XCA will allow you to create and manage X.509 certificates, certificate requests, RSA and DSA private keys and CRLs.
Everything that is needed for a CA is implemented. All CAs can sign sub-CAs recursively. These certificate chains are shown clearly.
For an easy company-wide use there are customiseable templates that can be used for certificate or request generation. All crypto data is stored in a local and portable file format.
Xca supports next to the usual PEM and DER format of certificates the import and export of PKCS#12 (aka *.pfx) files and the Certificate import from PKCS#7 files.
Certificates can be created by self signing it, by signing it by an other (usually CA) certificate or by signing a PKCS#10 request. Netscape SPKAC is supported since version 0.4.6.
The validity dates and x509.v3 extensions can be adjusted to fit ones needs. The use of multiple certificates in CA chains is supported and a tree view of the certificates reflects the dependencies.
The application takes care to not create duplicate certificates by checking the serial number(s) on import and creation of certificates.
Certificate Templates can be used to preset the input dialog with reasonable values and to simplify the process of creating certificates and requests.
Issued certificates can be revoked and the revokation list can be created and exported. External revokation lists can be imported and examined.
What's New in This Release: [ read full changelog ]
· support modifying the CSR subject during signing
· update key images
· fix date settings in Certificate renewal dialog
· fix certificate request verification
· check for duplicate x509 v3 extensions
· Bug [ 1881482 ] and [ 1998815 ]
· make sha1 the default hash to avoid problems with other software
· Bug [ 1751397 ]
· add validation button to see all extensions before creating the cert
· change the hashing for the default password
· this makes it incompatible to older versions
· extend template format for nconf settings
· add nconf input field for arbitrary OpenSSL extensions
· and a "validate" button to check the settings before applying
· fix xca.desktop Bug [ 1837956 ]
· fix item-export error handling
· add PEM paste import feature
· extend PEM import to import all items from a PEM file