From: David Marín Carreño <davefx@gm...> - 2008-10-01 18:43:25
I'm pleased to announce the 0.5.4 version of gnoMint: a graphical
X.509 Certification Authority management tool.
This version adds adds some features:
* Now it is possible to generate CRLs for all the CAs in the
hierarchy, not only the first root CA.
* Now, the dependences between certificate uses and certificate
purposes are enforced.
* Now, the CA used for inheriting fields while creating a CSR is
remembered, so it is the default selected CA while signing it.
* Just created files now in 0600 mode, so only owner car read them.
* gnoMint now can compile with much stricter compiler parameters (not
enabled by default).
* A lot of autotools cleaning, thanks to Stanek Lubos
* Now, certificates (CA and non-CA) can be imported from external files.
* Added swedish translation, thanks to Launchpad.net collaborators.
There are also several fixes:
* Expired certificates appear only in the first CRL released after the
expiration date, according to RFC 5280 (page 13).
* Subject and issuer key id are properly set, according to RFC 5280
* Fixing segmentation fault when the CSR or the CA certificates have
* Fixing problem: only the first certificate in database could sign
CSRs in password-protected databases.
* Fixing problem: now expiration time is properly set (there was a
problem related with the difference between UTC and localtime).
* Some other segmentation faults are fixed too.
gnoMint is a tool for an easy creation and management of Certification
Authorities. It allows a fancy visualization of all the pieces that
conform a CA: x509 certificates, CSRs, CRLs...
Currently, it allows the creation of CAs, CSRs and Certificates, and
export both public and private parts of them into PEM formatted files.
It manages the revocation of the created certificates, as well as the
creation of CRLs.
gnoMint is now perfectly usable for managing a CA that emits
certificates able to:
* Authenticate people or machines in VPNs (IPSec or other protocols);
* Secure HTTP communications with SSL/TLS secured web servers;
* Authenticate and cipher HTTP communications through web-client certificates;
* Sign and/or crypt e-mails
For compiling it, its dependencies are:
* GTK+ 2.10 or newer
* SQLite 3
* libGnuTLS 2.0 or newer
More information in
You can get the tarball from sourceforge mirrors:
David Marín Carreño
Get latest updates about Open Source Projects, Conferences and News.