Skip to main content
This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

Certificate-authority test harness.

Project Description


The purpose of this project is to package the logic needed to:

  • Build a CA certificates
  • Build a regular certificate
  • Sign the regular certificate with the CA certificate
  • Verify that the regular certificate is signed with the CA certificate

I find that I often need to do this, and/or need to do this as part of other projects to prove a design. This project assumes some defaults, and makes it ridiculously easy to establish a CA and build certificates. You can pass parameters to change the name of the output files, and the path that they are written to.

The scripts are comprised of Python logic. So, for those who’d like a quick tutorial on how to do these tasks via Python, they can use this project as a roadmap.


This project encapsulates four executable scripts.

Name Description
ck_create_ca Create CA keys and certificate
ck_create Create normal keys
ck_sign Create a signed certificate using the CA certificate and key
ck_verify_ca Verify that the signed certificate was issued by the CA

The Python scripts use M2Crypto to manipulate the keys/certificates.


This project can not be installed. Clone it from the GitHub project, and run the following to install the dependencies:

$ sudo pip install -r requirements.txt


To specify a directory, use the “-o” parameter. If none is given, you will be prompted to confirm.

  1. Create the CA:

    $ ck_create_ca
    Please confirm output directory []: output

    This generates:

    • ca.crt.pem
    • ca.csr.pem
    • ca.key.pem
    • ca.public.pem
  2. Create the normal keys:

    $ ck_create
    Please confirm output directory []: output

    This generates:

    • normal.csr.pem
    • normal.key.pem
    • normal.public.pem
  3. Sign the request:

    $ ck_sign
    Please confirm output directory []: output

    This generates:

    • normal.crt.pem
  4. Verify that the certificate was signed by our CA:

    $ ck_verify_ca
    Please confirm input directory []: output
    Is valid? True
Release History

Release History

This version
History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
ca_kit-0.2.1-py2-none-any.whl (13.3 kB) Copy SHA256 Checksum SHA256 2.7 Wheel Jul 10, 2014
ca_kit-0.2.1.tar.gz (5.3 kB) Copy SHA256 Checksum SHA256 Source Jul 10, 2014

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting