#90 New certificates not always shown attached to CA


If you create a CA (e.g. a self-signed rootCA) and while it is selected chose to create an additional certificate which is signed by the CA then it correctly is indented under the CA certificate in the list.

If however you create a new certificate while the relevant CA certificate is NOT selected but still sign it by the CA certificate then it is listed un-indented as if it was not related to the CA certificate.

I consider this to be a bug, I would suggest that regardless of whether the CA is selected the fact a certificate is signed by a particular CA certificate should be enough to indicate it 'belongs' to the CA certificate and it should then be shown indented under that CA certificate.

Note: If you use intermediate CA certificates then a certificate signed by the intermediate CA certificate should be shown indented under the intermediate CA certificate and the intermediate certificate should be shown indented under the root CA certificate.


  • Christian Hohnstaedt

    All your expectations are 100% correct and applicable. XCA should exactly behave as you described. But I cannot reproduce the behavior you observed. For me everything works fine as you and me would expect.
    Is it reproducable?
    Is the certificate still un-indented after reopening the database, restarting XCA or clicking "Plain view" and "Tree view"

  • John Lockwood

    John Lockwood - 2014-04-08

    Problem still occurs with XCA 0.9.3 under Mac OS X 10.9.2 it does not redraw properly after quitting and relaunching XCA. See attached screen capture which shows a new certificate at the bottom which has NOT been 'attached' to the rootCA and hence is not indented to the same level as all the other correct certificates.

  • Christian Hohnstaedt

    Could you send me the CA chain and the test2 certificate in a private mail (christian@hohnstaedt.de) for testing?
    The keys are not required, of course! Thank you.

  • John Lockwood

    John Lockwood - 2014-11-03

    Ok, I did not previously want to supply a live CA and cert but I have just retested this with 1.0 and I can see it is my fault and I was not understanding how it was behaving. If you create a new cert without the CA selected then it will default to making a self-signed cert and then this of course should not be shown attached to the CA. If you do not first select the CA you can still chose to use the CA in the new cert dialog and I had missed that option.

    So I would say close this down to user error.

  • Christian Hohnstaedt

    • status: open --> closed-invalid

Log in to post a comment.