This is a pre-production deployment of Warehouse. Changes made here affect the production instance of PyPI (
Help us improve Python packaging - Donate today!

ZeroC Ice certificate utilities

Project Description

The Ice Certificate Utilities package includes the iceca command line utility and a small Python library to allow creating certificates for Ice clients or servers.

It relies on PyOpenSSL for the creation of certificates. The Java KeyStore files are created with the keytool utility. The Java BouncyCastle provider is required to create BouncyCastle KeyStore files.


We recommend using pip or easy_install to install this package.

Package Contents

The iceca command line utility

The iceca utility provides a small certificate authority to allow creating certificates for use with Ice client and servers. It supports commands for initialization of the CA database, certification creation and export.


usage: iceca [--verbose --help --capass <pass>] init create list show export

The iceca command manages a small certificate authority to create and sign
certificates for Ice clients or servers.

init     Initialize the certificate authority database
create   Create and sign a certificate/key pair
list     List the created certificates
show     Show a given certificate
export   Export a given certificate

Usage of the init subcommand:

usage: init [--overwrite --no-capass]

Initializes the certificate authority database.

--overwrite    Overwrite the existing CA database
--no-capass    Don't protect the CA with a password

Usage of the create subcommand:

usage: create [--ip=<ip>] [--dns=<dns>] <alias> [<common-name>]

Creates and signs a certificate. A certificate is identified by its alias. If no
common name is specified, the alias is used as the common name.

--ip    Optional IP subject alternative name field
--dns   Optional DNS subject alternative name field

Usage of the list subcommand:

usage: list

List aliases for the certificates created with this CA.

Usage of the show subcommand:

usage: show <alias>

Print out the certificate associated to the given alias.

Usage of the export subcommand:

usage: export [--password <password>] [--alias <alias>] path

Export a certificate from the CA to the given file path. If --alias isn't
specified, the filename indicates which certificate to export. The file
extension also specifies the export format for the certificate. Supported
formats are:

 PKCS12 (.p12, .pfx)
 PEM (.pem)
 DER (.der, .cer, .crt)
 JKS (.jks, requires keytool to be in the PATH)
 BKS (.bks, requires keytool and support for the BouncyCastle provider)

--password  The password to use for protecting the exported certificate
--alias     The alias of the certificate to export

The IceCertUtils module

Here’s an example on how to create a server and client certificate with the IceCertUtils module:

import IceCertUtils

# Create the certicate factory
factory = IceCertUtils.CertificateFactory(cn = "My CA")

# Get the CA certificate and save it to PEM/DER and JKS files

# Create a client certificate
client = factory.create("client", cn = "Client")

# Save the client certificate to the PKCS12 format"client.p12")

# Save the client certificate to the JKS format and also include the CA
 certificate in the keystore with the alias "cacert""client.jks", caalias="cacert")

# Create the server certificate, include IP and DNS subject alternative names.
server = factory.create("server", cn = "Server", ip="", dns="")

# Save the server certificate to the PKCS12 format"server.p12")

# Save the server certificate to the JKS format"server.jks", caalias="cacert")

# Save the client and server certificates to the BKS format. If the BKS
# provider is not installed this will throw.
try:"client.bks", caalias="cacert")"server.bks", caalias="cacert")
except Exception as ex:
    print("warning: couldn't generate BKS certificates:\n" + str(ex))

Release History

Release History

This version
History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date
zeroc-icecertutils-1.0.1-1.tar.gz (15.2 kB) Copy SHA256 Checksum SHA256 Source Sep 3, 2015

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting