Provided by: pyca_20031119-0_all bug


       pyca - CA written in python


       The  scripts  in  this  suite  are  basically wrappers around openssl(1). Additionally the
       scripts integrates the generic  CA-functionality  with  the  mail-system  and  apache  for
       handling  certificate  requests;  with  LDAP  for  handling  distributing certificates and
       revocation lists; and cron for maintenance tasks.

              Create a pickled copy the OpenSSL configuration object for faster  reading  of  the
              configuration.  The  pickle-file name is the name of the OpenSSL configuration file
              plus .pickle.
              Generate a CA hierarchy, all necessary files and directories and all  initial  CRLs
              (see also signedby extension in OpenSSL configuration file). This is intended to be
              run under user root since it sets the ownership and permissions.
              Handles the mail dialogue after certificate request. The SPKAC certificate  request
              and  LDIF  data is moved from the directory pend_reqs_dir to new_reqs_dir. Set this
              script in your /etc/aliases, procmailrc or similar to receive mails for the address
              specified in caCertReqMailAdr.
              This  script  is  typically  run  by  the  CA admin user via CRON or a similar task
              manager on a networked system holding the public certificate data. It does  several

              *  Publish  new  certificates  and  inform  user  via  e-mail where to download his

              * Remove stale certificate requests from pend_reqs_dir.

              *  Spool certificate requests and certificate revocation  requests  to  the  system
              holding the CA's private keys. (not implemented yet)

              *   Spool certificates and certificate revocation lists from the system holding the
              CA's private keys. (not implemented yet)
              This script is run on the system where the private keys of the CA  are  stored.  It
              does several jobs:

              * Mark expired certificates in OpenSSL certificate database

              * Generate new CRLs, move old CRLs to archive (not implemented yet)

              * Process certificate requests and certificate revocation requests (not implemented

              * Spool certificate database, issued certificates and CRLs to public WWW  and  LDAP
              server (not implemented yet)



       The programs are documented fully by the HTML documents in /usr/share/doc/pyca/htdocs/


       Copyright © 2001 - 2003 Michael Stroeder <>

       This  software including all modules is Open Source and given away under: GPL (GNU GENERAL
       PUBLIC LICENSE) Version 2.

       The author refuses to give any warranty of any kind.


       Michael Stroeder <>

       This manual page was written by Lars Bahner <>, for the Debian  GNU/Linux
       system (but may be used by others).

                                          june 30, 2002                                   pyca(8)