A script for generating (and signing) SSL certifactes using
OpenSSL. The CA key can be set on the command line, in the
configuration files (/etc/ssl-crt-manage/default.cfg or
~/.ssl-crt-manage.rc) or left with the default of
(~/.update-remote-setup.pyrc). It requires Python 2.3 (or Python 2.2 with the
optparse module installed) to function.
Details for the creation of the private CA can found though google,
I plan to write up some notes on this at a later date.
It can be download from
The configuration file takes the following format.
[DEFAULT]
ca = /etc/ssl-crt-manage/ca/
[Req]
Country = UK
stateOrProvinceName = Someplace
localityName = City
organizationName = local.ban
And has the following command line options.
usage: ssl-crt-manage.py [options]
options:
--version Show program version number and exit
-h, --help Show this help message and exit
-cCOMMONNAME, --common-name=COMMONNAME
Common Name for cert
-bBITS, --bits=BITS Size of key (bits)
--ou-name=ORGANIZATIONUNITNAME
organizationalUnitName
--req Generate Request
-v, --verbose increase verbosity
-q, --quite decrease verbosity
--email=EMAIL email address for cert
--pcks12 Generate pcks/12 file
--self-sign Create a self signed cert
--ca-sign Sign csr with CA key
--ca=CA Directory path to CA
--days=DAYS Number of days that a self signed cert is vaild
--ca-policy=CA_POLICY CA policy to use (default: default)
