Skip to content

lupaxa-security-toolbox/certtool

BranchesTags

Repository files navigation

Project Logo

The Lupaxa Security Toolbox
Part of The Lupaxa Project


Build Status Latest Release Release Date Commits Since Release
Contributors Open Issues Open Pull Requests License
PyPI Version PyPI downloads PyPI downloads PyPI status PyPI supported python versions

lupaxa-certtool

A clean, modern, fully-typed Python CLI and library for generating self-signed X.509 certificates, certificate signing requests (CSRs), and private keys.

Built for automation, reproducibility, and bulk-generation workflows used by The Lupaxa Project.

Features

  • Generate self-signed certificates, private keys, and CSRs
  • Generate from:
    • JSON config file
    • Directory of config files (bulk mode)
    • Pure command-line flags
  • Output:
    • To stdout
    • Or into an output directory, with one folder per certificate
  • Supports:
    • RSA key generation
    • SHA-256 / SHA-384 / SHA-512 digests
    • Validity period configuration
    • Optional private key encryption with passphrase
    • Subject Alternative Names (SANs) via JSON or CLI
  • Includes:
    • --generate-example to produce a full example JSON config
    • --inspect-cert to analyze existing PEM certificates
    • --validate-config to validate config files before use
  • Fully typed, linted, formatted, and tested
  • MkDocs documentation included

Installation

From PyPI

pip install lupaxa-certtool

From source (development mode)

pip install -e ".[dev]"

Usage

Basic self-signed certificate from CLI

certtool \
  --countryName UK \
  --stateOrProvinceName Somerset \
  --localityName Glastonbury \
  --organizationName "Lupaxa Project" \
  --commonName "dev.internal"

Using JSON Configuration

Generate an example config

certtool --generate-example --example-file dev-internal-cert.json

Use a JSON config file

certtool --config dev-internal-cert.json

Use a directory of configs (bulk mode)

certtool --config-dir configs/

Output Directory Structure

If you pass:

certtool --config-dir configs/ --output-dir output/

You get:

output/
├── dev.internal/
│   ├── cert.pem
│   ├── csr.pem
│   └── key.pem
└── api.internal/
    ├── cert.pem
    ├── csr.pem
    └── key.pem

Each certificate gets its own folder to prevent overwriting.

Private Key Encryption

JSON

{
  "passphrase": "your-secret-here"
}

CLI (overrides JSON)

certtool --config dev-internal-cert.json --passphrase "some-secret"

Inspect a Certificate

certtool --inspect-cert output/dev.interal/cert.pem

Documentation

The project includes MkDocs documentation.

Online documentation:

Documentation

Full documentation is available in the docs/ directory or served locally:

Serve docs locally

mkdocs serve

Then open the printed URL (usually http://127.0.0.1:8000/) in your browser.

Development

Clone the repository and install dev dependencies:

pip install -e ".[dev]"

Useful make targets:

make test        # run tests
make type        # type checking (mypy)
make check-style # lint + format + type
make check-all   # run tests, coverage, and audit

 

© The Lupaxa Project.
Where exploration meets precision.
Where the untamed meets the engineered.

About

A clean, modern, fully-typed Python CLI and library for generating self-signed X.509 certificates, certificate signing requests (CSRs), and private keys.

thelupaxaproject.org

Topics

security certificates lupaxa the-lupaxa-project lupaxa-security-toolbox

Resources

Readme

License

MIT license

Security policy

Security policy
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases 5

v0.1.1 Latest
Nov 21, 2025
+ 4 releases

Packages

 
 
 

Contributors

Languages