The Wizard is the central part for collecting all data regarding Certificates, Requests and Templates. It will be invoked whenever such an item is going to be created or, in case of a Template, is altered.
On this page the template to be used can be selected. All following pages will be
preset to the appropriate values of the selected template. If you don't want to
use a template just select the Empty Template
.
If the checkbox labeled: Change the default extensions of the template
is checked the Wizard will show 3 more pages containing all certificate extensions.
The lazy people leave this checkbox unchecked.
For generating Certificates there is a drop-down list of all Requests that are available. If you don't want to sign a request but generate a certificate from scratch or template, uncheck the checkbox to the left of the request list. Also only for creating certificates the signer of the new certificate can be selected wether it shall become a self-signed certificate or get signed by one of the CA certificates in the drop-down list.
This page is not shown when creating or changing templates.
On this Page all personal data like country, name and Email address
can be filled in. Only the Internal name
is mandatory.
The Country code
field must either be empty or exactly contain
two letters representing your country code; e.g. DE for Germany.
If you want to create an SSL-server certificate the Common name
must contain the DNS name of the server.
Other rarely used name-entries
can be selected in the dialog
below. Only such items are recognized that were added using the add
button. All items can be added more tha once, even those from above.
This is not very usual but allowed.
Keys can be generated here on the fly by pressing the button. If there is no usable key and you need one, the key generation process will be invoked automatically. The newly generated key will be stored in the database and stay there, even if you cancel the Wizard later. The drop-down list of the keys does only contain keys that were not used by any other certificate or request. The keylist is not available for creating or changing templates.
This page does not appear when signing a request, because the request does contain all needed data from this page.
The following 3 pages do contain all fields for adjusting the certificate extensions.
It is not in the focus of this document to explain them in detail.
The most important are the Basic Constraints
and the Validity
range.
For more information consult the documents in otherdoc . Especially if you don't know what this is all about consider not to create any certificates before reading those documents.
If the CA
flag is set to true the certificate is recognized by XCA and other
instances as issuer for other certificates. Server-certificates or E-Mail certificates
must have set this flag to false
The not Before field is set to the current date and time of the operating system and the not After field is set to the current date and time plus the specified time range.
For templates not the specified times are saved, because it does not make very much sense. Rather the time range is stored and automatically applied when selecting this template. Applying the timerange means to set notBefore to "now" and notAfter to "now + time-range"