This application is a graphical user interface to OpenSSL, RSA public keys, certificates, signing requests and revokation lists.
The keys do have an internal counter, counting its use to avoid a duplicate use of a key for creating a certificate or request. The Keys are encrypted in the database file.
Xca supports next to the usual PEM and DER format of certificates the import and export of PKCS#12 (aka *.pfx) files and the Certificate import from PKCS#7 files.
Certificates can be created by self signing it, by signing it by an other (usually CA) certificate or by signing a PKCS#10 request. Netscape SPKAC is supported since version 0.4.6. The validity dates and x509.v3 extensions can be adjusted to fit ones needs. The use of multiple certificates in CA chains is supported and a tree view of the certificates reflects the dependencies. The application takes care to not create duplicate certificates by checking the serial number(s) on import and creation of certificates.
Certificate Templates can be used to preset the input dialog with reasonable values and to simplify the process of creating certificates and requests.
Issued certificates can be revoked and the revokation list can be created and exported. External revokation lists can be imported and examined.
Here are some key features of "xca":
· Uses one local databasefile for all settings, Keys, Requests and Certificates. IMHO it is an advantage and not a disadvantage
· transactions, recovery and db-exceptions are used to keep it consistent.
· import and export of PEM, DER, PKCS#8 private and public RSA keys.
· Key generation with variable length
· Keys are 3-DES encrypted in database
· PKCS#10 Requests
· import and export of Requests.
· Request generation.
· X509 Certificates
· Generation of self signed and foreign signed Certificates.
· Tree view of Certificate chains.
· All x509 v3 extensions are implemented.
· Certificate dependend autoincrementing serialnumbers.
· Pre setting of the signing serial number.
· Shows Subject, Issuer, Serial, Dates, V3 extensions, SHA1 and MD5 fingerprints.
· CRL export for CA certificates.
· generate request from certificate.
· import and export in DER, PEM and PKCS#12 format.
· several export formats containing certificate chains or not.
· Signing and encryption of files added, they are written in PEM PKCS#7 format
· Export to TinyCA or "openssl ca" filestructure
· Certificates in tree view or in plain view
· Sorting of certificates by date or serial
· All known X.509 name-entry OIDs can be used in the distinguished name
· The hash algorithm for signing is selectable
· Generation of predefined CA, Client and Server Templates.
· Certificates and Requests can use the Templates
· Revokation lists
· Import, export, detailed view and creation of CRLs
What's New in This Release:
· Break endless loop in chain building. Bug [ 1696878 ]
What's New in This Release: [ read full changelog ]
· This version adds search functionality for PKCS#11 libraries, allows display of x509v3 extensions as columns in the certificate and request list, and supports exporting of requests and certificates as openssl config files.
· It also fixes some bugs.