xca / News: Recent posts

XCA 1.3.2 released

This is a patch release, fixing some bugs.
I added a (non-modal) OID resolver (Extra -> OID resolver) where you can enter the OID, the short name like "C, ST, O, OU, or the long name like "commonName". If you ever wanted to know, whether XCA supports a special OID, just enter it.

I also adapted the configure script and includes to detect and compile against QT5.
Although these changes seem big for a patch-release, they almost did not touch existing code.... read more

Posted by Christian Hohnstaedt 2015-10-10

XCA 1.3.1 released

There was a bug resulting in a hanging application if a special combination of a CRL and a signing certificate existed in the database.
(CA subject == CRL signer, but CA key did not sign it)
This is fixed now.

Posted by Christian Hohnstaedt 2015-08-21

XCA 1.3.0 Released

I fixed some of the reported Bugs and added some of the demanded features.

Here is the chagelog:

  • Update to OpenSSL 1.0.2d for Windows and MAC
  • SF Bug #105 1.2.0 OS X Retina Display Support
  • Digitaly sign Windows and MAC binaries with a valid certificate
  • Refactor the context menu. Exporting many selected items
    to the clipboard or a PEM file now works. Certificate renewal and revocation
    may now be performed on a batch of certificates.
  • Feat. Reg. #83 Option to revoke old certificate when renewing
  • Refactor revocation handling. All revocation information is
    stored with the CA and may be modified.
    Revoked certificates may now be deleted from the database
  • Support nameConstraints, policyMappings, InhibitAnyPolicy, PolicyConstraint
    and (OSCP)noCheck when transforming certificates to templates or OpenSSL configs
  • Fix SF Bug #104 Export to template introduces spaces
  • Add option for disabling legacy Netscape extensions
  • Support exporting SSH2 public key to the clipboard
  • SF Bug #102 Weak entropy source used for key generation:
    Use /dev/random, mouse/kbd entropy, token RNG
  • SF Feat. Req. #80 Create new certificate,
    based on existing certificate, same for requests
  • Add Cert/Req Column for Signature Algorithm
  • SF Feat. Req. #81 Show key size in New Certificate dialog
  • Distinguish export from transform:
    • Export writes to an external file,
    • Transform generates another XCA item... read more
Posted by Christian Hohnstaedt 2015-08-11

XCA 1.2.0 Released

This release contains minor feature enhancements like

  • Add Row numbering for easy item counting
  • Support SSH2 public key format for import and export
  • Add support for SHA-224
  • add "xca extract" to export items from the database on the commandline

The Windows and MAC binaries of this release incorporate the OpenSSL 1.0.2a library.
It addresses the following issues, which could lead to segmentation faults in XCA.... read more

Posted by Christian Hohnstaedt 2015-03-21

XCA 1.1.0 Released

This release fully supports EC and DSA keys on tokens. It contains several bugfixes and enhancements like:
- Distributed binaries with EC Brainpool curves
- Configurable Distinguished name input fields
- Quick search
- Export public/private keys to clipboard
- Runtime selectable application language

Posted by Christian Hohnstaedt 2014-11-22

XCA 1.0.0 Released

I finally got the time to make a new release.
Even though this actually is only a patch release fixing some bugs
I called it Version 1.0.0 since it is pretty complete and stable.

I hope the next release won't take more than 2 years...

Enjoy XCA

Posted by Christian Hohnstaedt 2014-10-23

OpenSSL Heartbleed (CVE-2014-0160) and XCA

In short

XCA is not affected at all by the Heartbleed vulnerability,
because it does not do any SSL/TLS related things.

Long version

The Windows/MacOSX version of XCA comes with an OpenSSL version (number) which is affected.
On unix-ish hosts XCA uses the OpenSSL library of the host system.

OpenSSL is split in 2 librarys
1. The crypto library: libcrypto.so (libeay32.dll) containing all the X.509 crypto and hash functions
2. The SSL/TLS library: libssl.so (libssl32.dll) containing the HTTPS network code and the Heartbleed bug... read more

Posted by Christian Hohnstaedt 2014-04-11

XCA 0.7.0 released

There are several fixes in this release. The validation of certificate requests was made working again. During certificate creation xca notifies about duplicate v3 extensions. The default hashing algorithm was reset to SHA1, since too many applications can't handle SHA256 correctly, yet.

New features:
- PEM import feature added to paste or open a file and autodetect the content
- The subject of certificate requests can be modified before signing
- Arbitrary X509v3 extensions may be added by using the OpenSSL config file format on the "Advanced Settings" Tab
- A validation button computes and displays all extensions before creating the certificate... read more

Posted by Christian Hohnstaedt 2009-09-12

XCA 0.6.3 released

The release of XCA 0.6.3 comes with an options dialog where
the following settings can be adjusted per database:
The default hash-algo can be set to SHA1 for all users with clients
that can not handle the current default of SHA256. Additionally a list of mandatory
distinguished name entries can be set to get warned if one of them is empty
during certificate rollout.
Usually xca takes care that a key is only used once.
Some people asked my to help them shooting themselves into the foot,
so I added an option to use keys more than once.
The internal handling of umlauts was moved to UTF8.
It may be possible that some of your key and certificate internal names
show rubish where non 7bit ASCII characters have been. This is
no issue, since you can easily rename the items in question. This will not change
its content.... read more

Posted by Christian Hohnstaedt 2007-05-22

beta of xca 0.6.0 released

It needed some time to port XCA to QT4. This enables me to use a modern API and take advantage of the free Windows port of QT4 for free software.

A lot of new features were added, like v3 extensions for requests or the more convenient input dialogs for issuer-alternative-name and others.
The Cetificate-wizard got replace by a tab-dialog to enhance the usability. The switch to OpenSSL 0.9.8 enables the newer hashing algos SHA256 and SHA512. The storage type of the asymmetric keys (DSA is supported now, too) was changed. The private key remains encrypted in the db and is only decrypted on demand. The keys also may get protected by different passwords.... read more

Posted by Christian Hohnstaedt 2007-02-02

Release of xca 0.4.6

This new version fixes some bugs in handling the commandline options especially is it possible again to select an other database name.
The configure system was reduced to a small configure script removin 1/3 of the needed diskspace of the tar ball.
The dates in the created CRLs were changed to be compatible to netscape.

Posted by Christian Hohnstaedt 2003-11-25

Release of XCA 0.4.5

This release implements the following feature requests:
1) Change Database password
2) Error messages can be copied to the clipboard
3) User can enter arbitrary key sizes for keygeneration

Posted by Christian Hohnstaedt 2003-08-14

xca release 0.4.4

Since there poped up 2 evil bugs at the morning after the release there is a new release today.
This release now uses UTC time for certificate dates.

Posted by Christian Hohnstaedt 2003-08-06

xca 0.4.3

This new release introduces the Multi import functionality and solves a certificate creation bug.
The ExtendedKeyUsage now contains VPN OIDs.

Posted by Christian Hohnstaedt 2003-08-05

XCA signing error

XCA does create malformed certificates under some circumstances:

When creating a certificate with XCA and selecting
"Authority Key Identifier" it takes the values from an other
than the signing certificate.
This results to invalid certificates !!

All versions of xca from 0.4.0 to 0.4.2 are affected.
The 0.3 series is not affected.

Dumb implemetations like IE do easily ignore it, but
others like CISCO VPN routers or Mozilla do
reject such malformed certificates.... read more

Posted by Christian Hohnstaedt 2003-08-04

Release of XCA 0.4.1

After a short testing periode of the rewritten XCA 0.4.0
application there is a new version fixing some
grave bugs and introducing a cleaner use of default paths and the registry at the windows OS.
Everybody is advised to upgrade from 0.4.0 to 0.4.1

Posted by Christian Hohnstaedt 2003-07-15

Release of xca-0.4.0

After 2 months of hard work, rewritting
large code segments to make them more stable
and pretty, there is a new version solving all pending bugs and implementing some feature requests.
Please test it and report suggestions as well as bugs and feature requests.

The WIN32 version will be available soon.

Posted by Christian Hohnstaedt 2003-07-08

Release of xca 0.3.2

This version of xca has some enhancements for windows, like the import of MS *.p7b files and use of the registry that enables the user to use
xca as "viewer" for cryptographic items. Also the UI got some small enhancements.

Posted by Christian Hohnstaedt 2003-05-17

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.

No, thanks