May 11th, 2013
· WebCert is now UTF-8 clean and can handle international characters.
· Certificates in Japanese are now looking great.
· Specific start and end dates allow the creation of certs with a lifetime of minutes, or certs with future dates.
· SubjectAltName extensions expanded from two to four.
· Display functions were overhauled: text and PEM format is shown on a single page.
· Validation of remote servers can now display the remotely received certificate chains, i.e. the intermediate and root certificates.
· HTML code validates as "XHTML v1.0 transitional".
October 9th, 2012
· The new certificate validation function "certvalidate.cgi" allows the analysis of the signing certificate chain, both for a local certificate or for a remote server.
· The implementation of SubjectAltNames now allows the creation of multi-purpose certificates.
· The obsolete "Netscape Comment" extension for server certificates has been removed.
· Submitted certificate requests are now signed including their requested extensions.
· Since version 1.7.4, WebCert's version control has moved to Github.
November 10th, 2010Implementation of "Extended Key Usage" parameter to allow the creation of certificates that require it. I needed it to generate certificates for Microsoft Windows to enable the active directory LDAPS function by adding the "SSL/TLS Web Server Authentication" extended key usage. At this time, only the extension values below have been implemented:
· serverAuth SSL/TLS Web Server Authentication OID=220.127.116.11.18.104.22.168.1 clientAuth SSL/TLS Web Client Authentication OID=22.214.171.124.126.96.36.199.2 codeSigning Code signing OID=188.8.131.52.184.108.40.206.3 emailProtection E-mail Protection (S/MIME) OID=220.127.116.11.18.104.22.168.4 timeStamping Trusted Timestamping OID=22.214.171.124.126.96.36.199.8 ocspSigning Online Cert Status Protocol sign OID=188.8.131.52.184.108.40.206.9
· The OID's 220.127.116.11.18.104.22.168.5-7 belong to id-kp-ipsecEndSystem, id-kp-ipsecTunnel and id-kp-ipsecUser and are reported to be obsolete as per RFC 4945 Â§ 22.214.171.124 section title "ExtendedKeyUsag".
· Regardless what the certificate request contains, the extended key usage must be always explicitly set at the request verification screen to be included in the certificate. Even if a externally generated request did not add this attribute, it can be set additionally with WebCert.