xca Activity
Brought to you by:
chris2511
Activity for xca
-
Sourceforger created ticket #104
XCA support for RSASSA-PSS p1v2.1 (rfc 4056) certificate chain?
-
Krzysztof created ticket #103
MacOSX can't select pkcs11 driver from /applications directory.
-
Christian Hohnstaedt modified ticket #126
open recent does not work on MacOSX
-
Please post this issue on github. Otherwise I may forget about it again...
-
Simon posted a comment on ticket #126
Same Problem @XCA 2.3.0 MacOS 10.15.4
-
Daniel created ticket #126
open recent does not work on MacOSX
-
What operating system do you use and what version of XCA? Please check whether the PKCS#11 library has the same bitwitdh as XCA (usually 64bit) If you hover over the lib with the cross, it should pop-up an error. I used the yubikey4 some time before (and there is still a bug pending), but basically it should work, Please switch to the github repository, where current xca development happens. https://github.com/chris2511/xca
-
Remy Drijkoningen posted a comment on discussion Help
Hi, i'm fairly new to this but yubikey have become so cheap i would like to use it to generate and protect the keys of our Issuing CA. I bought the yubikey 5 which comes with their own PKCS#11 module libykcs11, but when I want to add it in XCA it shows it with a cross :( Then I tried with OpenSC PKCS#11 module, that one shows a green mark in XCA but fails to initialize anything. Has anyone tried or succeeded to use a yubikey through XCA? How? With what module? Did you have to initialize some stuff...
-
LarryTX posted a comment on discussion Help
I' wondering? Every commment in this thread deals beautifully with how to set up xca for the Linux environment. Does that mean that it will not work on the Windows 10 environment. I have an installation of PostgreSQL 12 that is working beautifully. Unfortunately, the xca interface only allows me to choose an ancient, antiquate MySQL database or an ancient, antiquated PostgreSQL database, both of which are so antiquated that I would never allow them to be installed on my network for security reasons...
-
digital-junkie created ticket #17
Unrecognized Databases
-
Hi, this is still unexpected behaviour for me. XCA does not protect the private key of a CA certificate from unintentional deleting. In my opinion XCA should complete refuse deleting a private key of an existing CA certificate. There should only be the way of deleting the certificate on the certificates tab (where I can see what depends on this certificate) and then deleting the private key in a second try. Perhaps you could add this functionality to XCA? Thank you very much.
-
ltdeta created ticket #16
portable version "Recent Databases" not working
-
njwinter created ticket #102
Sign with Developer AppleID so xca can run under Gatekeeper
-
Jean-Marc created ticket #101
Certificate template - do not replace some fields
-
Ralf Hauser posted a comment on ticket #97
see also https://github.com/chris2511/xca/issues/104
-
Hi Christian, Great that one can work also on the public key without the certificate extra data. I would need the SHA256 fingerprint of the public key. How can I see that with xca ?
-
Yes, spaces every 4 characters instead of the colons every 2 would be a great display alternative
-
Hello, I intend to sign lots of CSR. I need them to look all similar, except the commonName attribute. That means that I want to replace organization, country, organizationalunits, ... by standardized ones if they come different in the CSR. So I have created a certificate template, filled in all that stuff, except the commonName since I want it be imported from the CSR. Unfortunately when I apply the template at signing time, all the fields are well replaced, but the commonName is also replaced by...
-
lhaeger posted a comment on ticket #15
Moved this issue to Github as that seems to be the place for bug tracking nowadays... --> https://github.com/chris2511/xca/issues/94
-
Compiling v2.1.2 under macOS Mojave fails not finding libtool
-
The database itself as a whole is unencrypted. The private keys however are AES encrypted by the database password, or by a unique password for each key. (context menu "Change password")
-
Justin Farmer posted a comment on discussion Help
Thanks. As a quick follow up. How is the local database itself secured\encyrpted?
-
The database is exchangeble between any host, operating system and currently any 2.x version of XCA. Just put the USB drive into any Linux/BSD/Windows/Mac host you trust and open the database.
-
I am relatively new to PKI, but am wanting to setup an infrastructure for my company. I am considering using XCA to create an offline root CA, and then ADCS for the sub issuing CAs. My question is does the XCA database always need to be opened on the same computer\hardware? For example, could I put the XCA database on an encrypted USB and then open it from any machine with XCA installed to issue CRLs and certs to the sub CAs. Thanks,
-
Dehumanizer posted a comment on discussion Help
Ah, thank you very much, that was it, I didn't notice it's linked against qt4 and I was installing libraries for qt5 ;-)
-
The Qt SQL drivers are plugins and loaded during runtime. No recompile necessary. Probably XCA links against Qt4. Then you need to install "libqt4-sql-mysql". If Qt5 and Qt4 development headers and libraries exist, XCA prefers Qt5. Both depend on and should install "libmysqlclient20".
-
Hi, I have just run into the same problem, I have installed libqt5sql5-mysql package but even after rebuild of xca I'm getting 0 available remote db drivers... Any further suggestion please? Thanks. Jan
-
You probably need to install the qt mysql drivers. "apt install libqt5sql5-mysql" Am 19. November 2018 06:59:15 MEZ schrieb Robin Hammond kb3ien@users.sourceforge.net: I keep getting "Available Remote DB Drivers: 0", what configure options are required my mysql? How to Create a Remote PostgreSQL or MySQL Database Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/xca/discussion/209947/ To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/...
-
You probably need to install the Qt5 SQL drivers: "sudo apt install libqt5sql5-mysql"
-
Robin Hammond posted a comment on discussion Help
I keep getting "Available Remote DB Drivers: 0", what configure options are required my mysql?
-
Staj created ticket #100
CT Precertificate SCTs
-
Why is this by design? This causes numerous problem if your PKCS11 lib is lightweight and doesn't support the full suite of card management features.
-
Arcenas090 created ticket #99
Windows Surface RT Compatible Or Android Version
-
xbmcfan posted a comment on discussion Help
Thank you!
-
xca released /xca/2.0.0/available-on-github
-
-
Duplicate of github issue #57 and fixed for 2.1.1 https://github.com/chris2511/xca/issues/57
-
Gilad Hinberger modified a comment on discussion Help
Hi, When adding the Subject Alternative Name IP, the IP address just disapear when you move to the next field...
-
Hi, When adding the Subject Alternative Name IP, the IP addresses just disapear when you move to the next field...
-
https://hohnstaedt.de/xca/index.php/documentation/remote-databases
-
Basically you just need to create an empty database and a database-user that is allowed to access it. Google is of great help here :-) I will document it on the XCA homepage, soon.
-
I don't see this topic in the manual and haven't found it in searches on this forum. Are the steps to create a remote PostgreSQL or MySQL database documented somehwere? I'm interested in this option for multi-user access. Thanks in advance for any assistance!
-
Fixed as github ticket: https://github.com/chris2511/xca/issues/45
-
You could import the VMCA and issue a "Similar certificate" from the "context menu -> Transform." You must generate a new key or import the VMCA private key. After that all certificates issued by the VMCA must be replaced by certificates issue by your CA. I propose to import the issued certificates and re-issue them again by "Transform -> similar certificate", this time only replacing the issuing VMCA by your CA. And finally the VMCA root certificate must be added to all browsers and other clients,...
-
show key length in certificate "Details" view
-
Baljit Basra posted a comment on discussion Help
Hi, Using XCA, does anyone know If I can create a Subordinate Certificate Authority Certificate to replace the VMWare VMCA root certificate? If so, how? Many thanks in advance.
-
Adam Reece created ticket #125
XCA appears to not open at all if there is an entry in dbhistory it can't find
-
XCA 2.0.0 released on GitHub
-
Revoked.png isn't a valid image
-
Removed in XCA 1.4.1 commit 0ba41583fb4bfd14c1d46113d737fb2e214d3fe1 Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Sat Jan 6 14:49:09 2018 +0100 SF Bug #109 Revoked.png isn't a valid image It was unused and did not harm. No functional/optical impact. Delete image and all ist references
-
Exported private key from 4096 bit SSH key is wrong
-
Fixed in XCA 1.4.1 with: commit eaabb2a28dc809149588e2eb34af4995d8355722 Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Sat Jan 6 21:18:31 2018 +0100 SF Bug #110 Exported private key from 4096 bit SSH key is wrong Actually, it just differs. It is PKCS#8 instead of PKCS#1
-
CA serial number is ignored in hierarchical view
-
XCA 1.4.1 will not put the CA serial and issuer into issued certificates AuthKeyID anymore commit e3c9d7bff84f54f9a2cccd96804a9964419439b7 Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Sat Jan 6 13:00:08 2018 +0100 SF Bug #121 CA serial number is ignored in hierarchical view Remove Serial number from "Authority Key Identifier"
-
1.4.0 Cannot open DB
-
Fixed in XCA 1.4.1 with commit 365507b36e0633a6f978e632f97a0cdaca6b4dde Author: Christian Hohnstaedt christian@hohnstaedt.de Date: Thu Mar 1 22:06:23 2018 +0100 SF Bug #122 isValid() tried to convert the serial to 64 bit With OpenSSL 1.1.0 this results in an error message if the serial was too long. With OpenSSL 1.0.x it didn't.
-
Wrong assumptions about slots returned by PKCS11 library
-
Integrated into XCA 1.4.1 commit b0d131e79a060c89a9d7e3ade020caf7bd67bd8b Author: Dancho Penev dpslavov@users.sourceforge.net Date: Wed Feb 7 11:04:32 2018 +0100 SF bug #124 Wrong assumptions about slots returned by PKCS11 library When using PKCS11 library to manage smart cards the code assumes that all slots returned by the library call are not empty. In some cases Gemalto's library returns list of slots in which the first one is empty and the second one is occupied by the smart card, this causes...
-
-
-
-
-
-
-
-
-
-
-
-
Hello Christian, thanks for your quick anwer! I checked this and your steps are correct. My wish is, that I could quick verfiy if an certificate has been renewed with the same private key and CSR that the Public Key matches. Actually I can only see, if the private key is the same, but when someone used a new CSR the public key will not match and XCA wont show me this before I would delete the private key and transform a public key from the certificate? I didnt find a way to display which CSR has...
-
-
Certificates and requests allow to "Transform->public key" in the comtext menu (I wanted to link to the documentation, but this is poorly documented. Will fix it) "Transform->public key" Will take the public key and create a new item in the "Private Keys" tab. If the option is greyed out then there is already a matching key in the "Private keys" tab. And the keys (public (transformed from the CSR or certificate) as well as private) allow to "Export -> Clipboard or File" and select "PEM public" Which...
-
Thumbprint Publickey
-
tiker posted a comment on ticket #122
Or maybe it has changed a bit..? I'll have to do more testing with this and 1.4.0.
-
No changes in the error message for me with the 1.4.1pre01 version. The following error occurred: (pki_x509:) error:0D0E00DF:asn1 encoding routines:asn1_get_int64:too large error:0D0E00DF:asn1 encoding routines:asn1_get_int64:too large error:0D0E00DF:asn1 encoding routines:asn1_get_int64:too large error:0D0E00DF:asn1 encoding routines:asn1_get_int64:too large error:0D0E00DF:asn1 encoding routines:asn1_get_int64:too large error:0D0E00DF:asn1 encoding routines:asn1_get_int64:too large error:0D0E00DF:asn1...
-
Hello, Same message : 1.4.1-pre01 L'erreur suivante s'est produite: (pki_x509:) error:0D0E10DF:asn1 encoding routines:asn1_get_uint64:too large (pki_x509.cpp:60) 1.4.0 L'erreur suivante s'est produite: (pki_x509:) error:0D0E10DF:asn1 encoding routines:asn1_get_uint64:too large (pki_x509.cpp:60) De : Christian Hohnstaedt [mailto:chris2511@users.sourceforge.net] Envoyé : dimanche 18 février 2018 11:14 À : [xca:bugs] 122@bugs.xca.p.re.sf.net Objet : [xca:bugs] #122 1.4.0 Cannot open DB Hello, i created...
-
Hello, i created a 1.4.1-pre01 version downloadable at https://hohnstaedt.de/downloads/ It should give better error location information. Please test it and report any error message. Thank you.
-
Is there any known issue with the ocsp option in xca? XCA uses the OpenSSL mechanisms to add the entry, so I don't think there is anything XCA can do differently. Did you try an other browser? They (IE, FF, Chrome) are known to behave differently.
-
Andreas modified a comment on a wiki page
Hi, in the moment I'm trying to create a certificate with ocsp validation. I create a CA and a webserver-certificate an provide the adress of my ocsp instance. I also enable the option "ocsp signing" as an extended key usage. When I open the URL of my webserver (https) I expect, that firefox will create an ocsp request to validate my certificate. But nothing happens. The borwser opens the https conection and shows the correct website. When I open the certificate from the browser, I see that it contains...
-
Hi, in the moment I'm trying to create a certificate with ocsp validation. I create a CA and a webserver-certificate an provide the adress of my ocsp instance. I also enable the option "ocsp signing" as an extended key usage. When I open the URL of my webserver (https) I expect, that firefox will create an ocsp request to validate my certificate. But nothing happens. The borwser opens the https conection and shows the correct website. When I open the certificate from the browser, I see that it contains...
-
Re-creating this problem in a new file is a bit of a challange. Here's what I've tried so far in case it helps without a sample file. Using version 1.3.2 I've tried creating a new XDB file, creating test CAs, CSRs, etc. with no luck in reproducing the error. I've tried importing all sorts of certificates from various locations and sources with no luck. If I copy the entire list of certificates from my normal XDB file to the clipboard (Export/Clipboard) and then import it to a new XDB file (Paste...
-
I'm getting the same error on Windows 7, opening a DB created with the previous version of XCA with a file size of 113kb. I'll try to create a dummy DB for you shortly.
-
Not related to size; I could reproduce the problem with only one certificate, its private key and its authority certificate. I cannot send it since it contains sensible data. Doing some more tests.
-
Dancho Penev created ticket #124
Wrong assumptions about slots returned by PKCS11 library
-
Harald Dunkel posted a comment on ticket #122
I am affected, too.
-
Ryan posted a comment on ticket #122
Also experiencing this issue. I am uncertain if it is related, but I have a large database - approximately 1MB.
-
Duplicate of Bug #122
-
Error when opening database from v1.3.4
1 >