I'm pleased to announce the 0.5.0 version of gnoMint: a graphical
X.509 Certification Authority managing tool.
This version adds some interesting features:
* Multiple CA support. Now, each gnoMint database is able to keep and
manage several CAs and their generated certificates. These
certificates can be other CAs. It's possible to have a multi-rooted
database, with several self-signed CA certificates.
* Support for 20-byte serial certificates, according to RFC5280.
* Support for inherit subject fields from certification authorities,
depending on each CA policy.
* Detailed certificate view (thanks to Ahmed Baizid <firstname.lastname@example.org>).
* French translation (also by Ahmed Baizid <email@example.com>).
* Now, a default database ~/.gnomint/default.gnomint is opened if no
other indication is given.
* It now registers a new mime type for gnoMint databases, so they can
be loaded with double-click.
Several bugs has been fixed:
* There was a discrepancy between the shown serial number and the
serial number kept in the certificates. Now it's fixed, and the serial
number is shown as in other programs. This can produce very high
numbers while loading previously-created gnoMint databases, but
backwards support is kept.
* There was a problem when signing a CSR whose private key had been
extracted from the database: the link between the new resulting
certificate and the file keeping the private key got lost. Fixed now.
gnoMint is a tool for an easy creation and management of Certification
Authorities. It allows a fancy visualization of all the pieces that
conform a CA: x509 certificates, CSRs, CRLs...
Currently, it allows the creation of CAs, CSRs and Certificates, and
export both public and private parts of them into PEM formatted files.
It manages the revocation of the created certificates, as well as the
creation of CRLs.
gnoMint is now perfectly usable for managing a CA that emits
certificates able to:
* Authenticate people or machines in VPNs (IPSec or other protocols);
* Secure HTTP communications with SSL/TLS secured web servers;
* Authenticate and cipher HTTP communications through web-client
* Sign and/or crypt e-mails
For compiling it, its dependencies are:
* SQLite 3
* libGnuTLS 2.0
More information in
You can get the tarball from sourceforge mirrors:
Please send bugs, comments and/or questions to our mailing list:
David Marín Carreño <firstname.lastname@example.org>