Setting up a Certificate Authority

During development, it is convenient to have a simple way of creating new certificates. OpenSSL includes all of the necessary infrastructure for setting up your own certificate authority (CA), but it requires getting more familiar with OpenSSL than is really necessary. To simplify the process, the zeroc-icecertutils PyPi package provides a Python library and and an iceca script that allows you to quickly perform the essential tasks:

  • initializing a new root CA
  • generating new certificates
  • converting certificates to match platform-specific requirements.

You are not obligated to use this package; IceSSL accepts certificates from any source as long as they are provided in the appropriate formats. However, you may find this tool sufficient for your development needs, and possibly even for your deployed application as well.

You will find more information on the IceCertUtils package and the iceca utility on the zeroc-icecertutils PyPI page. You can also take a look at the makecerts.py scripts in the certs and cpp/IceGrid/secure  directories from the Ice demos repository for examples on how to use the IceCertUtils Python library.

See Also