A user-friendly CA certificate generation tool for local development and testing with multi-language support
Project description
Certica ๐
Certica is a user-friendly CA certificate generation tool for local development and testing with multi-language support.
โจ Features
- ๐ Root CA Creation - Generate self-signed root certificates and private keys
- ๐ Certificate Signing - Sign server and client certificates with configurable DNS names and IP addresses
- ๐ Template Support - Save common configurations in templates to reduce repetitive input
- ๐จ Interactive UI - Beautiful terminal graphical interface using Rich library with emoji icons
- ๐ป Command Line Interface - Full CLI support for automation and scripting
- ๐ง System Integration - Install/remove CA certificates from system trust store
- ๐ Multi-Language - Support for English, Chinese, French, Russian, Japanese, and Korean
- ๐๏ธ Smart Organization - Certificates automatically organized by CA for easy management
- โ Installation Verification - Automatic verification of certificate installation and removal
- ๐ง Multi-Distribution - Automatic Linux distribution detection with appropriate installation methods
๐ฆ Installation
Quick Install
pip install certica
Development Setup with uv (Recommended)
This project uses uv for fast dependency management. Install uv first:
curl -LsSf https://astral.sh/uv/install.sh | sh
Then set up the development environment:
Recommended: For active development
# Install package with all development dependencies (recommended)
make dev-install
# Or manually with uv (dev group is installed by default)
uv sync --group docs
Alternative: Dependencies only (for CI/CD or code review)
# Create virtual environment and install dependencies only (without installing the package)
# Useful for: CI/CD pipelines, code review, or when you only need development tools
make setup-venv
# Later, if you need to install the package:
make install
All make commands will automatically use uv if available, otherwise fall back to pip.
For detailed setup instructions, see SETUP.md.
๐ Quick Start
Interactive UI Mode (Recommended for Beginners)
To launch the interactive UI, use the ui command:
certica ui
Or with a specific language:
certica ui --lang zh # Chinese
certica ui --lang fr # French
certica ui --lang ru # Russian
certica ui --lang ja # Japanese
certica ui --lang ko # Korean
Important Notes:
- The
--langoption is only available in UI mode (certica ui --lang <code>) - CLI commands always use English for script compatibility
- Running
certicawithout any command shows help information
The interactive interface provides:
- ๐จ Beautiful graphical interface
- ๐ Clear menu options with emoji icons
- ๐ Formatted table displays
- ๐ฅ๏ธ Automatic certificate type recognition
- ๐ Filter certificates by CA
Command Line Mode
Important:
- Running
certicawithout any command shows help information - Use
certica uito enter interactive mode - The
--langoption is only available in UI mode (certica ui --lang <code>) - CLI commands always use English for script compatibility
Create Root CA Certificate
# Use default values
certica create-ca
# Custom parameters
certica create-ca --name myca --org "My Company" --validity 3650
# Use template
certica create-ca --template myorg --name myca
Sign Certificate
# Sign server certificate
certica sign --ca myca --name nginx-server --type server \
--dns localhost --dns example.com --ip 127.0.0.1
# Sign client certificate
certica sign --ca myca --name client1 --type client
# Use template
certica sign --ca myca --name server1 --template myorg --type server
List Certificates
# List all CAs
certica list-cas
# List all signed certificates
certica list-certs
# List certificates for a specific CA
certica list-certs --ca myca
System Certificate Management
# Install CA to system (requires sudo privileges)
certica install --ca myca
# Remove CA from system (requires sudo privileges)
certica remove --ca myca
๐ Language Support
Certica supports multiple languages in UI mode only. Use the --lang or -l option with the ui command:
# Launch UI with English (default)
certica ui
# Launch UI with Chinese
certica ui --lang zh
# Launch UI with French
certica ui --lang fr
# Launch UI with Russian
certica ui --lang ru
# Launch UI with Japanese
certica ui --lang ja
# Launch UI with Korean
certica ui --lang ko
Supported languages:
en- English (default)zh- Chinese (ไธญๆ)fr- French (Franรงais)ru- Russian (ะ ัััะบะธะน)ja- Japanese (ๆฅๆฌ่ช)ko- Korean (ํ๊ตญ์ด)
Important Notes:
- The
--langoption is only available in UI mode (certica ui --lang <code>) - CLI commands always use English for script compatibility
- If an unsupported language is specified, the tool will warn and fall back to English
๐ Output File Structure
All generated files are saved in the output/ directory (or the directory specified by --base-dir), automatically organized by CA:
output/
โโโ ca/ # Root CA certificate directory
โ โโโ {ca_name}/ # Each CA has its own directory
โ โโโ {ca_name}.key.pem # CA private key
โ โโโ {ca_name}.cert.pem # CA certificate
โโโ certs/ # Signed certificate directory
โ โโโ {ca_name}/ # Organized by CA name
โ โโโ {cert_name}/ # Each certificate has its own directory
โ โโโ key.pem # Certificate private key
โ โโโ cert.pem # Certificate
โโโ templates/ # Template file directory
โโโ default.json
โโโ etcd.json
โโโ nginx.json
Directory Organization Benefits
- โ Clear Separation: Certificates signed by different CAs are automatically stored separately
- โ Easy to Find: The directory structure clearly shows the certificate ownership relationship
- โ Easy to Manage: Can easily delete a CA and all its certificates
- โ
Clean Paths: Automatically removes
output/prefix when displaying
๐ Usage Examples
Example 1: Create Certificate for Local Nginx
# 1. Create root CA
certica create-ca --name local-ca
# 2. Sign server certificate
certica sign --ca local-ca --name nginx \
--type server --dns localhost --ip 127.0.0.1
# 3. Install CA to system (so browsers won't complain)
sudo certica install --ca local-ca
# 4. Use in nginx configuration
# ssl_certificate output/certs/local-ca/nginx/cert.pem;
# ssl_certificate_key output/certs/local-ca/nginx/key.pem;
Example 2: Create Certificates for etcd
# 1. Create root CA
certica create-ca --name etcd-ca
# 2. Sign server certificate
certica sign --ca etcd-ca --name etcd-server \
--type server --dns etcd.local --dns etcd-0.etcd.local \
--ip 10.0.0.1 --ip 10.0.0.2
# 3. Sign client certificate
certica sign --ca etcd-ca --name etcd-client --type client
Example 3: Using Templates
# 1. Create template
certica create-template --name myorg \
--org "My Organization" --country CN
# 2. Use template to create CA
certica create-ca --template myorg --name myca
# 3. Use template to sign certificate
certica sign --ca myca --name server1 \
--template myorg --type server --dns server1.example.com
๐ง Using Generated Certificates
For Web Servers (Nginx, Apache)
-
Install CA to system (so browsers trust it):
sudo certica install --ca your-ca-name
-
Configure your web server:
Nginx:
server { listen 443 ssl; ssl_certificate /path/to/output/certs/your-ca/your-cert/cert.pem; ssl_certificate_key /path/to/output/certs/your-ca/your-cert/key.pem; }
Apache:
<VirtualHost *:443> SSLEngine on SSLCertificateFile /path/to/output/certs/your-ca/your-cert/cert.pem SSLCertificateKeyFile /path/to/output/certs/your-ca/your-cert/key.pem </VirtualHost>
For etcd
Use the certificates in your etcd configuration:
# etcd server
peer-cert-file: /path/to/output/certs/etcd-ca/etcd-server/cert.pem
peer-key-file: /path/to/output/certs/etcd-ca/etcd-server/key.pem
# etcd client
cert-file: /path/to/output/certs/etcd-ca/etcd-client/cert.pem
key-file: /path/to/output/certs/etcd-ca/etcd-client/key.pem
For Docker
Copy certificates into your Docker containers:
COPY output/certs/myca/myserver/ /etc/ssl/certs/
Or mount as volumes:
docker run -v /path/to/output/certs/myca/myserver:/etc/ssl/certs your-image
๐ฅ๏ธ System Requirements
- Python: 3.8 or higher
- OpenSSL: Usually pre-installed on Linux/macOS
- Operating System: Linux, macOS, or Windows
๐ง Supported Linux Distributions
The tool automatically detects Linux distributions and uses the appropriate certificate installation method:
- Debian/Ubuntu:
/usr/local/share/ca-certificates/+update-ca-certificates - Fedora/RHEL/CentOS:
/etc/pki/ca-trust/source/anchors/+update-ca-trust extract - Arch/Manjaro:
/etc/ca-certificates/trust-source/anchors/+trust extract-compat - openSUSE/SLES:
/etc/pki/trust/anchors/+update-ca-certificates
๐ Command Reference
Global Options
--base-dir: Base directory for output files (default:output)--skip-check: Skip system requirements check--check-only: Only check system requirements and exit
Commands
ui: Launch interactive UI mode (use--langoption here for language selection)create-ca: Create a root CA certificatesign: Sign a certificate using the specified CAlist-cas: List all available CA certificateslist-certs: List all signed certificates, optionally filtered by CAcreate-template: Create a template filelist-templates: List all available templatesinstall: Install CA certificate to system trust storeremove: Remove CA certificate from system trust storeinfo: Show certificate information
For detailed help on any command:
certica --help # Show all commands
certica ui --help # Show UI mode options
certica create-ca --help # Show create-ca options
certica sign --help # Show sign options
๐งช Development
Running Tests
make test # Run all tests
make test-cov # Run tests with coverage
Code Quality
make lint # Run linting
make format # Format code
make check # Run all checks
Building
make build # Build distributions
make sdist # Build source distribution
make wheel # Build wheel distribution
For more information, see:
- SETUP.md - Development setup
- CONTRIBUTING.md - Contributing guidelines
- I18N_GUIDE.md - Adding new languages
๐ Documentation
- Quick Start Guide - Quick start guide
- Quick Start Guide (ไธญๆ) - ๅฟซ้ๅผๅงๆๅ
- I18N Guide - How to add or improve translations
- Development Setup - Development environment setup
- Contributing - How to contribute
๐ค Contributing
We welcome contributions! Please see CONTRIBUTING.md for details.
Adding New Languages
To add support for a new language, see I18N_GUIDE.md.
๐ License
MIT License - see LICENSE file for details.
๐ Acknowledgments
- Built with Click for CLI
- Beautiful UI powered by Rich
- Interactive prompts by Questionary
๐ Support
- Issues: GitHub Issues
- Documentation: README and docs
Made with โค๏ธ by Metarigin
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
certica-1.1.1.tar.gz
(48.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
certica-1.1.1-py3-none-any.whl
(42.2 kB
view details)
File details
Details for the file certica-1.1.1.tar.gz.
File metadata
- Download URL: certica-1.1.1.tar.gz
- Upload date:
- Size: 48.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d5612def7028a8236a09518892da380f21284d76505c116a7f3110b7cee71ff3
|
|
| MD5 |
ee7406fe1306cded3e5b15940836aa61
|
|
| BLAKE2b-256 |
7127ec30ab49ded2b9b9721585805e31cb5e367dd80ac780fcc395a92c0d9624
|
File details
Details for the file certica-1.1.1-py3-none-any.whl.
File metadata
- Download URL: certica-1.1.1-py3-none-any.whl
- Upload date:
- Size: 42.2 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.11.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e489484d2b6ed44b37a9e243c813cf5db22c16801a83230640e6fcee8448e729
|
|
| MD5 |
2a2a170d91046f1bbc8f15ef3dd8ba8c
|
|
| BLAKE2b-256 |
f33d47e0ddcf8e5a6a716ba74fe70b95b7927eac80ab0137dd16edaae8d94706
|
