New in version 1.7.6
May 11th, 2013
- WebCert is now UTF-8 clean and can handle international characters.
- Certificates in Japanese are now looking great.
- Specific start and end dates allow the creation of certs with a lifetime of minutes, or certs with future dates.
- SubjectAltName extensions expanded from two to four.
- Display functions were overhauled: text and PEM format is shown on a single page.
- Validation of remote servers can now display the remotely received certificate chains, i.e. the intermediate and root certificates.
- HTML code validates as "XHTML v1.0 transitional".
New in version 1.7.5 (October 9th, 2012)
- The new certificate validation function "certvalidate.cgi" allows the analysis of the signing certificate chain, both for a local certificate or for a remote server.
- The implementation of SubjectAltNames now allows the creation of multi-purpose certificates.
- The obsolete "Netscape Comment" extension for server certificates has been removed.
- Submitted certificate requests are now signed including their requested extensions.
- Since version 1.7.4, WebCert's version control has moved to Github.
New in version 1.7.3 (November 10th, 2010)
- Implementation of "Extended Key Usage" parameter to allow the creation of certificates that require it. I needed it to generate certificates for Microsoft Windows to enable the active directory LDAPS function by adding the "SSL/TLS Web Server Authentication" extended key usage. At this time, only the extension values below have been implemented:
- serverAuth SSL/TLS Web Server Authentication OID=184.108.40.206.220.127.116.11.1 clientAuth SSL/TLS Web Client Authentication OID=18.104.22.168.22.214.171.124.2 codeSigning Code signing OID=126.96.36.199.188.8.131.52.3 emailProtection E-mail Protection (S/MIME) OID=184.108.40.206.220.127.116.11.4 timeStamping Trusted Timestamping OID=18.104.22.168.22.214.171.124.8 ocspSigning Online Cert Status Protocol sign OID=126.96.36.199.188.8.131.52.9
- The OID's 184.108.40.206.220.127.116.11.5-7 belong to id-kp-ipsecEndSystem, id-kp-ipsecTunnel and id-kp-ipsecUser and are reported to be obsolete as per RFC 4945 Â§ 18.104.22.168 section title "ExtendedKeyUsag".
- Regardless what the certificate request contains, the extended key usage must be always explicitly set at the request verification screen to be included in the certificate. Even if a externally generated request did not add this attribute, it can be set additionally with WebCert.