pca (Personal Certificate Authority) is a bash wrapper shell script for OpenSSL cryptography suite intended to make it easy to manage a TLS/SSL Certificate Authority for personal use. It provides a much more complete, cleaner and user-friendly interface than the CA.pl script provided with the OpenSSL distribution.
People like to see screenshots. Since this is a text tool, an output of the
pca command itself shows an overview of all its functions.
~$ pca Personal Certificate Authority 0.1.1 (2008-05-28) Copyright (C) 2008 - Juliano F. Ravasi This is free software. You may redistribute copies of it under the terms of the GNU General Public License <http://www.gnu.org/licenses/gpl.html>. There is NO WARRANTY, to the extent permitted by law. Basic commands: help Displays help about pca usage. setup Setups initial files and parameters. Certificate Authority (CA) commands: init Initializes your personal CA. update Updates your CA database. crl Manages your CA Certificate Revocation List. backup Makes a backup of your CA to the given file. purge Purges your personal CA files. Certificate management commands: sign Signs a certificate request. revoke Revokes a previously-signed certificate. list Lists certificates signed by your CA. show Displays information about a certificate. export Exports a certificate. verify Verifies trust chains of certificates. Key management commands: genkey Generates a new key and certificate request. genreq Generates a new certificate request for a key. unlock Exports a key without its pass phrase. pkcs12 Exports a key-certificate pair to a PKCS#12 file.
There is no documentation yet, so, here is a crash course to get started with pca. If you get lost, use the
--help option to get an idea of how to use any subcommand.
~$ pca setup ~$ pca init --rsa=1024 --key-cipher=aes256 ~$ pca genkey your-key.key ~$ pca sign your-key.csr