Certificate signing requests are described in PKCS#10 standard. They are used to supply a Certification Authority with the needed information to issue a valid certificate without knowing the private key. This includes personal information, the public key and additional extensions.
It is not necessary to generate a request prior to signing it by your CA or before self-signing it. Simply start generating the certificate directly. People using the OpenSSL command line tools are used to generate a request with "openssl req -new ..." and then signing it . This is not necessary with XCA.
Tracking signed CSR with XCA can be done by the Signed and Certificate count columns of the certificate signing request tab. The Signed column is an information stored in the database whenever a CSR was used used issue a certificate. Also an automatic comment is left in the comment of the CSR. It does not depend on the certificate remaining in XCA. The Certificate count column displays the number of certificates with the same public key.
After clicking on the New Request
button the Certificate dialog will be started to ask
all needed information for generating a new Request. See:
The Certificate input dialog
The request generation can also be invoked by the context menu of a certificate (Transform->Request). This menu point is only available if the private key of the certificate is available. In this case all needed data is copied from the certificate and the Certificate dialog is not invoked.
Requests can be exported by the context-menu or by the button on the right.
A request transformation creates a new database entry based on the selected request
All information contained in the request are shown. If the key-store contains
the private key corresponding to the request the keys internal name is shown
in the Key
field.