This application is intended for creating and managing X.509 certificates, certificate requests, RSA, DSA and EC private keys, Smartcards and CRLs.
Everything that is needed for a CA is implemented.
All CAs can sign sub-CAs recursively. These certificate chains are shown clearly.
For an easy company-wide use there are customiseable templates that can be used for certificate or request generation.
All cryptographic data is stored in a SQL database. Supported are
- SQLite (Single file)
- MySQL (MariaDB)
- PostgreSQL
- Microsoft SQL-Server (via ODBC)
If you want to link to XCA, please use
Please use GitHub issues for bugs and questions.
Features
- Start your own PKI and create all kinds of private keys, certificates, requests or CRLs
- Import and export them in any format like PEM, DER, PKCS#7, PKCS#12
- Use them for your IPsec, OpenVPN, TLS or any other certificate based setup
- Manage your Smart-Cards via PKCS#11 interface
- Export certificates and requests as OpenSSL config file
- Create Subject- and/or Extension- templates to ease issuing similar certs
- Convert existing certificates or requests to templates
- Get the broad support of x509v3 extensions as flexible as OpenSSL but user friendlier
- Adapt the columns to have your important information at a glance
Standards
- PKCS#1 unencrypted RSA key storage format.
- PKCS#7 Collection of public certificates.
- PKCS#8 Encrypted private key format for RSA DSA EC keys.
- PKCS#10 Certificate signing request.
- PKCS#11 Security token / Smart card / HSM access.
- PKCS#12 Certificate, Private key and probably a CA chain.
File formats
- DER Distinguished Encoding Rules - Binary format
- PEM Privacy Enhanced Mail - Text format
- SSH2 Public key
Usability
- Templates for common subjects and extensions.
- All subject entries, x509v3 extensions, and other properties can be displayed in separate columns.
- Customizable subject entries
- Drag & Drop support
- Many certificate setting sanity checks
- Easy association and transformation between keys, certificates and requests