{"id":891,"date":"2012-10-21T10:51:29","date_gmt":"2012-10-21T07:51:29","guid":{"rendered":"http:\/\/saisa.eu\/blogs\/Guidance\/?p=891"},"modified":"2012-10-21T10:51:29","modified_gmt":"2012-10-21T07:51:29","slug":"xca-tool-for-managing-certificates-and-privatepublic-keys","status":"publish","type":"post","link":"https:\/\/saisa.eu\/blogs\/Guidance\/?p=891","title":{"rendered":"XCA, Tool for managing certificates and private\/public keys"},"content":{"rendered":"<p>In XCA <a href=\"http:\/\/xca.sourceforge.net\/\">home page<\/a>:<\/p>\n<blockquote>\n<p>X Certificate and Key management: This application is intended for creating and managing X.509 certificates, certificate requests, RSA, DSA and EC private keys, Smartcards and CRLs. Everything that is needed for a CA is implemented. It uses the OpenSSL library for the cryptographic operations.<\/p>\n<\/blockquote>\n<p><strong>Good:<\/strong><\/p>\n<ul>\n<li>Smart-Cards via PKCS#11 interface<\/li>\n<\/ul>\n<p>In the figure below, the root private key of CA has been created and used for CA self signed root. The keys and certificates are stored in &#8220;test.xdb&#8221; database file.<\/p>\n<p><img loading=\"lazy\" height=\"308\" alt=\"XCA-1\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/10\/xca-1.jpg\" width=\"450\" \/><\/p>\n<p>In the figure below, the root private key of CA has been created on the <u>Smart Card<\/u> and used for CA self signed root. The root key on Smart Card is protected by PIN. The other keys and certificates are stored in &#8220;XCA-aventra.xdb&#8221; database file.<\/p>\n<p><img loading=\"lazy\" height=\"354\" alt=\"XCA-2\" src=\"http:\/\/saisa.eu\/blogs\/Guidance\/wp-content\/uploads\/2012\/10\/xca-2.jpg\" width=\"450\" \/><\/p>\n<p><strong>Tips<\/strong><\/p>\n<ul>\n<li>Protect your xdb file<\/li>\n<li>XCA is using OpenSC to access smart card via PKCS11. In menu File-&gt;Options, one can add vendor specific PKCS11 Provider. In case of Aventra MyEID smart card, one can use &#8220;C:\\Program Files\\Fujitsu Services\\ActiveSecurity MyClient\\Cryptoki.dll&#8221;.<\/li>\n<\/ul>\n<p><strong>Links<\/strong><\/p>\n<ul>\n<li>Good &#8220;Step by step&#8221; flows, found via google search&#8230;\n<ul>\n<li><a href=\"http:\/\/www.carbonwind.net\/VPN\/XCA_OpenVPN\/XCA_OpenVPN.htm\">Using XCA to configure the OpenVPN PKI part as an alternative to OpenVPN&#8217;s easy-rsa<\/a><\/li>\n<li><a href=\"http:\/\/pandadownload.de\/de\/attachement\/xca.pdf\">How to manage X509 certificates with XCA for their correct implementation in Panda GateDefender Integra<\/a><\/li>\n<li><a href=\"http:\/\/www2.lancom.de\/kb.nsf\/1276\/B59D0CA49EBD3559C12578FF003210B2?OpenDocument\">http:\/\/www2.lancom.de\/kb.nsf\/1276\/B59D0CA49EBD3559C12578FF003210B2?OpenDocument<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>In XCA home page: X Certificate and Key management: This application is intended for creating and managing X.509 certificates, certificate requests, RSA, DSA and EC private keys, Smartcards and CRLs. Everything that is needed for a CA is implemented. It &hellip; <a href=\"https:\/\/saisa.eu\/blogs\/Guidance\/?p=891\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[17,6],"tags":[],"_links":{"self":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/891"}],"collection":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=891"}],"version-history":[{"count":0,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=\/wp\/v2\/posts\/891\/revisions"}],"wp:attachment":[{"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/saisa.eu\/blogs\/Guidance\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}