Ok, so I setup a private key, did a CSR, then self signed it so I basically have a CA.
I next created a new csr and then attempt to sign it. However, no matter what I do, the option to sign with my CA cert is not available. The radio button is stuck on Self Sign with a serial number and the other option is grayed out.
Anybody have any ideas of what might cause this?
You may safely skip the intermediate step of the CSR and directly click on "New certificate"
Use the "[default] CA" template for sane defaults for CA certificates.
I guess the extension "basic constraints CA:TRUE" is missing in your CA certificate.
Try the documentation: http://xca.sourceforge.net/xca-9.html#ss9.1
I am having the same problem. It seems to work fine with a CA created in XCA. But if I import one using PKCS#12, it seems to lose its connection to the private key. Then I can't use that CA to sign anything. I haven't found a way to reattach the private key that shows up on the private key tab.
Are you sure that the certificate and key do match (have the same modulus) ?
It is possible to create a PKCS#12 file with some key and a completely unrelated certificate.
Has the PKCS#12 file been created by XCA or another software ?
What does the "Certificate Details" say about the key ? "not available" ?
or does XCA show the name of the key ?
Log in to post a comment.