{"id":8007,"library":"certipy","title":"Certipy: CA and Certificate Utility","description":"Certipy (version 0.2.2) is a Python utility designed to simplify the creation and signing of Certificate Authorities (CAs) and certificates on the fly. It wraps `pyOpenSSL` to manage certificate records, maintain signing hierarchies, and persist certificates to files. The project appears to be in a maintenance status, with its latest PyPI release in March 2025, though active development on GitHub seems to have slowed since early 2023.","status":"maintenance","version":"0.2.2","language":"en","source_language":"en","source_url":"https://github.com/LLNL/certipy","tags":["security","certificates","TLS","PKI","CA","pyOpenSSL"],"install":[{"cmd":"pip install certipy","lang":"bash","label":"Install stable version"}],"dependencies":[{"reason":"Core dependency for PKI operations, as Certipy wraps pyOpenSSL.","package":"pyOpenSSL","optional":false},{"reason":"Fundamental cryptographic primitives.","package":"cryptography","optional":false}],"imports":[{"symbol":"Certipy","correct":"from certipy import Certipy"}],"quickstart":{"code":"from certipy import Certipy\nimport os\n\n# Create a temporary directory for the store\nstore_dir = os.path.join(os.getcwd(), 'cert_store')\nos.makedirs(store_dir, exist_ok=True)\n\ntry:\n    # Initialize Certipy with a store directory\n    certipy_instance = Certipy(store_dir=store_dir)\n\n    # Create a Certificate Authority (CA)\n    ca_name = 'my_root_ca'\n    certipy_instance.create_ca(ca_name)\n    root_ca_record = certipy_instance.store.get_record(ca_name)\n    print(f\"Root CA '{ca_name}' created at: {root_ca_record.cert_path}\")\n\n    # Create and sign a key-certificate pair using the CA\n    cert_name = 'my_server_cert'\n    certipy_instance.create_signed_pair(cert_name, ca_name)\n    server_cert_record = certipy_instance.store.get_record(cert_name)\n    print(f\"Signed certificate '{cert_name}' created at: {server_cert_record.cert_path}\")\n\nfinally:\n    # Clean up the temporary store directory\n    if os.path.exists(store_dir):\n        import shutil\n        shutil.rmtree(store_dir)\n        print(f\"Cleaned up directory: {store_dir}\")","lang":"python","description":"This quickstart demonstrates how to initialize Certipy, create a root Certificate Authority, and then generate a signed certificate using that CA. It also includes cleanup for the temporary certificate store directory."},"warnings":[{"fix":"Always verify the GitHub repository and PyPI project page (github.com/LLNL/certipy for this library) before installation to confirm you have the intended project. For AD CS related tasks, you likely want `pip install certipy-ad` instead.","message":"There are two distinct Python libraries named 'certipy' or similar, causing potential confusion. This entry refers to `certipy` by LLNL (version 0.2.2), which is a general-purpose PKI utility. The other, `certipy-ad` (by ly4k, version 5.x.x), is an Active Directory Certificate Services (AD CS) enumeration and abuse tool. Ensure you install and use the correct library for your needs.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Check the `setup.py` of the `certipy` GitHub repository for the exact `pyOpenSSL` and `cryptography` version requirements. As of version 0.2.2, it requires `pyOpenSSL>=23.0.0` and `cryptography>=39.0.0`.","message":"The `certipy` library internally relies on `pyOpenSSL` and `cryptography` for its core functionality. Compatibility issues with specific versions of these underlying libraries can sometimes occur. Always ensure your environment has compatible versions if you encounter obscure cryptographic errors.","severity":"gotcha","affected_versions":"All versions, especially with major updates to underlying crypto libraries"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"Install the package using pip: `pip install certipy`.","cause":"The `certipy` package is not installed in your current Python environment.","error":"ModuleNotFoundError: No module named 'certipy'"},{"fix":"Verify that you have installed the correct `certipy` library (`pip show certipy`) and that there isn't a local file or directory named `certipy.py` or `certipy/` in your project path that could be causing a name collision. The correct import is `from certipy import Certipy` for the LLNL project.","cause":"This error often indicates that you might be trying to import `Certipy` from a different (or conflicting) package installed under a similar name, or the package structure has changed. It's also possible if you have a local file named `certipy.py` shadowing the installed package.","error":"ImportError: cannot import name 'Certipy' from 'certipy'"}]}