Utility to create and sign CAs and certificates

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for tgmachina from gravatar.com tgmachina Avatar for zephiyr from gravatar.com zephiyr

Unverified details

These details have not been verified by PyPI
Meta
  • License: BSD License (BSD 3-Clause License)
  • Author: Thomas Mendoza
  • Tags pki , ssl , tls , certificates
  • Requires: Python >=3.7
  • Provides-Extra: dev
Classifiers
Report project as malware

Project description

Certipy

A simple python tool for creating certificate authorities and certificates on the fly.

Introduction

Certipy was made to simplify the certificate creation process. To that end, Certipy exposes methods for creating and managing certificate authorities, certificates, signing and building trust bundles. Behind the scenes Certipy:

  • Manages records of all certificates it creates
    • External certs can be imported and managed by Certipy
    • Maintains signing hierarchy
  • Persists certificates to files with appropriate permissions

Usage

Command line

Creating a certificate authority:

Certipy defaults to writing certs and certipy.json into a folder called out in your current directory.

$ certipy foo
FILES {'ca': '', 'cert': 'out/foo/foo.crt', 'key': 'out/foo/foo.key'}
IS_CA True
SERIAL 0
SIGNEES None
PARENT_CA

Creating and signing a key-cert pair:

$ certipy bar --ca-name foo
FILES {'ca': 'out/foo/foo.crt', 'key': 'out/bar/bar.key', 'cert': 'out/bar/bar.crt'}
IS_CA False
SERIAL 0
SIGNEES None
PARENT_CA foo

Removal:

certipy --rm bar
Deleted:
FILES {'ca': 'out/foo/foo.crt', 'key': 'out/bar/bar.key', 'cert': 'out/bar/bar.crt'}
IS_CA False
SERIAL 0
SIGNEES None
PARENT_CA foo

Code

Creating a certificate authority:

from certipy import Certipy

certipy = Certipy(store_dir='/tmp')
certipy.create_ca('foo')
record = certipy.store.get_record('foo')

Creating and signing a key-cert pair:

certipy.create_signed_pair('bar', 'foo')
record = certipy.store.get_record('bar')

Creating trust:

certipy.create_ca_bundle('ca-bundle.crt')

# or to trust specific certs only:
certipy.create_ca_bundle_for_names('ca-bundle.crt', ['bar'])

Removal:

record = certipy.remove_files('bar')

Records are dicts with the following structure:

{
  'serial': 0,
  'is_ca': true,
  'parent_ca': 'ca_name',
  'signees': {
    'signee_name': 1
  },
  'files': {
    'key': 'path/to/key.key',
    'cert': 'path/to/cert.crt',
    'ca': 'path/to/ca.crt',
  }
}

The signees will be empty for non-CA certificates. The signees field is stored as a python Counter. These relationships are used to build trust bundles.

Information in Certipy is generally passed around as records which point to actual files. For most _record methods, there are generally equivalent _file methods that operate on files themselves. The former will only affect records in Certipy's store and the latter will affect both (something happens to the file, the record for it should change, too).

Release

Certipy is released under BSD license. For more details see the LICENSE file.

LLNL-CODE-754897

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for tgmachina from gravatar.com tgmachina Avatar for zephiyr from gravatar.com zephiyr

Unverified details

These details have not been verified by PyPI
Meta
  • License: BSD License (BSD 3-Clause License)
  • Author: Thomas Mendoza
  • Tags pki , ssl , tls , certificates
  • Requires: Python >=3.7
  • Provides-Extra: dev
Classifiers

Release history Release notifications | RSS feed

This version

0.2.3

0.2.2

0.2.1

0.2.0

0.1.3

0.1.2

0.1.1

0.1.0

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

certipy-0.2.3.tar.gz (20.6 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

certipy-0.2.3-py3-none-any.whl (19.9 kB view details)

Uploaded Python 3

File details

Details for the file certipy-0.2.3.tar.gz.

File metadata

  • Download URL: certipy-0.2.3.tar.gz
  • Upload date:
  • Size: 20.6 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for certipy-0.2.3.tar.gz
Algorithm Hash digest
SHA256 4e8701e6a2f281e7a154c2f368cff4edf374009084d29788cbe8c3838897784f
MD5 964e2f96c77c50c6861d98491403a2e4
BLAKE2b-256 83e552feec6e388811ebbea05be3262a21888ac36941c1244a8ed061c4be3b39

See more details on using hashes here.

Provenance

The following attestation bundles were made for certipy-0.2.3.tar.gz:

Publisher: release.yml on llnl/certipy

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file certipy-0.2.3-py3-none-any.whl.

File metadata

  • Download URL: certipy-0.2.3-py3-none-any.whl
  • Upload date:
  • Size: 19.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for certipy-0.2.3-py3-none-any.whl
Algorithm Hash digest
SHA256 7e13b6f5e78b6bbac3101e048903648efea59d3aedee6308d6fad70985c61391
MD5 7dcee55b4538bdf9fea3e67d4df040af
BLAKE2b-256 62082e968a78a302e56c6d07a7ad2f63cfa8246427e477d0152ad8a592920426

See more details on using hashes here.

Provenance

The following attestation bundles were made for certipy-0.2.3-py3-none-any.whl:

Publisher: release.yml on llnl/certipy

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page