This application is intended as Certificate- and key-store and as signing application issuing certificates.
All data structures (Keys, Certificate signing requests, Certificates and Templates) can be imported and exported in several formats like DER or PEM. Import means reading a file from the filesystem and storing the data structure into the database file, while exporting means to write the data structure from the database file to the filesystem to be e.g imported into an other application.
When opening a new database the first time, it needs a password to encrypt the private keys in the database. This is the default password. Every time this database is opened the application asks for the password.
Despite the fact that the input dialog may be canceled the database will still be opened successfully. However, the access to the keys is not possible without supplying the correct database password everytime a key is used.
The different cryptographic parts are divided over 5 Tabs: Keys, Requests, Certificates, Templates and Revocation lists.
All items can be manipulated either by a context menu available by right-clicking on the item, or by using the buttons at the right border. Every item is identified by an internal name which is unique in one tab-view and is always shown in the first column.
Here are some key features of "XCA":
Supported file types:
· PEM
· DER
· PKCS#7
· PKCS#10
· PKCS#12 (aka *.pfx)
· A certificate can be created by self signing it, by signing it by an other (usually CA) certificate, by signing a PKCS#10 request or a Netscape SPKAC.
· The validity dates and x509.v3 extensions can be adjusted to fit ones needs. The use of multiple certificates in CA chains is supported and a tree view of the certificates reflects the dependencies.
· Certificate Templates can be used to preset the input dialog with reasonable values and to simplify the process of creating certificates and requests.
· Issued certificates can be revoked and the revokation list can be created and exported. External revokation lists can be imported and examined.
· The most usual certificate extensions can be set by easy to use input widgets. Other extensions can be defined by using the OpenSSL config file format.
What's New in This Release: [ read full changelog ]
· Close bug [ 3372449 ] All numeric names cannot be used
· add search functionality for PKCS#11 libraries
· fix ASN.1 encoding of PKCS#10 request
· Close bug [ 3318203 ] Build failure with GNU gold linker
· Add x509v3 extensions to the list of selectable columns
· Close bug [ 3314262 ] Incorrect "Path length" template parameter handling
· Close bug [ 3314263 ] Unrevoking a certificate does not make it "Trusted"
· Feature Request [3286442] Make success/import messges optional
· improve Password entry
· Improve SPKAC import
· add french translation by Patrick Monnerat
· Export requests or certificates as openssl config file
· Support building with EC disabled
· Close bug [3091576] Private key export is always PKCS#8 encoded
· Feature Request [3058196] Autoload database
· Feature Request [3058195] Export directly to the clipboard
· Close bug [3062711] Additional OIDs
· Close bug [3062708] Invalid user configuration file path name
· Fix PKCS#11 library handling
Find us on Google+
