[{"data":1,"prerenderedAt":287},["ShallowReactive",2],{"navigation_docs":3,"-docs-getting-started-introduction":86,"-docs-getting-started-introduction-surround":282},[4,22,31,48,65],{"title":5,"path":6,"stem":7,"children":8,"page":21},"Api","\u002Fdocs\u002Fapi","docs\u002Fapi",[9,13,17],{"title":10,"path":11,"stem":12},"CLI Reference","\u002Fdocs\u002Fapi\u002Fcli-reference","docs\u002Fapi\u002F1.cli-reference",{"title":14,"path":15,"stem":16},"ZMQ Protocol Reference","\u002Fdocs\u002Fapi\u002Fzmq-protocol","docs\u002Fapi\u002F2.zmq-protocol",{"title":18,"path":19,"stem":20},"Error Codes","\u002Fdocs\u002Fapi\u002Ferror-codes","docs\u002Fapi\u002F3.error-codes",false,{"title":23,"path":24,"stem":25,"children":26,"page":21},"Community","\u002Fdocs\u002Fcommunity","docs\u002Fcommunity",[27],{"title":28,"path":29,"stem":30},"Contributing","\u002Fdocs\u002Fcommunity\u002Fcontributing","docs\u002Fcommunity\u002F1.contributing",{"title":32,"path":33,"stem":34,"children":35,"page":21},"Concepts","\u002Fdocs\u002Fconcepts","docs\u002Fconcepts",[36,40,44],{"title":37,"path":38,"stem":39},"Architecture","\u002Fdocs\u002Fconcepts\u002Farchitecture","docs\u002Fconcepts\u002F1.architecture",{"title":41,"path":42,"stem":43},"Certificate Lifecycle","\u002Fdocs\u002Fconcepts\u002Fcertificate-lifecycle","docs\u002Fconcepts\u002F2.certificate-lifecycle",{"title":45,"path":46,"stem":47},"Security Model","\u002Fdocs\u002Fconcepts\u002Fsecurity-model","docs\u002Fconcepts\u002F3.security-model",{"title":49,"path":50,"stem":51,"children":52,"page":21},"Getting Started","\u002Fdocs\u002Fgetting-started","docs\u002Fgetting-started",[53,57,61],{"title":54,"path":55,"stem":56},"Introduction","\u002Fdocs\u002Fgetting-started\u002Fintroduction","docs\u002Fgetting-started\u002F1.introduction",{"title":58,"path":59,"stem":60},"Installation","\u002Fdocs\u002Fgetting-started\u002Finstallation","docs\u002Fgetting-started\u002F2.installation",{"title":62,"path":63,"stem":64},"Quick Start","\u002Fdocs\u002Fgetting-started\u002Fquick-start","docs\u002Fgetting-started\u002F3.quick-start",{"title":66,"path":67,"stem":68,"children":69,"page":21},"Guides","\u002Fdocs\u002Fguides","docs\u002Fguides",[70,74,78,82],{"title":71,"path":72,"stem":73},"Configuration","\u002Fdocs\u002Fguides\u002Fconfiguration","docs\u002Fguides\u002F1.configuration",{"title":75,"path":76,"stem":77},"Certificate Profiles","\u002Fdocs\u002Fguides\u002Fcertificate-profiles","docs\u002Fguides\u002F2.certificate-profiles",{"title":79,"path":80,"stem":81},"Docker Deployment","\u002Fdocs\u002Fguides\u002Fdocker-deployment","docs\u002Fguides\u002F3.docker-deployment",{"title":83,"path":84,"stem":85},"Importing an Existing CA","\u002Fdocs\u002Fguides\u002Fimporting-existing-ca","docs\u002Fguides\u002F4.importing-existing-ca",{"id":87,"title":54,"body":88,"description":275,"extension":276,"links":277,"meta":278,"navigation":279,"path":55,"seo":280,"stem":56,"__hash__":281},"docs\u002Fdocs\u002Fgetting-started\u002F1.introduction.md",{"type":89,"value":90,"toc":267},"minimark",[91,95,103,108,132,136,154,158,169,172,176,231,235],[92,93,54],"h1",{"id":94},"introduction",[96,97,98,102],"p",{},[99,100,101],"strong",{},"uPKI CA"," is a self-hosted, air-gapped Certificate Authority built in Python. It exposes a ZMQ REP socket so Registration Authorities (RA) and other tooling can request certificate operations without ever touching the internet.",[104,105,107],"h2",{"id":106},"what-it-does","What it does",[109,110,111,115,118,121],"ul",{},[112,113,114],"li",{},"Issues X.509 v3 certificates using 7 pre-defined profiles (root CA, intermediate, server, client, OCSP, email, code-signing)",[112,116,117],{},"Maintains a Certificate Revocation List (CRL)",[112,119,120],{},"Stores certificates, keys, and metadata on the local filesystem backed by TinyDB",[112,122,123,124,127,128,131],{},"Listens on two ZMQ ports: ",[99,125,126],{},"5000"," (CA operations) and ",[99,129,130],{},"5001"," (RA registration)",[104,133,135],{"id":134},"what-it-does-not-do","What it does NOT do",[109,137,138,148,151],{},[112,139,140,141],{},"It does not speak ACME — that is the job of ",[142,143,147],"a",{"href":144,"rel":145},"https:\u002F\u002Fgithub.com\u002Fcircle-rd\u002Fupki-ra",[146],"nofollow","uPKI RA",[112,149,150],{},"It does not have an HTTP interface — all communication is ZMQ",[112,152,153],{},"It does not require internet access at any point",[104,155,157],{"id":156},"where-it-fits","Where it fits",[159,160,165],"pre",{"className":161,"code":163,"language":164},[162],"language-text","[ACME Client]  →  [uPKI RA :8000]  →  ZMQ :5000  →  [uPKI CA]\n                                                 ↗\n                       [uPKI CLI]  →  ZMQ :5000\n","text",[166,167,163],"code",{"__ignoreMap":168},"",[96,170,171],{},"The CA is the trust anchor. The RA translates ACME protocol requests into ZMQ calls and registers itself with the CA on first start. The CLI provides direct ZMQ access for admin operations.",[104,173,175],{"id":174},"related-projects","Related projects",[177,178,179,192],"table",{},[180,181,182],"thead",{},[183,184,185,189],"tr",{},[186,187,188],"th",{},"Project",[186,190,191],{},"Role",[193,194,195,208,219],"tbody",{},[183,196,197,205],{},[198,199,200],"td",{},[142,201,204],{"href":202,"rel":203},"https:\u002F\u002Fgithub.com\u002Fcircle-rd\u002Fupki-ca",[146],"upki-ca",[198,206,207],{},"This project — the Certificate Authority",[183,209,210,216],{},[198,211,212],{},[142,213,215],{"href":144,"rel":214},[146],"upki-ra",[198,217,218],{},"ACME v2 Registration Authority",[183,220,221,228],{},[198,222,223],{},[142,224,227],{"href":225,"rel":226},"https:\u002F\u002Fgithub.com\u002Fcircle-rd\u002Fupki-cli",[146],"upki-cli",[198,229,230],{},"Command-line admin tool",[104,232,234],{"id":233},"technology-stack","Technology stack",[109,236,237,243,249,255,261],{},[112,238,239,242],{},[99,240,241],{},"Python"," 3.11+",[112,244,245,248],{},[99,246,247],{},"pyzmq"," — ZMQ bindings",[112,250,251,254],{},[99,252,253],{},"cryptography"," — X.509 operations",[112,256,257,260],{},[99,258,259],{},"TinyDB"," — lightweight JSON database",[112,262,263,266],{},[99,264,265],{},"Click"," — CLI framework",{"title":168,"searchDepth":268,"depth":268,"links":269},2,[270,271,272,273,274],{"id":106,"depth":268,"text":107},{"id":134,"depth":268,"text":135},{"id":156,"depth":268,"text":157},{"id":174,"depth":268,"text":175},{"id":233,"depth":268,"text":234},"What is uPKI CA and how does it fit in the uPKI ecosystem?","md",null,{},true,{"title":54,"description":275},"5Humz1YDIihvW2UTQDNI1QdHFNBsKWlpFjlBhVKZSSM",[283,285],{"title":45,"path":46,"stem":47,"description":284,"children":-1},"How uPKI CA protects the root of trust.",{"title":58,"path":59,"stem":60,"description":286,"children":-1},"How to install uPKI CA from source, pip, or Docker.",1775569478206]