Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo


Can't sign certs, wth?

  • maximus_m3

    Ok, so I setup a private key, did a CSR, then self signed it so I basically have a CA.

    I next created a new csr and then attempt to sign it.  However, no matter what I do, the option to sign with my CA cert is not available.  The radio button is stuck on Self Sign with a serial number and the other option is grayed out.

    Anybody have any ideas of what might cause this?

    • You may safely skip the intermediate step of the CSR and directly click on "New certificate"
      Use the "[default] CA" template for sane defaults for CA certificates.

      I guess the  extension "basic constraints CA:TRUE" is missing in your CA certificate.

      Try the documentation: http://xca.sourceforge.net/xca-9.html#ss9.1

  • Ben Raubenolt
    Ben Raubenolt

    I am having the same problem. It seems to work fine with a CA created in XCA. But if I import one using PKCS#12, it seems to lose its connection to the private key. Then I can't use that CA to sign anything. I haven't found a way to reattach the private key that shows up on the private key tab.

  • Are you sure that the certificate and key do match (have the same modulus) ?
    It is possible to create a PKCS#12 file with some key and a completely unrelated certificate.
    Has the PKCS#12 file been created by XCA or another software ?

    What does the "Certificate Details" say about the key ? "not available" ?
    or does XCA show the name of the key ?