XCA is a graphical user interface to OpenSSL, certificates, RSA/DSA public keys, signing requests and revocation lists.

XCA supports next to the usual PEM and DER format of certificates the import and export of PKCS#12 (aka *.pfx) files and the Certificate import from PKCS#7 files.

Certificates can be created by self signing it, by signing it by an other (usually CA) certificate or by signing a PKCS#10 request. Netscape SPKAC is supported since version 0.4.6.

The validity dates and x509.v3 extensions can be adjusted to fit ones needs. The use of multiple certificates in CA chains is supported and a tree view of the certificates reflects the dependencies.

XCA takes care to not create duplicate certificates by checking the serial number(s) on import and creation of certificates.

Certificate Templates can be used to preset the input dialog with reasonable values and to simplify the process of creating certificates and requests.

Issued certificates can be revoked and the revokation list can be created and exported. External revokation lists can be imported and examined.

Requirements:

￭ QT libraries

What's New in This Release: [ read full changelog ]

· support modifying the CSR subject during signing
· update key images
· fix date settings in Certificate renewal dialog
· fix certificate request verification
· check for duplicate x509 v3 extensions Bug [ 1881482 ] and [ 1998815 ]
· make sha1 the default hash to avoid problems with other software Bug [ 1751397 ]
· add validation button to see all extensions before creating the cert
· change the hashing for the default password. this makes it incompatible to older versions
· Major changes for MAC OS X
· extend template format for nconf settings
· add nconf input field for arbitrary OpenSSL extensions and a "validate" button to check the settings before applying
· fix xca.desktop Bug [ 1837956 ]
· fix item-export error handling
· add PEM paste import feature
· extend PEM import to import all items from a PEM file