CAManager stands for Certificate Authority Manager. With to this tool, you can :
- list and view the metadata of all your certificates
- generate a new certificate
- sign a Certificate Signing Request
- export a certificate in PEM or PCKS#12 format (.p12)
- renew a certificate
- make a backup or a restore of the CA vault
# Installation
pip3 install camanager
# Security
- If you generate a certificate with the tool, the private key is kept in the vault
- The vault is a SQLite3 DB, all private keys are encrypted with AES-256. The master key is encrypted with a derived password of the user (PBKDF2-SHA512)
- Passwords are requested via secure input
- No network communication
# Initial setup for the first usage
This tool doesn't generate the Certificate Authority. You must already have one or generate a new one
([step by step guide](CREATE_CA.md)).
Once you have the Certificate Authority private and public keys, run `camanager setup`:
$ python -m camanager setup
Enter the password that will be used to encrypt the CA vault : [secure input, nothing will appear]
Confirm it : [same]
Paste your CA certificate in PEM format :
[paste here]
Paste your CA key in PEM format :
[paste here]
The vault has been successfully created.
The tool verifies that the keys match. If the private key is encrypted using a passphrase, you will be prompted for it.
The vault is saved in the "ca.vault" file of the directory you are in. You must therefore run `camanager` each time
from the same directory if you want to use the same vault.
# Usage
You can still provide information via arguments. If information is missing, an interactive prompt will occur.
## Backup the vault
python -m camanager backup
## Restore a backup vault
python -m camanager restore
## List certificates
python -m camanager [--all | --soon-expired]
- `--all` : show also the revoked/expired/renewed certificates
- `--soon-expired` : show only soon expired (less than 1 month) certificates
## Generate a new certificate
**Warning :** normally, a certificate is generated on the server and a Certificate Signing Request is generated for
the CA.
python -m camanager --newcert [--cn CN] [--san SAN] [--keysize <1024|2048|4096>] [--hash <sha1|sha256|sha512>]
- `--cn` : the Command Name
- `--san` : the Subject Alternative Name
- `--keysize` : the keysize : 2014, 2048 or 4096
- `--hash` : the hash algorithm : sha1, sha256 or sha512
## Sign a CSR
python -m camanager --sign [--cn CN] [--san SAN] [csr_file]
- `--cn` : the overridden Command Name
- `--san` : the overridden Subject Alternative Name
- `csr_file` : the Certificate Signin Request file
## Export
python -m camanager --export --pem|--p12 [--out output_file] [certificate CN or ID]
- `--pem` or `--p12` : the output format
- `--out` : the output file
- `certificate CN or ID` : the Common Name or certificate ID that you want to export
Raw data
{
"_id": null,
"home_page": "https://github.com/mneitsabes/camanager",
"name": "camanager",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.6",
"maintainer_email": "",
"keywords": "",
"author": "mneitsabes",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/13/44/787e622974dbd1aa28581c1c72d0aa0ac5dbd5acacd1e42e81e0a5cde03a/camanager-0.2.5.tar.gz",
"platform": null,
"description": "\r\nCAManager stands for Certificate Authority Manager. With to this tool, you can :\r\n\r\n- list and view the metadata of all your certificates\r\n- generate a new certificate\r\n- sign a Certificate Signing Request\r\n- export a certificate in PEM or PCKS#12 format (.p12)\r\n- renew a certificate\r\n- make a backup or a restore of the CA vault\r\n\r\n\r\n# Installation\r\n\r\n pip3 install camanager\r\n\r\n# Security\r\n\r\n- If you generate a certificate with the tool, the private key is kept in the vault\r\n- The vault is a SQLite3 DB, all private keys are encrypted with AES-256. The master key is encrypted with a derived password of the user (PBKDF2-SHA512) \r\n- Passwords are requested via secure input\r\n- No network communication\r\n\r\n# Initial setup for the first usage\r\n\r\nThis tool doesn't generate the Certificate Authority. You must already have one or generate a new one \r\n([step by step guide](CREATE_CA.md)).\r\n\r\nOnce you have the Certificate Authority private and public keys, run `camanager setup`:\r\n\r\n $ python -m camanager setup\r\n Enter the password that will be used to encrypt the CA vault : [secure input, nothing will appear]\r\n Confirm it : [same]\r\n Paste your CA certificate in PEM format :\r\n [paste here]\r\n Paste your CA key in PEM format :\r\n [paste here]\r\n The vault has been successfully created.\r\n\r\nThe tool verifies that the keys match. If the private key is encrypted using a passphrase, you will be prompted for it.\r\n\r\nThe vault is saved in the \"ca.vault\" file of the directory you are in. You must therefore run `camanager` each time \r\nfrom the same directory if you want to use the same vault.\r\n\r\n# Usage\r\n\r\nYou can still provide information via arguments. If information is missing, an interactive prompt will occur.\r\n\r\n## Backup the vault\r\n\r\n python -m camanager backup\r\n\r\n## Restore a backup vault\r\n\r\n python -m camanager restore\r\n\r\n## List certificates\r\n\r\n python -m camanager [--all | --soon-expired]\r\n\r\n- `--all` : show also the revoked/expired/renewed certificates\r\n- `--soon-expired` : show only soon expired (less than 1 month) certificates\r\n\r\n## Generate a new certificate\r\n\r\n**Warning :** normally, a certificate is generated on the server and a Certificate Signing Request is generated for \r\nthe CA.\r\n\r\n python -m camanager --newcert [--cn CN] [--san SAN] [--keysize <1024|2048|4096>] [--hash <sha1|sha256|sha512>]\r\n\r\n- `--cn` : the Command Name\r\n- `--san` : the Subject Alternative Name\r\n- `--keysize` : the keysize : 2014, 2048 or 4096\r\n- `--hash` : the hash algorithm : sha1, sha256 or sha512\r\n\r\n## Sign a CSR\r\n\r\n python -m camanager --sign [--cn CN] [--san SAN] [csr_file]\r\n\r\n- `--cn` : the overridden Command Name\r\n- `--san` : the overridden Subject Alternative Name\r\n- `csr_file` : the Certificate Signin Request file\r\n\r\n## Export\r\n\r\n python -m camanager --export --pem|--p12 [--out output_file] [certificate CN or ID]\r\n\r\n- `--pem` or `--p12` : the output format\r\n- `--out` : the output file\r\n- `certificate CN or ID` : the Common Name or certificate ID that you want to export\r\n",
"bugtrack_url": null,
"license": "",
"summary": "Certificate Authority Manager",
"version": "0.2.5",
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "99f3a453d2d3f674b8eeb3ed341361d737739abdff7053c305f073d08d561721",
"md5": "fadac810fddcd6f63826c814634eb7cd",
"sha256": "8b1c18a4770b715b39b266fbb532af948b2d25d0ec9586514bcbc3a4c6b0cbe2"
},
"downloads": -1,
"filename": "camanager-0.2.5-py3-none-any.whl",
"has_sig": false,
"md5_digest": "fadac810fddcd6f63826c814634eb7cd",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.6",
"size": 21181,
"upload_time": "2023-01-30T19:13:33",
"upload_time_iso_8601": "2023-01-30T19:13:33.467463Z",
"url": "https://files.pythonhosted.org/packages/99/f3/a453d2d3f674b8eeb3ed341361d737739abdff7053c305f073d08d561721/camanager-0.2.5-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "1344787e622974dbd1aa28581c1c72d0aa0ac5dbd5acacd1e42e81e0a5cde03a",
"md5": "c2fce4b816a552ca320edec8106a538a",
"sha256": "dd260cb848780234ebcf2679971a4e44dfe953d24c32963aae3fbf116bb25af9"
},
"downloads": -1,
"filename": "camanager-0.2.5.tar.gz",
"has_sig": false,
"md5_digest": "c2fce4b816a552ca320edec8106a538a",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.6",
"size": 20226,
"upload_time": "2023-01-30T19:13:35",
"upload_time_iso_8601": "2023-01-30T19:13:35.691538Z",
"url": "https://files.pythonhosted.org/packages/13/44/787e622974dbd1aa28581c1c72d0aa0ac5dbd5acacd1e42e81e0a5cde03a/camanager-0.2.5.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-01-30 19:13:35",
"github": true,
"gitlab": false,
"bitbucket": false,
"github_user": "mneitsabes",
"github_project": "camanager",
"lcname": "camanager"
}
JSON
