Next Previous Contents

7. Certificates

All Certificates from the database are displayed in a tree view reflecting the chain dependencies. If there is a CA certificate and several client certificates signed by this CA, the client certificates can be shown by clicking on the plus sign of the CA certificate.

7.1 CA certificates

XCA recognizes your CA certificates if the CA flag in the Basic Constraints is set to true and if there is a corresponding private key. In this case the CA submenu in the context-menu is enabled.

For building the chains the CA flag is disregarded instead it consideres the issuer name and the signature to decide which certificate is the issuer.

7.2 Generating certificates

After clicking on the New Certificate button the Certificate Wizard will be started to ask all needed information for generating a new Certificate. See: Wizard Certificate creation can also be invoked by the context menu of the certificate list background or by the context menu of the request. In this case the Wizard is preset with the Request to be signed.

If in the certificate list a CA certificate is selected, this certificate is preselected as signer certificate on the second page of the Wizard.

7.3 Certificate details

The signer is the internal name of the issuers certificate, SELF SIGNED if it is self signed or SIGNER UNKNOWN if the issuers certificate is not available. The validity is set to valid if the certificate dates are valid or to Not valid if the are not, regarding to the internal time and date of the OS.

If the certificate was revoked, the revocation date is shown instead.

7.4 Certificate trustment

The certificate trustment can be changed by the context menu of the certificate. It can be set to:

7.5 Certificate export

The filename can be selected in the export dialog and the Export format:

The PKCS#12 structures will be encrypted by the password you are asked for later.

7.6 Certificate revokation

Certificates only can be revoked, if the private key of the issuers certificate is available. The certificate will marked as revoked and the revokation date will be stored with the certificate.

7.7 Certificate renewal

Certificates only can be renewed, if the private key of the issuers certificate is available. Renewal is done by creating a new certificate as a copy of the original one with just adjusted validity dates.

7.8 PKCS#7

PKCS#7 structures can be created by the context menu of the signing certificate. The PKCS#7 structure can be either signed or encrypted. Therefore it will prompt for a file to be either signed or encrypted. The resulting file has the original filename with ".p7s" suffix.

7.9 CA special functions

The context menu of CA certificates does contain the CA submenu. that makes the following functions available:


Next Previous Contents