Skip to main content

Utility to create and sign CAs and certificates

Project description

Certipy

A simple python tool for creating certificate authorities and certificates on the fly.

Introduction

Certipy was made to simplify the certificate creation process. To that end, Certipy exposes methods for creating and managing certificate authorities, certificates, signing and building trust bundles. Behind the scenes Certipy:

  • Manages records of all certificates it creates
    • External certs can be imported and managed by Certipy
    • Maintains signing hierarchy
  • Persists certificates to files with appropriate permissions

Usage

Command line

Creating a certificate authority:

Certipy defaults to writing certs and certipy.json into a folder called out in your current directory.

$ certipy foo
FILES {'ca': '', 'cert': 'out/foo/foo.crt', 'key': 'out/foo/foo.key'}
IS_CA True
SERIAL 0
SIGNEES None
PARENT_CA

Creating and signing a key-cert pair:

$ certipy bar --ca-name foo
FILES {'ca': 'out/foo/foo.crt', 'key': 'out/bar/bar.key', 'cert': 'out/bar/bar.crt'}
IS_CA False
SERIAL 0
SIGNEES None
PARENT_CA foo

Removal:

certipy --rm bar
Deleted:
FILES {'ca': 'out/foo/foo.crt', 'key': 'out/bar/bar.key', 'cert': 'out/bar/bar.crt'}
IS_CA False
SERIAL 0
SIGNEES None
PARENT_CA foo

Code

Creating a certificate authority:

from certipy import Certipy

certipy = Certipy(store_dir='/tmp')
certipy.create_ca('foo')
record = certipy.store.get_record('foo')

Creating and signing a key-cert pair:

certipy.create_signed_pair('bar', 'foo')
record = certipy.store.get_record('bar')

Creating trust:

certipy.create_ca_bundle('ca-bundle.crt')

# or to trust specific certs only:
certipy.create_ca_bundle_for_names('ca-bundle.crt', ['bar'])

Removal:

record = certipy.remove_files('bar')

Records are dicts with the following structure:

{
  'serial': 0,
  'is_ca': true,
  'parent_ca': 'ca_name',
  'signees': {
    'signee_name': 1
  },
  'files': {
    'key': 'path/to/key.key',
    'cert': 'path/to/cert.crt',
    'ca': 'path/to/ca.crt',
  }
}

The signees will be empty for non-CA certificates. The signees field is stored as a python Counter. These relationships are used to build trust bundles.

Information in Certipy is generally passed around as records which point to actual files. For most _record methods, there are generally equivalent _file methods that operate on files themselves. The former will only affect records in Certipy's store and the latter will affect both (something happens to the file, the record for it should change, too).

Release

Certipy is released under BSD license. For more details see the LICENSE file.

LLNL-CODE-754897

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certipy-0.2.1.tar.gz (20.4 kB view details)

Uploaded Source

Built Distribution

certipy-0.2.1-py3-none-any.whl (19.7 kB view details)

Uploaded Python 3

File details

Details for the file certipy-0.2.1.tar.gz.

File metadata

  • Download URL: certipy-0.2.1.tar.gz
  • Upload date:
  • Size: 20.4 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for certipy-0.2.1.tar.gz
Algorithm Hash digest
SHA256 0c0ea7b25248b42fb930f30173a78c029e6ba67e2ef9598ca4470d8975c9cbb6
MD5 75943909ab570ff65c0fde75cb962e1a
BLAKE2b-256 6fd71590f6801c76ecb73faf037f375fc7a314f3a773a30df680eaf69a617c94

See more details on using hashes here.

File details

Details for the file certipy-0.2.1-py3-none-any.whl.

File metadata

  • Download URL: certipy-0.2.1-py3-none-any.whl
  • Upload date:
  • Size: 19.7 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/5.1.1 CPython/3.12.6

File hashes

Hashes for certipy-0.2.1-py3-none-any.whl
Algorithm Hash digest
SHA256 aee9b93903c49038c4a214ea75cf3b72c4e9fd08bd7225887052a1dc5c938bfe
MD5 bec0bfa81c070c714da7b3f65ab39547
BLAKE2b-256 521b1472d714ca3f05d016c0b2779321af55e4c9efeabc852557e1e528f3330a

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page