3
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
6
<title>pyCA - X.509 CA</title>
7
<meta name="author" content="michael@stroeder.com" />
8
<meta name="description" content="pyCA: Software for running a X.509/PKIX certificate authority" />
9
<meta name="keywords" content="Security, X.509, PKI, CA, PKIX, S/MIME, SSL, single sign-on, client certificates, authentication">
10
<meta name="robots" content="INDEX,NOFOLLOW" />
11
<link rev="made" href="mailto:www@stroeder.com" />
12
<link rel="contents" href="http://www.pyca.de" title="pyCA" />
13
<link rel="copyright" href="" title="Copyright by Michael Ströder <michael@stroeder.com>" />
14
<script language="JavaScript">
16
if(top.frames.length > 0)
17
top.location.href=self.location;
22
<body bgcolor="#fafafa" text="#000000" link="#AA5022" vlink="#772000" alink="#0A0A0A">
35
<a href="pyca.html">pyCA</a> -
38
Software for running a X.509/PKIX certificate authority
40
<td valign="top" width="35%">
47
<<a href="download.html">Download</a>>
48
<<a href="news.html">News</a>>
49
<<a href="demo.html">Demo</a>>
50
<<a href="related.html">Related</a>>
56
<<a href="http://www.stroeder.com">Commercial</a>>
57
<<a href="feedback.html">Feedback</a>>
58
<<a href="faq.html">FAQ</a>>
64
<<a href="features.html">Features</a>>
65
<<a href="overview.html">Overview</a>>
66
<<a href="install.html">Installing</a>>
67
<<a href="config.html">Configuration</a>>
68
<<a href="changes.html">Changes</a>>
69
<<a href="files.html">Files</a>>
70
<<a href="roadmap.html">Roadmap</a>>
81
<h2><A NAME="Abstract">Abstract</a></h2>
83
The usage of cryptographic techniques promises secure usage of
84
Internet services concerning authentication of clients and servers and
85
authorized access to sensitive data. During the last two years it turned
86
out that X.509 certificates, SSL and S/MIME are the relevant, widely
87
adopted cryptographic standards for securing various Internet services
91
However these standards require setting up a working X.509-based PKI
92
(pulic key infrastructure).
93
Although there is a quite lot of documentation and some example software
94
for setting up a primitive PKI with an own certificate authority
95
with the free package <a href="http://www.openssl.org/">OpenSSL</a>
96
it seems that this task is not easy for most people. There is a lot of
97
discussion on various mailing-lists, e.g. how to generate self-signed
98
CA certificates, generate certificate requests with the famous WWW browsers and how to provide
99
client certificates / certificate revocation lists for download, etc.
100
Additionally if the certification business of an organization gets only a
101
little bit more serious one has to take care about critical security issues.
104
<a href="http://www.pyca.de/">pyCA</a> tries to make it
105
easier for people to set up and run a organizational certificate authority
106
which fulfills the need for a fairly secure certification processing.
107
The package also tries to reduce administrative tasks and user's frustration
108
by providing a comfortable web interface to users contacting the certificate
112
<h2>Project status</h2>
114
Unfortunately I do not have the time at the moment to spend more time
115
on developing this project. I will apply bug fixes and patches submitted
116
by users as long as they do not require too much rewriting of code.
122
Page last modified: Thursday, 15-May-2003 20:32:19 CEST,
124
<a href="http://www.stroeder.com">
125
stroeder.com - Information Technology, IT-Security, Identity Management,
126
System Integration</a>