What's new in XCA 2.2.1
Jan 31, 2020
- Close #159 Opening existing database
New in XCA 2.2.0 (Jan 30, 2020)
- Switch to MSI installer
- Close #129 Unattended Installation
- Rename HTTPS templates to TLS and support KU/EKU extensions needed by OpenVPN
- Close #93 Default output folder / Improve Portable App usability
- Improve EC Curve selection for key generation.
- Close #21 Support for ODBC (MSSQL)
- Close #136 Provide 64bit version of xca
- Close #156 secp256k1, secp256r1 and NIST-P256
- Transfer Key Usage and Extended Key Usage critical flags
- Improve item loading. Inspired by #153
- Add japanese translation
- Close #138: Portable Version does not remember paths
- Close #83: Token selection should not insist on name or serial of the token
- Close #95: Copy mysql and psql windows dll files into portable app
- Close #144: Database export has issues with wildcards in internal names
- Close #143: Hotkey for import
- Close #140: Certificate renewal with option to preserved serial number
- Fix possible XCA crash
- Add Dutch translation
- Add Chinese translation
- Add Italian language
- CLose #120: Mark signed a request doesn't work
- Close #119: Rename "PostgreSQL 6 and 7" to just "PostgreSQL"
- Close #116: Duplicate extensions erroneously shown
- Close #114: SAN - IPv6 address input not working
- Close #68 Generating large DH params freezes UI
- Support concurrent database access.
- Close #91: Change order of "PKCS#11 provider"
- Extend PEM files by human readable information about the item
- Support ecdsa SSH public keys
- Close #98 Add comment at import/export RSA keys from/to SSH public key
- Close #101: Finish Rename with Enter shows Property Dialog
- Close #104: Also show sha256 digests of public keys
- Close #82: Renew CA ROOT Cert
- Verify imported keys thoroughly
New in XCA 2.1.2 (Jan 30, 2020)
- Close #40 macOS: Crash after xca v2.0.1 quit
- Close #37: XCA 2: EVP_DecryptFinal_ex:bad decrypt
- Close #74: Exiting XCA 2.1.1 corrupts database
- Make PKCS11 libs, working dir and main-window size host-dependent
- Support for XCA as portable App
- Close #69 Library not loaded: @rpath/ contains local directory
- Close #60: Fix MacOSX 2.1.1 binary
- Add new maintained languages: Polish, Spanish, Portuguese
New in XCA 2.1.1 (Jan 30, 2020)
- Allow manual override of the CSR signed flag
- Close #56: Duplicate Serials after Upgrade 2.1.0
- Close #57: SAN IP not working in 2.1.0
- Close #55: Calculate "CSR signed" information from legacy database
- Close #55: Add Certificate counter column for CSR
- Fix slovak translation
- Close #50: Hang while importing 1.4.1 database into 2.1.0
New in XCA 2.1.0 (Jul 26, 2018)
- Close #48: The SKI tickbox isn't generating an SKI extension for CSRs
- Fix translation of dates
- Add private key icon to the key name
- Inspired by #42: display dates relative (seconds ago, yesterday, ...) while column ordering is still strict by age. The ToolTip shows date and time.
- Related to #39: Dynamically adjust explicit DN entries
- Close #39: Subject entries shuffled
- Close #36: Support adding CN to X509v3 SAN automatically
- Close #35: Configurable size of serial number.
- Close #34: Improve Mac OSX installation
- Close #27: Configurable certificate expiry warning threshold
- Generate calender (.ics) files for certificate and CRL expiries
New in XCA 2.0.0 (Apr 30, 2018)
- Open database before starting a transaction
- Fix default hash during startup
- Fix Importing PKCS#12 and PKCS#7 files
- Improve automatic setting of the certificate internal name
- Don't use remote DB descriptor as local database filename proposal
- Usability: Preset remote database input values with previous ones
- Add another missing windows postgres library
- Accept drivers that don't support transactions
- Install MySQL and PostgreSQL drivers on windows
- Closes #10: Warn if certificate without any extension is created
- Add table prefix to be prepended to each table for remote SQL DB
- Update translations
- Fix installation of sql plugins in the Windows installer
- Fix opening, importing and dropping databases
- Fix crash during PKCS#12 export
- Update HTTPS_server template and add example SAN
- Acceppt empty password for private key decryption
- Fix legacy database-without-password import
- Close GitHub Bug #5: Exporting a private key results in too-permissive permissions
- Close GitHub Bug #4: Workaround QT bug of editing in QDateTimeEdit
- Fix display of dates in the Certificate details (local time displayed a GMT)
- The internal name is not neccessarily unique anymore and can be edited in the details dialog as well as the comment.
- CSR signing is now statically stored in the database and the comment of the issued certificate.
- Private keys in the database are PKCS#8 encrypted and can be exported and decrypted without XCA.
- No more incrementing serials. Only unique random serial numbers.
- "xca_db_stat" application removed. Use the SQLite3 browser "sqlitebrowser".
- "xca extract" functionality removed. SQL views may be used instead.
- Each item may be commented. XCA itself comments important events in the item.
- Each item knows its time and origin of appearance.
- Change database format to SQL(ite) and support MySQL and PostgreSQL.
New in XCA 1.4.0 (Feb 27, 2018)
- Update OpenSSL version for MacOSX and W32 to 1.1.0g
- Change default hash to SHA-256 and add a warning if the default hash algorithm is SHA1 or less
- Switch to Qt5 for Windows build and installation
- Do not apply the default template when creating a similar cert
- Close SF #120 Crash when importing CA certificate
- Close SF #116 db_x509.cpp:521: Mismatching allocation and deallocation
- Add support for OpenSSL 1.1 (by Patrick Monnerat)
- Support generating an OpenSSL "index.txt" (by Adam Dawidowski)
- Thales nCipher key generation changes for EC and DSA keys
- Add Slovak translation
New in XCA 1.3.1 (Aug 21, 2015)
- Fix endless loop while searching for a signer of a CRL (XCA does not respond)
New in XCA 1.3.0 (Aug 16, 2015)
- Update to OpenSSL 1.0.2d for Windows and MAC
- SF Bug #105 1.2.0 OS X Retina Display Support
- Digitaly sign Windows and MAC binaries with a valid certificate
- Refactor the context menu. Exporting many selected items to the clipboard or a PEM file now works. Certificate renewal and revocation may now be performed on a batch of certificates.
- Feat. Reg. #83 Option to revoke old certificate when renewing
- Refactor revocation handling. All revocation information is stored with the CA and may be modified. Revoked certificates may now be deleted from the database
- Support nameConstraints, policyMappings, InhibitAnyPolicy, PolicyConstraint and (OSCP)noCheck when transforming certificates to templates or OpenSSL configs
- Fix SF Bug #104 Export to template introduces spaces
- Add option for disabling legacy Netscape extensions
- Support exporting SSH2 public key to the clipboard
- SF Bug #102 Weak entropy source used for key generation: Use /dev/random, mouse/kbd entropy, token RNG
- SF Feat. Req. #80 Create new certificate, based on existing certificate, same for requests
- Add Cert/Req Column for Signature Algorithm
- SF Feat. Req. #81 Show key size in New Certificate dialog
- Distinguish export from transform:
- Export writes to an external file
- Transform generates another XCA item
New in XCA 1.1.0 (Nov 24, 2014)
- SF Bug #79 Template export from WinXP cannot be imported in Linux and Mac OS X
- Support for Brainpool windows and MacOSX binaries
- SF Feat. Req. #70 ability to search certificates
- SF Feat. Req. #75 show SHA-256 digest
- RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate
- Database hardening
- Delete invalid items (on demand)
- Be more tolerant against database errors
- Gracefully handle and repair corrupt databases
- Add "xca_db_stat(.exe)" binary to all installations
- Translation updates
- Optionally allow hash algos not supported by the token
- Select whether to translate established x509 terms
- Finish Token EC and DSA support - generate, import, export, sign
- SF Feat. Req. #57 More options for Distinguished Name
- Switch to autoconf for the configure script
- SF Feature Req. #76 Export private keys to clipboard
- EC Keys: show Curve name in table
- Support EC key generation on PKCS#11 token
- PKCS#11: Make EC and RSA signatures work
- PKCS#11: Fix reading EC keys from card
- SF Bug #82 Certificate Creation out of Spec
- SF Bug #95 XCA 1.0 only runs in French on a UK English Mac
New in XCA 1.0 (Oct 24, 2014)
- SF Bug #89 Validating CRL distribution point results in error
- SF Feature Req. #69 Create "Recent databases..." file menu item
- SF Bug #75 authorityInfoAccess set error
- SF Bug #88 Minor spelling error
- SF Bug #87 Unable to set default key length The Key generation dialog now allows to remember the current settings
- Do not interpret HTML tags in message boxes
- Overwite extensions from the PKCS#10 request by local extensions
- This avoids duplication errors and allows to overwrite some extensions from the request
- SF Bug #78 replace path separators in export filenames
- SF Feature Req. #71 Add KDC Authentication OIDs to default files
- SF Bug #82 Certificate Creation out of Spec
- Add Croatian translation
- SF Bug #83 Inappropriate gcc argument order in configure script
New in XCA 0.9.1 (Nov 8, 2011)
- Close bug [ 3372449 ] All numeric names cannot be used
- add search functionality for PKCS#11 libraries
- fix ASN.1 encoding of PKCS#10 request
- Close bug [ 3318203 ] Build failure with GNU gold linker
- Add x509v3 extensions to the list of selectable columns
- Close bug [ 3314262 ] Incorrect "Path length" template parameter handling
- Close bug [ 3314263 ] Unrevoking a certificate does not make it "Trusted"
- Feature Request [3286442] Make success/import messges optional
- improve Password entry
- Improve SPKAC import
- add french translation by Patrick Monnerat
- Export requests or certificates as openssl config file
- Support building with EC disabled
- Close bug [3091576] Private key export is always PKCS#8 encoded
- Feature Request [3058196] Autoload database
- Feature Request [3058195] Export directly to the clipboard
- Close bug [3062711] Additional OIDs
- Close bug [3062708] Invalid user configuration file path name
- Fix PKCS#11 library handling
New in XCA 0.8.1 (Mar 8, 2010)
- Fix string conversion from QString to ASN1.
New in XCA 0.7.0 (Nov 12, 2009)
- support modifying the CSR subject during signing
- update key images
- fix date settings in Certificate renewal dialog
- fix certificate request verification
- check for duplicate x509 v3 extensions Bug [ 1881482 ] and [ 1998815 ]
- make sha1 the default hash to avoid problems with other software Bug [ 1751397 ]
- add validation button to see all extensions before creating the cert
- change the hashing for the default password. this makes it incompatible to older versions
- Major changes for MAC OS X
- extend template format for nconf settings
- add nconf input field for arbitrary OpenSSL extensions and a "validate" button to check the settings before applying
- fix xca.desktop Bug [ 1837956 ]
- fix item-export error handling
- add PEM paste import feature
- extend PEM import to import all items from a PEM file