Changelog

xca 2.1.2 Wed Nov 07 2018

Close #40 macOS: Crash after xca v2.0.1 quit
Close #37: XCA 2: EVP_DecryptFinal_ex:bad decrypt
Close #74: Exiting XCA 2.1.1 corrupts database
Make PKCS11 libs, working dir and main-window size host-dependent
Support for XCA as portable App
Close #69 Library not loaded: @rpath/ contains local directory
Close #60: Fix MacOSX 2.1.1 binary
Add new maintained languages: Polish, Spanish, Portuguese

xca 2.1.1 Thu Sep 13 2018

Allow manual override of the CSR signed flag
Close #56: Duplicate Serials after Upgrade 2.1.0
Close #57: SAN IP not working in 2.1.0
Close #55: Calculate "CSR signed" information from legacy database
Close #55: Add Certificate counter column for CSR
Fix slovak translation
Close #50: Hang while importing 1.4.1 database into 2.1.0

xca 2.1.0 Tue Jul 24 2018

Close #48: The SKI tickbox isn't generating an SKI extension for CSRs
Fix translation of dates
Add private key icon to the key name
Inspired by #42: display dates relative (seconds ago, yesterday, ...) while column ordering is still strict by age. The ToolTip shows date and time.
Related to #39: Dynamically adjust explicit DN entries
Close #39: Subject entries shuffled
Close #36: Support adding CN to X509v3 SAN automatically
Close #35: Configurable size of serial number.
Close #34: Improve Mac OSX installation
Close #27: Configurable certificate expiry warning threshold
Generate calender (.ics) files for certificate and CRL expiries

xca 2.0.1 Tue May 08 2018

Close #32: Version field contains "Created by Qt/QMake" on MacOSX
Review and update russian ltranslation
Close #31: Closing certificate details window toggles tree folding
Close #25: Certificates are no longer coloured
Close #24: Add LibreSSL support. Tested with LibreSSL 2.7.2
Close #23: Improve limiting to pattern in certificate tree view
Close #20: Unable to chose remote database type (dropdown empty)
Close #19: Replace 3DES encryption by AES-256 during key export

xca 2.0.0 Tue Apr 10 2018

Open database before starting a transaction
Fix default hash during startup
Fix Importing PKCS#12 and PKCS#7 files
Improve automatic setting of the certificate internal name
Don't use remote DB descriptor as local database filename proposal
Usability: Preset remote database input values with previous ones
Add another missing windows postgres library
xca 2.0.0-pre04 Thu Mar 22 2018
Accept drivers that don't support transactions
Install MySQL and PostgreSQL drivers on windows
Closes #10: Warn if certificate without any extension is created
Add table prefix to be prepended to each table for remote SQL DB
Update translations
xca 2.0.0-pre03 Thu Mar 15 2018
Fix installation of sql plugins in the Windows installer
Fix opening, importing and dropping databases
xca 2.0.0-pre02 Tue Mar 13 2018
Fix crash during PKCS#12 export
Update HTTPS_server template and add example SAN
Acceppt empty password for private key decryption
Fix legacy database-without-password import
xca 2.0.0-pre01 Sun Mar 11 2018
Close GitHub Bug #5: Exporting a private key results in too-permissive permissions
Close GitHub Bug #4: Workaround QT bug of editing in QDateTimeEdit
Fix display of dates in the Certificate details (local time displayed a GMT)
The internal name is not neccessarily unique anymore and can be edited in the details dialog as well as the comment.
CSR signing is now statically stored in the database and the comment of the issued certificate.
Private keys in the database are PKCS#8 encrypted and can be exported and decrypted without XCA.
No more incrementing serials. Only unique random serial numbers.
"xca_db_stat" application removed. Use the SQLite3 browser "sqlitebrowser".
"xca extract" functionality removed. SQL views may be used instead.
Each item may be commented. XCA itself comments important events in the item.
Each item knows its time and origin of appearance.
Change database format to SQL(ite) and support MySQL and PostgreSQL.

xca 1.4.1 Sat Mar 3 2018

Replace links to XCA on Sourceforge in the software and documentation by links to my Site.
xca 1.4.1-pre02 Thu Mar 1 2018
SF Bug #122 isValid() tried to convert the serial to 64 bit
Beautify mandatory distinguished name entry errors
Support dragging certificates and other items as PEM text
Show User settings and installation path in the about dialog
xca 1.4.1-pre01 Sun Feb 18 2018
Remove SPKAC support. Netscape is not of this world anymore.
SF bug #124 Wrong assumptions about slots returned by PKCS11 library
Cleanup and improve the OID text files, remove senseless aia.txt
Update HTML documentation
Refine and document Entropy gathering
Indicate development and release version by git commit hash
Fix dumping private keys during "Dump database"
Fix Null pointer exception when importing PKCS#12 with OpenSSL 1.1.0
SF Bug #110 Exported private key from 4096 bit SSH key is wrong
SF Bug #109 Revoked.png isn't a valid image
SF Bug #121 CA serial number is ignored in hierarchical view
Improve speed of Bulk import.
Fix starting xca with a database as first arg

xca 1.4.0 Thu Jan 4 2018

Update OpenSSL version for MacOSX and W32 to 1.1.0g
Change default hash to SHA-256 and add a warning if the default hash algorithm is SHA1 or less
Switch to Qt5 for Windows build and installation
Do not apply the default template when creating a similar cert
Close SF #120 Crash when importing CA certificate
Close SF #116 db_x509.cpp:521: Mismatching allocation and deallocation
Add support for OpenSSL 1.1 (by Patrick Monnerat)
Support generating an OpenSSL "index.txt" (by Adam Dawidowski)
Thales nCipher key generation changes for EC and DSA keys
Add Slovak translation

xca 1.3.2 Sat Oct 10 2015

Gentoo Bug #562288 linking fails
Add OID resolver, move some Menu items to "Extra"
SF. Bug. #81 Make xca qt5 compatible
SF. Bug. #107 error:0D0680A8:asn1 encoding
Don't validate notBefore and notAfter if they are disabled.

xca 1.3.1 Fri Aug 21 2015

Fix endless loop while searching for a signer of a CRL

xca 1.3.0 Thu Aug 11 2015

Update to OpenSSL 1.0.2d for Windows and MAC
SF Bug #105 1.2.0 OS X Retina Display Support
Digitaly sign Windows and MAC binaries with a valid certificate
Refactor the context menu. Exporting many selected items to the clipboard or a PEM file now works. Certificate renewal and revocation may now be performed on a batch of certificates.
Feat. Reg. #83 Option to revoke old certificate when renewing
Refactor revocation handling. All revocation information is stored with the CA and may be modified. Revoked certificates may now be deleted from the database
Support nameConstraints, policyMappings, InhibitAnyPolicy, PolicyConstraint and (OSCP)noCheck when transforming certificates to templates or OpenSSL configs
Fix SF Bug #104 Export to template introduces spaces
Add option for disabling legacy Netscape extensions
Support exporting SSH2 public key to the clipboard
SF Bug #102 Weak entropy source used for key generation: Use /dev/random, mouse/kbd entropy, token RNG
SF Feat. Req. #80 Create new certificate, based on existing certificate, same for requests
Add Cert/Req Column for Signature Algorithm
SF Feat. Req. #81 Show key size in New Certificate dialog
Distinguish export from transform: - Export writes to an external file, - Transform generates another XCA item

xca 1.2.0 Sat Mar 21 2015

Update to OpenSSL 1.0.2a for Windows and MAC drop brainpool extra builds
Use CTRL +/- to change the font size in the view
Add Row numbering for easy item counting
Support SSH2 public key format for import and export
Add support for SHA-224
add "xca extract" to export items from the database on the commandline

xca 1.1.0 Sat Nov 22 2014

SF Bug #79 Template export from WinXP cannot be imported in Linux and Mac OS X
Support for Brainpool windows and MacOSX binaries
SF Feat. Req. #70 ability to search certificates
SF Feat. Req. #75 show SHA-256 digest
RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate
Database hardening - Delete invalid items (on demand) - Be more tolerant against database errors - Gracefully handle and repair corrupt databases - Add "xca_db_stat(.exe)" binary to all installations
Translation updates
Optionally allow hash algos not supported by the token
Select whether to translate established x509 terms
Finish Token EC and DSA support - generate, import, export, sign
SF Feat. Req. #57 More options for Distinguished Name
Switch to autoconf for the configure script
SF Feature Req. #76 Export private keys to clipboard
EC Keys: show Curve name in table
Support EC key generation on PKCS#11 token
PKCS#11: Make EC and RSA signatures work
PKCS#11: Fix reading EC keys from card
SF Bug #82 Certificate Creation out of Spec
SF Bug #95 XCA 1.0 only runs in French on a UK English Mac

xca 1.0.0 Wed Oct 22 2014

SF Bug #89 Validating CRL distribution point results in error
SF Feature Req. #69 Create "Recent databases..." file menu item
SF Bug #75 authorityInfoAccess set error
SF Bug #88 Minor spelling error
SF Bug #87 Unable to set default key length The Key generation dialog now allows to remember the current settings
Do not interpret HTML tags in message boxes
Overwite extensions from the PKCS#10 request by local extensions This avoids duplication errors and allows to overwrite some extensions from the request
SF Bug #78 replace path separators in export filenames
SF Feature Req. #71 Add KDC Authentication OIDs to default files
SF Bug #82 Certificate Creation out of Spec
Add Croatian translation
SF Bug #83 Inappropriate gcc argument order in configure script

xca 0.9.3 Sat May 12 2012

Fix double free in a1time resulting in random crashes

xca 0.9.2 Sun May 6 2012

Support for Local timezone dates. Differentiate between invalid and undefined dates.
Fix Bug #3461403 Error when create certificate with CRL distribution point User error -> Improve user-friendlyness
Fix Bug #3485139 Exception when creating certificates in passwordless db
Avoid very long names resulting in duplicate names in the database.
Add warning colors for expired dates.

xca 0.9.1 Fri Oct 21 2011

Close bug [ 3372449 ] All numeric names cannot be used
add search functionality for PKCS#11 libraries
fix ASN.1 encoding of PKCS#10 request
Close bug [ 3318203 ] Build failure with GNU gold linker
Add x509v3 extensions to the list of selectable columns
Close bug [ 3314262 ] Incorrect "Path length" template parameter handling
Close bug [ 3314263 ] Unrevoking a certificate does not make it "Trusted"
Feature Request [3286442] Make success/import messges optional
improve Password entry
Improve SPKAC import
add french translation by Patrick Monnerat
Export requests or certificates as openssl config file
Support building with EC disabled
Close bug [3091576] Private key export is always PKCS#8 encoded
Feature Request [3058196] Autoload database
Feature Request [3058195] Export directly to the clipboard
Close bug [3062711] Additional OIDs
Close bug [3062708] Invalid user configuration file path name
Fix PKCS#11 library handling

xca 0.9.0 Sun Aug 29 2010

support loading more than one PKCS#11 library
remove the need for engine_pkcs11 now more than one PKCS#11 library can be loaded and used in parallel
Add de/selection of columns and add a lot of new possible columns All Subject entries, the subject hash and whole name, Certificate fingerprints, dates, CA info, CRL number, corresponding key of certs and requests
Improve CRL generation [3035294] CRLNumber, CRLReason
improve creating templates from cert - enhance parsing of CRL-DP, SAN, IAN and AuthInfoAcc - add support for CertificatePolicies - unknown extension are written as generic DER
improve date handling. "notBefore" is not reset to now anymore when applying a time range
Support dropping files onto the application
russian translation by Pavel Belly
support loading DER formatted PKCS#8 keys
ease commandline use
add DH param generation menu entry
improve token handling and PIN changing dialogs
improve key-value table input for "additional DN entries"
PIN and PUK changing implemented
apply partial template-contents - applying the subject only or the extensions only is possible now
add informational messageboxes - whenever an item was successfully created or imported
add support for random serial numbers
improve messages, usability and german translation
improve token support - token initializing - creating keys on a token - store existing keys on a token - delete keys and certs from a token

xca 0.8.1 Tue Jan 5 2010

fix string conversion from QString to ASN1

xca 0.8.0 Thu Dec 10 2009

improve documentation
improve file-dialog handling
Generate Template from certificate or PKCS#10 request -> Feature request [2213094] and [1108304]
add hash algos "ripemd160" and "SHA384"
add the "no well-defined date" from RFC 5280 as checkbox
Feature request [1996192] Include "OCSPSigning" in misc/eku.txt
Support for EC keys
Update Step-by-step documentation Thanks Devin Reade
Support for Smart Cards
set proper file-extension .xdb on opening databases

xca 0.7.0 Fri Sep 11 2009

support modifying the CSR subject during signing
update key images
fix date settings in Certificate renewal dialog
fix certificate request verification
check for duplicate x509 v3 extensions Bug [ 1881482 ] and [ 1998815 ]
make sha1 the default hash to avoid problems with other software Bug [ 1751397 ]
add validation button to see all extensions before creating the cert
change the hashing for the default password. this makes it incompatible to older versions
Major changes for MAC OS X
extend template format for nconf settings
add nconf input field for arbitrary OpenSSL extensions and a "validate" button to check the settings before applying
fix xca.desktop Bug [ 1837956 ]
fix item-export error handling
add PEM paste import feature
extend PEM import to import all items from a PEM file

xca 0.6.4 Mon Aug 13 2007

Bug "tree view loose track" fixed
check for certificate errors and display them instead of crashing
move used-keys-button form options to NewX509 dialog
Set string options in options dialog
remove extension and attribute tab in details dialog if no extensions or attributes available
documentation updated
X509 request attributes (like challange password) can be set and viewed.

xca 0.6.3 Thu May 17 2007

show CRL signature algorithm information
Add options dialog to set the default hash algo, mandatory distinguished name entries and allow duplicate key use as requested by some users
make cert, crl and key details copy&paste able
fix background color of clicklabels Bug [ 1704699 ]
remove missleading tooltips Bug [ 1704700 ]
fix segfault
switch string handling to UTF8

xca 0.6.2 Mon Apr 9 2007

break endless loop in chain building Bug [ 1696878 ]

xca 0.6.1 Thu Apr 5 2007

minor documentation updates
Fix openssl-cross patch
recognize certificates with circular references [ xca-Bugs-1693027 ]
be compatibile to QT-4.1 (thanks Tamas TEVESZ)
remove all usages of QT3 backward lib [ xca-Feature Requests-1692800 ]

xca 0.6.0 Fri Mar 16 2007

set initial sorting to ascending order
add RFC2253 representation of subject and issuer to copy & paste
fix dialog sizes for long DNs
move hash algo into signer box [ 1656260 ]
make QA serial a compile time option
fix date generation and warn if generalized time is used
autodetect and load any type of PEM files
fix version number in exported *.xca template
fix import of older XCA templates
add support for predefined templates as there was in 0.5.1
fix cmdline import of crypto items
add undelete feature for deleted items
fix database shrinking of curent db during opening of new db

xca 0.6.0-beta02 Fri Feb 2 2007

correct and fixate the order of x509name entries
Add CRL properties dialog to select the dates and the signing algo
Add SHA256 and SHA512
Certificate export for apache and OpenSSH+X509
Default templates for client, server, CA removed
template duplication added
sort serial numbers numerically and not lexicographically Bug [1166075]
add build support for cygwin and mingw-cross
delete rpm/ and debian/ subdirs
Port to QT4 and openssl 0.9.8 remove the need of Berkeley DB importing of old database dump possible
finish support for Mac OS X
add X509 V3 extensions to PKCS#10 requests
add "validation" function for editable extensions below
add "edit" buttons for subject/issuer alt. name, crl dist. point and cert. auth. info access
add DB-dump function into subdirs
Support for DSA keys
Fix error in template changing
change storage-format of keys: store the public unencrypted and the private additionally encrypted.
Allow different passwords for keys

xca 0.5.1 Tue Jul 13 2004

support for different languages on WIN platform (Thanks Ilya)
better installation and deinstallation on WIN platform
documentation updated

xca 0.5.0 Sun Jun 13 2004

orthographical changes
more translations
segfault in CRL import removed
manpage and documentation updated
store "midnight" in template

xca 0.4.7-RC2 Fri Apr 16 2004

open db if explicit mentioned, otherwise do not.
Errormessage on a wrong pkcs12 password more comprehensive
postinst and postrm do update-menu
search more intensive for the CRL signer
add /etc/xca/nid.txt to OID search path
debian build enhanced, lintian satisfied, manpage added.
AuthorityInfoAccess enhanced "aia.txt" as oid list added
allow empty passwords on PKCS#12 import

xca 0.4.7-RC1 Thu Feb 5 2004

debian menu-entry added
Open and closing of different databases
Menu added
German translation
CRLs will revoke existing certs
memory leaks removed
support for other compiled in basedir on unix
Authority info access added Certificate policies still pending :-(
additional (private) oids can be registered in oids.txt
OIDs for extended key usage and Distinguished name are now read from eku.txt and dn.txt respectively.
About dialog and help window added.
Requestdetail is now tabdialog

xca 0.4.6 Tue Nov 25 2003

Country is State or Province
xca.dsp: WIN32 changes from Ilya
New configure added, Makefile.in's purged and one configuration: "Local.mak" for flags and compilers. supports parallel builds (make -j)
SmartCard Logon OID added
Fixed bugs:
[ 846052 ] Tab order in Certificate Netscape extensions is wrong
[ 845800 ] CRL Generation problem for Netscape
[ 836967 ] Unable to specify alternate database
[ 843725 ] xca dies when opened with a pem key as argument
[ 789374 ] Bad encoding in misc/xca.desktop
by Wolfgang Glas <wolfgang.glas@ev-i.at>: - Support for UTF8 in x509name - Netscape SPKAC support added

xca 0.4.5 Wed Aug 13 2003

more german translations
[ 737036 ] make error texts copiable from pop-up-windows to clipboard by adding a button doing this
[ 767603 ] Key sizes Implemented by making the Key-size ComboBox editable to enter arbitrary key sizes.
[ 765774 ] change password for database

xca 0.4.4 Wed Aug 6 2003

[ 783853 ] renewal uses 'notBefore' as 'notAfter' date
[ 783830 ] GeneralizedTime-format breaks browsers

xca 0.4.3 Tue Aug 5 2003

remove Certificate creation bug (AuthKeyId)
always take the right cert for signing
critical flag in key usage and extended key usage works now
Import of Multiple items is done and works [ 739726 ] extend description of -p option [ 775529 ] Import of PKCS#7 item not shown
made the details dialogs internal name read only
some segmentation faults removed
VPN OIDs added to Ext. Keyusage

xca 0.4.2 Sun Jul 20 2003

Memory leak removed
Template import and export added
fix bug [ 773056 ] Duplicate 'All files (*.*)' selection on import menus
import of PKCS#12 keys repaired
crl icon added to W32 installation
/usr/local/include removed from CPP flags
Buttons "Export Cert" and "Change Template" reconnected.
Authority Key identifier repaired

xca 0.4.1 Tue Jul 15 2003

some compiling issues removed
Import via commandline repaired,
signing of requests without key fixed
Changes for WIN32 version from Ilya added
solved bug: [ 770120 ] Attempting to export private key results in no file exported
implemented feature request: [ 755599 ] add PFX import button to Keytab

xca 0.4.0 Tue Jul 8 2003

Solved bugs:
[ 752111 ] Cannot handle dates past 32-bit boundary (2038)
[ 744227 ] Bug in handling of 3rd. party CRLs
The following Feature requests were implemented:
[ 743152 ] Attributes in subject name
[ 755853 ] select the hash algorithm for signing.
The code was completely rewritten to remove many unpretty codefragements and get a more stable codebase
The names of certs and keys in the detailsview of Certs, CRLs and Requests are clickable.
xca desktopfile added and will be installed in applications, key.xpm will be installed as xca.xpm in pixmaps ([ 763954 ] xca.desktop file) Thanks to Enrico Scholz

xca 0.3.2 Thu May 15 2003

Optimizations, icon for WIN32 platform
MS Registry and %USERPROFILE% support
Support for PKCS#7 certs (im/export)
small UI changes

xca 0.3.1 Thu Apr 24 2003

Tool Tips added
CRL handling (import, export, details) added

xca 0.3.0 Fri Apr 25 2003

several bugfixes and memoryleaks removed
export to TinyCA and "openssl ca" added
switch between tree/plain view in certificate list
notAfter dates in certificate view can be sorted reasonably
libdb-4.1.24 and higher is supported
The certificate details dialog was redesigned to be a smaller tab-dialog
Mainwindow dialog shrinked
Item viewing and import via the commandline is possible
documentation littlebit updated
changes in configure
The wizard invokes the key generation process only if really needed

xca 0.2.12 Mon Jan 6 2003

PKCS#7 encryption and signing of files added
First attempt of documentation added
Several export targets added
Certificate renewal repaired

xca 0.2.11 Wed Dec 4 2002

Certificate export enhanced, increase signer-serial on certimport.
interpretation of serial as hex and not as dezimal.
configure continues even if qt lib is absent.
$HOME/xca is created if it does not exist.

xca 0.2.10 Tue Oct 29 2002

shows not After time and serial in listview
some segfaults removed
Certificate renewal implemented
extension-bug removed
request-kontextmenu contains signing
create request from certificate
FreeBSD paths and libs recognized by configure

xca 0.2.9 Mon Oct 21 2002

several segfaults eliminated
key-use counter corrected
initial truststate fixed
remembers Im/Export directories
import of mutiple certs/keys/requests/pkcs12
database transactions activated
exception-handling completed

xca 0.2.8 Sun Oct 13 2002

consistency checks for Iss-alt-name and Sub-alt-name
Check for certificate dates to not exceed those of the signer
defines for libdb >4.1.x
default templates added
package-builder do build without printf-debugging
key-use counter works now well

xca 0.2.7 Tue Oct 8 2002

segfaults removed
minor wizard changes

xca 0.2.6 Mon Sep 30 2002

show common name in request list and certificate list
CRL generation added
Key-export fixed
signing-template, CRL date and CRL time interval adjustable
Fix for windows filenames

xca 0.2.5 Tue Sep 24 2002

Certificate and Template Wizard completed
CA-serial can be changed and is stored with the cert
Passwordboxes set focus right (Andrey Brindeew <abr@abr.pp.ru>)
configure enhanced with error and success messages
x509 v3 extensions completed inc. Netscape extensions
Templates implemented
Files for MS Visual C++ added (yes, it compiles on MS Windows)
Windows Installer added (Nullsoft)

xca 0.2.4 Tue Sep 10 2002

PKCS#12 import added
bugfixes fileview, requestgeneration

xca 0.2.3 Wed Sep 4 2002

icons changed
context menu on right mousebutton
trust state settings added
dialogboxes are resizeable
extended keyusage added to v3 extensions when creating new cert
all dialogs translated to english
no more images in *.ui files

xca 0.2.2 Thu Jul 18 2002

basic constraints, key usage and subject/authority key identifier
signing wizard...
Signatures can be done with requests and from scratch
Certificate for signing can be self or foreign,
password is saved as md5sum

xca 0.1.12 Thu Jul 11 2002

icons added
treeview for Certificates
private keys are triple DES encrypted in db
program asks for initial password on startup
some segfaulting bugs removed

xca 0.1.11 Wed Jul 3 2002

RSA Keys are generated and stored to or loaded from a file in either DER or PEM format.
They get stored in a local Berkeley DB.
Changing their description and viewing their contents, as well as deleting them from local DB is possible.