The `zeroc-icecertutils` package includes the ` iceca` command and the `IceCertUtils` module for creating certificates
for Ice clients or servers.
## Installation
We recommend using `pip` to install this package:
```shell
pip install zeroc-icecertutils
```
## Package Contents
The `iceca` command provides a lightweight certificate authority (CA) that allows the creation of certificates for use
with Ice clients and servers. It supports initialization of the CA database, certificate creation, and export
functions.
### Usage:
```
usage: iceca [--verbose --help --capass <pass>] init create list show export
The iceca command manages a small certificate authority to create and sign
certificates for Ice clients or servers.
Commands:
init Initialize the certificate authority database
create Create and sign a certificate/key pair
list List the created certificates
show Show a given certificate
export Export a given certificate
```
- Usage of the `init` subcommand:
```
usage: init [--overwrite --no-capass]
Initializes the certificate authority database.
Options:
--overwrite Overwrite the existing CA database
--no-capass Don't protect the CA with a password
```
- Usage of the `create` subcommand:
```
usage: create [--ip=<ip>] [--dns=<dns>] <alias> [<common-name>]
Creates and signs a certificate. A certificate is identified by its alias. If no
common name is specified, the alias is used as the common name.
Options:
--ip Optional IP subject alternative name field
--dns Optional DNS subject alternative name field
```
- Usage of the `list` subcommand:
```
usage: list
List aliases for the certificates created with this CA.
```
- Usage of the `show` subcommand:
```
usage: show <alias>
Print out the certificate associated to the given alias.
```
- Usage of the `export` subcommand:
```
usage: export [--password <password>] [--alias <alias>] path
Export a certificate from the CA to the given file path. If --alias isn't
specified, the filename indicates which certificate to export. The file
extension also specifies the export format for the certificate. Supported
formats are:
PKCS12 (.p12, .pfx)
PEM (.pem)
DER (.der, .cer, .crt)
JKS (.jks, requires keytool to be in the PATH)
BKS (.bks, requires keytool and support for the BouncyCastle provider)
Options:
--password The password to use for protecting the exported certificate
--alias The alias of the certificate to export
```
## The IceCertUtils module
Here's an example on how to create a server and client certificate using the `IceCertUtils` module:
```python
import IceCertUtils
# Create the certificate factory
factory = IceCertUtils.CertificateFactory(cn = "My CA")
# Get the CA certificate and save it to PEM/DER and JKS files
factory.getCA().save("cacert.pem").save("cacert.der").save("cacert.jks")
# Create a client certificate
client = factory.create("client", cn = "Client")
# Save the client certificate to the PKCS12 format
client.save("client.p12")
# Save the client certificate in JKS format and include the CA certificate in the keystore with the alias "cacert"
client.save("client.jks", caalias="cacert")
# Create the server certificate, include IP and DNS subject alternative names.
server = factory.create("server", cn = "Server", ip="127.0.0.1", dns="server.foo.com")
# Save the server certificate to the PKCS12 format
server.save("server.p12")
# Save the server certificate to the JKS format
server.save("server.jks", caalias="cacert")
# Save the client and server certificates to the BKS format. If the BKS
# provider is not installed this will throw.
try:
client.save("client.bks", caalias="cacert")
server.save("server.bks", caalias="cacert")
except Exception as ex:
print("warning: couldn't generate BKS certificates:\n" + str(ex))
factory.destroy()
```
Raw data
{
"_id": null,
"home_page": "https://github.com/zeroc-ice/icecertutils",
"name": "zeroc-icecertutils",
"maintainer": null,
"docs_url": null,
"requires_python": "<4.0.0,>=3.11.0",
"maintainer_email": null,
"keywords": "ice, certificate, ca, ssl",
"author": "ZeroC, Inc.",
"author_email": "info@zeroc.com",
"download_url": "https://files.pythonhosted.org/packages/a6/25/c6565a287a652384a6a1d4107a082fa9ccebffb71a85384766d89970cd02/zeroc_icecertutils-1.1.0.tar.gz",
"platform": null,
"description": "The `zeroc-icecertutils` package includes the ` iceca` command and the `IceCertUtils` module for creating certificates\nfor Ice clients or servers.\n\n## Installation\n\nWe recommend using `pip` to install this package:\n\n```shell\npip install zeroc-icecertutils\n```\n\n## Package Contents\n\nThe `iceca` command provides a lightweight certificate authority (CA) that allows the creation of certificates for use\nwith Ice clients and servers. It supports initialization of the CA database, certificate creation, and export\nfunctions.\n\n### Usage:\n\n```\nusage: iceca [--verbose --help --capass <pass>] init create list show export\n\nThe iceca command manages a small certificate authority to create and sign\ncertificates for Ice clients or servers.\n\nCommands:\ninit Initialize the certificate authority database\ncreate Create and sign a certificate/key pair\nlist List the created certificates\nshow Show a given certificate\nexport Export a given certificate\n```\n\n- Usage of the `init` subcommand:\n\n```\nusage: init [--overwrite --no-capass]\n\nInitializes the certificate authority database.\n\nOptions:\n--overwrite Overwrite the existing CA database\n--no-capass Don't protect the CA with a password\n```\n\n- Usage of the `create` subcommand:\n\n```\nusage: create [--ip=<ip>] [--dns=<dns>] <alias> [<common-name>]\n\nCreates and signs a certificate. A certificate is identified by its alias. If no\ncommon name is specified, the alias is used as the common name.\n\nOptions:\n--ip Optional IP subject alternative name field\n--dns Optional DNS subject alternative name field\n```\n\n- Usage of the `list` subcommand:\n\n```\n usage: list\n List aliases for the certificates created with this CA.\n```\n\n- Usage of the `show` subcommand:\n\n```\n usage: show <alias>\n Print out the certificate associated to the given alias.\n```\n\n- Usage of the `export` subcommand:\n\n```\nusage: export [--password <password>] [--alias <alias>] path\n\nExport a certificate from the CA to the given file path. If --alias isn't\nspecified, the filename indicates which certificate to export. The file\nextension also specifies the export format for the certificate. Supported\nformats are:\n\n PKCS12 (.p12, .pfx)\n PEM (.pem)\n DER (.der, .cer, .crt)\n JKS (.jks, requires keytool to be in the PATH)\n BKS (.bks, requires keytool and support for the BouncyCastle provider)\n\nOptions:\n--password The password to use for protecting the exported certificate\n--alias The alias of the certificate to export\n```\n\n## The IceCertUtils module\n\nHere's an example on how to create a server and client certificate using the `IceCertUtils` module:\n\n```python\nimport IceCertUtils\n\n# Create the certificate factory\nfactory = IceCertUtils.CertificateFactory(cn = \"My CA\")\n\n# Get the CA certificate and save it to PEM/DER and JKS files\nfactory.getCA().save(\"cacert.pem\").save(\"cacert.der\").save(\"cacert.jks\")\n\n# Create a client certificate\nclient = factory.create(\"client\", cn = \"Client\")\n\n# Save the client certificate to the PKCS12 format\nclient.save(\"client.p12\")\n\n# Save the client certificate in JKS format and include the CA certificate in the keystore with the alias \"cacert\"\nclient.save(\"client.jks\", caalias=\"cacert\")\n\n# Create the server certificate, include IP and DNS subject alternative names.\nserver = factory.create(\"server\", cn = \"Server\", ip=\"127.0.0.1\", dns=\"server.foo.com\")\n\n# Save the server certificate to the PKCS12 format\nserver.save(\"server.p12\")\n\n# Save the server certificate to the JKS format\nserver.save(\"server.jks\", caalias=\"cacert\")\n\n# Save the client and server certificates to the BKS format. If the BKS\n# provider is not installed this will throw.\ntry:\n client.save(\"client.bks\", caalias=\"cacert\")\n server.save(\"server.bks\", caalias=\"cacert\")\nexcept Exception as ex:\n print(\"warning: couldn't generate BKS certificates:\\n\" + str(ex))\n\nfactory.destroy()\n```\n\n",
"bugtrack_url": null,
"license": "BSD",
"summary": "ZeroC Ice certificate utilities",
"version": "1.1.0",
"project_urls": {
"Homepage": "https://github.com/zeroc-ice/icecertutils",
"Repository": "https://github.com/zeroc-ice/icecertutils"
},
"split_keywords": [
"ice",
" certificate",
" ca",
" ssl"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "d92b8dcd5a4e677ed7cd362f1604b4e7d5a979b338c75cfac3839e4ea8d1030d",
"md5": "f894ac5c40017de88cad31d7cfc432b5",
"sha256": "370488daaa5fafc338441cf7834d7c4e2a894fbb18fe66e4f9e554a155be37cb"
},
"downloads": -1,
"filename": "zeroc_icecertutils-1.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "f894ac5c40017de88cad31d7cfc432b5",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": "<4.0.0,>=3.11.0",
"size": 21226,
"upload_time": "2024-11-23T09:57:34",
"upload_time_iso_8601": "2024-11-23T09:57:34.594697Z",
"url": "https://files.pythonhosted.org/packages/d9/2b/8dcd5a4e677ed7cd362f1604b4e7d5a979b338c75cfac3839e4ea8d1030d/zeroc_icecertutils-1.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "a625c6565a287a652384a6a1d4107a082fa9ccebffb71a85384766d89970cd02",
"md5": "81d1d2b03b3c1e3b14c1c2a4217713aa",
"sha256": "0cd4bf96e0e317b004f32893b72d2848ad3552ff8344ba282568adf195a33d69"
},
"downloads": -1,
"filename": "zeroc_icecertutils-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "81d1d2b03b3c1e3b14c1c2a4217713aa",
"packagetype": "sdist",
"python_version": "source",
"requires_python": "<4.0.0,>=3.11.0",
"size": 16460,
"upload_time": "2024-11-23T09:57:35",
"upload_time_iso_8601": "2024-11-23T09:57:35.739340Z",
"url": "https://files.pythonhosted.org/packages/a6/25/c6565a287a652384a6a1d4107a082fa9ccebffb71a85384766d89970cd02/zeroc_icecertutils-1.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-11-23 09:57:35",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "zeroc-ice",
"github_project": "icecertutils",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "zeroc-icecertutils"
}
JSON
