The CA python egg is here: https://lab.nexedi.com/vpelletier/caucase
instance-certificate-authority.cfg.jinja2.in deploy a CA server which expose an API on HTTP,
all request are done using GET, PUT, DELETE and POST on that API.

Auth server is an apache httpd which validate client certificate for authentification.
It autmatically request a signed certificate to CA and use it in apache configuration.

client request will be validated using:
SSLVerifyClient require in apache config