xca 0.5.1 review

by rbytes.net on

This application is a graphical user interface to OpenSSL, RSA public keys, certificates, signing requests and revokation lists. T

License: BSD License
File size: 0K
Developer: Christian Hohnstaedt
0 stars award from rbytes.net

This application is a graphical user interface to OpenSSL, RSA public keys, certificates, signing requests and revokation lists.

The keys do have an internal counter, counting its use to avoid a duplicate use of a key for creating a certificate or request. The Keys are encrypted in the database file.

Xca supports next to the usual PEM and DER format of certificates the import and export of PKCS#12 (aka *.pfx) files and the Certificate import from PKCS#7 files.

Certificates can be created by self signing it, by signing it by an other (usually CA) certificate or by signing a PKCS#10 request. Netscape SPKAC is supported since version 0.4.6. The validity dates and x509.v3 extensions can be adjusted to fit ones needs. The use of multiple certificates in CA chains is supported and a tree view of the certificates reflects the dependencies. The application takes care to not create duplicate certificates by checking the serial number(s) on import and creation of certificates.

Certificate Templates can be used to preset the input dialog with reasonable values and to simplify the process of creating certificates and requests.

Issued certificates can be revoked and the revokation list can be created and exported. External revokation lists can be imported and examined.

Here are some key features of "xca":
Uses one local databasefile for all settings, Keys, Requests and Certificates. IMHO it is an advantage and not a disadvantage
transactions, recovery and db-exceptions are used to keep it consistent.
import and export of PEM, DER, PKCS#8 private and public RSA keys.
Key generation with variable length
Keys are 3-DES encrypted in database
PKCS#10 Requests
import and export of Requests.
Request generation.
X509 Certificates
Generation of self signed and foreign signed Certificates.
Tree view of Certificate chains.
All x509 v3 extensions are implemented.
Certificate dependend autoincrementing serialnumbers.
Pre setting of the signing serial number.
Shows Subject, Issuer, Serial, Dates, V3 extensions, SHA1 and MD5 fingerprints.
CRL export for CA certificates.
generate request from certificate.
import and export in DER, PEM and PKCS#12 format.
several export formats containing certificate chains or not.
Signing and encryption of files added, they are written in PEM PKCS#7 format
Export to TinyCA or "openssl ca" filestructure
Certificates in tree view or in plain view
Sorting of certificates by date or serial
All known X.509 name-entry OIDs can be used in the distinguished name
The hash algorithm for signing is selectable
Generation of predefined CA, Client and Server Templates.
Certificates and Requests can use the Templates
Revokation lists
Import, export, detailed view and creation of CRLs

What's New in This Release:
support for different languages on WIN platform (Thanks Ilya)
better installation and deinstallation on WIN platform
documentation updated

xca 0.5.1 search tags