Man Linux: Main Page and Category List


       pyca - CA written in python


       The  scripts  in  this  suite are basically wrappers around openssl(1).
       Additionally the scripts integrates the generic  CA-functionality  with
       the mail-system and apache for handling certificate requests; with LDAP
       for handling distributing certificates and revocation lists;  and  cron
       for maintenance tasks.

              Create  a  pickled  copy  the  OpenSSL  configuration object for
              faster reading of the configuration. The pickle-file name is the
              name of the OpenSSL configuration file plus .pickle.
              Generate a CA hierarchy, all necessary files and directories and
              all  initial  CRLs  (see  also  signedby  extension  in  OpenSSL
              configuration  file). This is intended to be run under user root
              since it sets the ownership and permissions.
              Handles the mail dialogue after certificate request.  The  SPKAC
              certificate  request  and  LDIF data is moved from the directory
              pend_reqs_dir  to  new_reqs_dir.  Set  this   script   in   your
              /etc/aliases,  procmailrc  or  similar  to receive mails for the
              address specified in caCertReqMailAdr.
              This script is typically run by the CA admin user via CRON or  a
              similar  task  manager  on a networked system holding the public
              certificate data. It does several jobs:

              * Publish new certificates and inform user via e-mail  where  to
              download his certificate

              * Remove stale certificate requests from pend_reqs_dir.

              *    Spool   certificate  requests  and  certificate  revocation
              requests to the system  holding  the  CA’s  private  keys.  (not
              implemented yet)

              *   Spool certificates and certificate revocation lists from the
              system holding the CA’s private keys. (not implemented yet)
              This script is run on the system where the private keys  of  the
              CA are stored. It does several jobs:

              * Mark expired certificates in OpenSSL certificate database

              *  Generate  new CRLs, move old CRLs to archive (not implemented

              *  Process  certificate  requests  and  certificate   revocation
              requests (not implemented yet)

              *  Spool  certificate  database, issued certificates and CRLs to
              public WWW and LDAP server (not implemented yet)



       The  programs  are  documented  fully  by   the   HTML   documents   in


       Copyright © 2001 - 2003 Michael Stroeder <>

       This  software  including  all  modules  is  Open Source and given away
       under: GPL (GNU GENERAL PUBLIC LICENSE) Version 2.

       The author refuses to give any warranty of any kind.


       Michael Stroeder <>

       This manual page was written by Lars  Bahner  <>,  for
       the Debian GNU/Linux system (but may be used by others).

                                 june 30, 2002                         pyca(8)