WebCert Changelog

New in version 1.7.6

May 11th, 2013
  • WebCert is now UTF-8 clean and can handle international characters.
  • Certificates in Japanese are now looking great.
  • Specific start and end dates allow the creation of certs with a lifetime of minutes, or certs with future dates.
  • SubjectAltName extensions expanded from two to four.
  • Display functions were overhauled: text and PEM format is shown on a single page.
  • Validation of remote servers can now display the remotely received certificate chains, i.e. the intermediate and root certificates.
  • HTML code validates as "XHTML v1.0 transitional".

New in version 1.7.5 (October 9th, 2012)

  • The new certificate validation function "certvalidate.cgi" allows the analysis of the signing certificate chain, both for a local certificate or for a remote server.
  • The implementation of SubjectAltNames now allows the creation of multi-purpose certificates.
  • The obsolete "Netscape Comment" extension for server certificates has been removed.
  • Submitted certificate requests are now signed including their requested extensions.
  • Since version 1.7.4, WebCert's version control has moved to Github.

New in version 1.7.3 (November 10th, 2010)

  • Implementation of "Extended Key Usage" parameter to allow the creation of certificates that require it. I needed it to generate certificates for Microsoft Windows to enable the active directory LDAPS function by adding the "SSL/TLS Web Server Authentication" extended key usage. At this time, only the extension values below have been implemented:
  • serverAuth SSL/TLS Web Server Authentication OID=1.3.6.1.5.5.7.3.1 clientAuth SSL/TLS Web Client Authentication OID=1.3.6.1.5.5.7.3.2 codeSigning Code signing OID=1.3.6.1.5.5.7.3.3 emailProtection E-mail Protection (S/MIME) OID=1.3.6.1.5.5.7.3.4 timeStamping Trusted Timestamping OID=1.3.6.1.5.5.7.3.8 ocspSigning Online Cert Status Protocol sign OID=1.3.6.1.5.5.7.3.9
  • The OID's 1.3.6.1.5.5.7.3.5-7 belong to id-kp-ipsecEndSystem, id-kp-ipsecTunnel and id-kp-ipsecUser and are reported to be obsolete as per RFC 4945 § 5.1.3.12 section title "ExtendedKeyUsag".
  • Regardless what the certificate request contains, the extended key usage must be always explicitly set at the request verification screen to be included in the certificate. Even if a externally generated request did not add this attribute, it can be set additionally with WebCert.