basically wrappers around openssl(1). Additionally the scripts integrates the generic CA-functionality with
       the mail-system and apache for handling certificate requests; with LDAP for handling distributing certificates and  revocation  lists;  and
       cron for maintenance tasks.

PROGRAMMES

       pickle-cnf.py
	      Create  a pickled copy the OpenSSL configuration object for faster reading of the configuration. The pickle-file name is the name of
	      the OpenSSL configuration file plus .pickle.

       ca-make.py
	      Generate a CA hierarchy, all necessary files and directories and all initial CRLs (see also signedby extension in OpenSSL configura-
	      tion file). This is intended to be run under user root since it sets the ownership and permissions.

       ca-certreq-mail.py
	      Handles  the  mail  dialogue  after  certificate	request.  The  SPKAC certificate request and LDIF data is moved from the directory
	      pend_reqs_dir to new_reqs_dir. Set this script in your /etc/aliases, procmailrc or similar to receive mails for the  address  speci-
	      fied in caCertReqMailAdr.

       ca-cycle-pub.py
	      This  script  is typically run by the CA admin user via CRON or a similar task manager on a networked system holding the public cer-
	      tificate data. It does several jobs:

	      * Publish new certificates and inform user via e-mail where to download his certificate

	      * Remove stale certificate requests from pend_reqs_dir.

	      *  Spool certificate requests and certificate revocation requests to the system holding the CA's private keys. (not implemented yet)

	      *  Spool certificates and certificate revocation lists from the system holding the CA's private keys. (not implemented yet)

       ca-cycle-priv.py
	      This script is run on the system where the private keys of the CA are stored. It does several jobs:

	      * Mark expired certificates in OpenSSL certificate database

	      * Generate new CRLs, move old CRLs to archive (not implemented yet)

	      * Process certificate requests and certificate revocation requests (not implemented yet)

	      * Spool certificate database, issued certificates and CRLs to public WWW and LDAP server (not implemented yet)

SEE ALSO

       pyca(1)

       The programs are documented fully by the HTML documents in /usr/share/doc/pyca/htdocs/

COPYRIGHT

       Copyright (C) 2001 - 2003 Michael Stroeder <michael@stroeder.com>

       This software including all modules is Open Source and given away under: GPL (GNU GENERAL PUBLIC LICENSE) Version 2.

       The author refuses to give any warranty of any kind.

AUTHOR

       Michael Stroeder <michael@stroeder.com>

       This manual page was written by Lars Bahner <bahner@debian.org>, for the Debian GNU/Linux system (but may be used by others).

								   june 30, 2002							   pyca(8)
Man Page