Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.


django_tlsauth is unavailable in PyPM, because there aren't any builds for it in the package repositories. Click the linked icons to find out why.

 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
Windows (64-bit)
Mac OS X (10.5+)
Linux (32-bit)
Linux (64-bit)
0.1.1 Failed View build log
Lastest release
version 0.1.1 on Jan 9th, 2014
  • Django-TLSAuth

Django-TLSAuth integrates a minimal certificate authority (CA) and implements TLS client certificate authentication. It depends on nginx for handling the TLS authentication part.

** Installation #+BEGIN_SRC sh

System Message: ERROR/3 (<string>, line 9)

Unexpected indentation.
pip install django_tlsauth

System Message: WARNING/2 (<string>, line 10)

Block quote ends without a blank line; unexpected unindent.

Django-TLSAuth depends on tlsauth which provides minimal tools to act as a CA. Please follow the "CA and https service install" steps from https://github.com/stef/tlsauth to set up your webserver and CA.

After setting up the CA, you should also configure it in django, put something like this with adjusted paths into your settings.py:

System Message: WARNING/2 (<string>, line 17)

Definition list ends without a blank line; unexpected unindent.

#+BEGIN_SRC python from tlsauth import CertAuthority

'tlsauth/CA/private/root.pem', 'tlsauth/CA/conf/serial', 'tlsauth/CA/dummy.pem', 'http://www.example.com/crl.pem', 'tlsauth/CA/incoming', )

System Message: WARNING/2 (<string>, line 27)

Definition list ends without a blank line; unexpected unindent.

TLS_ADMINGROUPS=['CA admins'] TLS_SCRUTINIZER=None # supply your own function authorizing automatic signatures TLS_BLINDSIGN=False # blindly sign incoming CSRs #+END_SRC

If you want to enable the admin to the mini-CA add to your urls.py

System Message: WARNING/2 (<string>, line 33)

Block quote ends without a blank line; unexpected unindent.

#+BEGIN_SRC python url(r'^tlsauth/', include('django_tlsauth.urls')), #+END_SRC

** tlsauth decorator Django-TLSAuth provides a simple decorator to guard your entry points: #+BEGIN_SRC python from django.http import HttpResponse, HttpResponseRedirect from django_tlsauth.views import tlsauth

def unauth(request):
return HttpResponseRedirect('/')

@tlsauth(unauth=unauth, groups=['helloworldophobians']) def hello(request):

System Message: ERROR/3 (<string>, line 49)

Unexpected indentation.
return HttpResponse("hello world")

System Message: WARNING/2 (<string>, line 50)

Block quote ends without a blank line; unexpected unindent.


** Managing certs Django-TLSAuth provides a few default routes to manage the certs and the CA.

*** /tlsauth/register/ Visitors can register like on a normal site, but when done, they get a PKCS12 certificate ready to be saved and imported in all browsers. This is totally automatic and there's no check if the specified organization is not a privileged one (like "CA admins" in the above example). This really provides no security, for bots and scripts it's even easier to use these certs than for normal humans. Other mechanisms must be deployed to provide meaningful authentication.

System Message: WARNING/2 (<string>, line 56); backlink

Inline strong start-string without end-string.

*** /tlsauth/certify/ Visitors can submit their Certificate Signing Request (can be easily generated using gencert.sh from tlsauth), which depending on configuration either returns automatically a signed certificate (no meaningful authentication this way, avoid this!), or it gets stored for later approval by the "CA admins".

System Message: WARNING/2 (<string>, line 65); backlink

Inline strong start-string without end-string.

*** /tlsauth/cert/ Returns the CA root certificate in PEM format, for import into your browser.

System Message: WARNING/2 (<string>, line 72); backlink

Inline strong start-string without end-string.

*** /tlsauth/csrs/ Displays a list of incoming CSRs to any certified member of the "CA admin" group. The certs can be either rejected or signed, in the later case the resulting certificate is sent to the email address of the subject.

System Message: WARNING/2 (<string>, line 76); backlink

Inline strong start-string without end-string.

*** /tlsauth/test/ Displays whether you are TLS authenticated and what your distinguished name is.

System Message: WARNING/2 (<string>, line 82); backlink

Inline strong start-string without end-string.

Subscribe to package updates

Last updated Jan 9th, 2014

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.