Activity for Christian Hohnstaedt
-
Christian Hohnstaedt modified ticket #126
open recent does not work on MacOSX
-
Please post this issue on github. Otherwise I may forget about it again...
-
What operating system do you use and what version of XCA? Please check whether the PKCS#11 library has the same bitwitdh as XCA (usually 64bit) If you hover over the lib with the cross, it should pop-up an error. I used the yubikey4 some time before (and there is still a bug pending), but basically it should work, Please switch to the github repository, where current xca development happens. https://github.com/chris2511/xca
-
The database itself as a whole is unencrypted. The private keys however are AES encrypted by the database password, or by a unique password for each key. (context menu "Change password")
-
The database is exchangeble between any host, operating system and currently any 2.x version of XCA. Just put the USB drive into any Linux/BSD/Windows/Mac host you trust and open the database.
-
The Qt SQL drivers are plugins and loaded during runtime. No recompile necessary. Probably XCA links against Qt4. Then you need to install "libqt4-sql-mysql". If Qt5 and Qt4 development headers and libraries exist, XCA prefers Qt5. Both depend on and should install "libmysqlclient20".
-
You probably need to install the qt mysql drivers. "apt install libqt5sql5-mysql" Am 19. November 2018 06:59:15 MEZ schrieb Robin Hammond [email protected]: I keep getting "Available Remote DB Drivers: 0", what configure options are required my mysql? How to Create a Remote PostgreSQL or MySQL Database Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/xca/discussion/209947/ To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/...
-
You probably need to install the Qt5 SQL drivers: "sudo apt install libqt5sql5-mysql"
-
Duplicate of github issue #57 and fixed for 2.1.1 https://github.com/chris2511/xca/issues/57
-
https://hohnstaedt.de/xca/index.php/documentation/remote-databases
-
Basically you just need to create an empty database and a database-user that is allowed to access it. Google is of great help here :-) I will document it on the XCA homepage, soon.
-
Fixed as github ticket: https://github.com/chris2511/xca/issues/45
-
You could import the VMCA and issue a "Similar certificate" from the "context menu -> Transform." You must generate a new key or import the VMCA private key. After that all certificates issued by the VMCA must be replaced by certificates issue by your CA. I propose to import the issued certificates and re-issue them again by "Transform -> similar certificate", this time only replacing the issuing VMCA by your CA. And finally the VMCA root certificate must be added to all browsers and other clients,...
-
XCA 2.0.0 released on GitHub
-
Revoked.png isn't a valid image
-
Removed in XCA 1.4.1 commit 0ba41583fb4bfd14c1d46113d737fb2e214d3fe1 Author: Christian Hohnstaedt [email protected] Date: Sat Jan 6 14:49:09 2018 +0100 SF Bug #109 Revoked.png isn't a valid image It was unused and did not harm. No functional/optical impact. Delete image and all ist references
-
Exported private key from 4096 bit SSH key is wrong
-
Fixed in XCA 1.4.1 with: commit eaabb2a28dc809149588e2eb34af4995d8355722 Author: Christian Hohnstaedt [email protected] Date: Sat Jan 6 21:18:31 2018 +0100 SF Bug #110 Exported private key from 4096 bit SSH key is wrong Actually, it just differs. It is PKCS#8 instead of PKCS#1
-
CA serial number is ignored in hierarchical view
-
XCA 1.4.1 will not put the CA serial and issuer into issued certificates AuthKeyID anymore commit e3c9d7bff84f54f9a2cccd96804a9964419439b7 Author: Christian Hohnstaedt [email protected] Date: Sat Jan 6 13:00:08 2018 +0100 SF Bug #121 CA serial number is ignored in hierarchical view Remove Serial number from "Authority Key Identifier"
-
1.4.0 Cannot open DB
-
Fixed in XCA 1.4.1 with commit 365507b36e0633a6f978e632f97a0cdaca6b4dde Author: Christian Hohnstaedt [email protected] Date: Thu Mar 1 22:06:23 2018 +0100 SF Bug #122 isValid() tried to convert the serial to 64 bit With OpenSSL 1.1.0 this results in an error message if the serial was too long. With OpenSSL 1.0.x it didn't.
-
Wrong assumptions about slots returned by PKCS11 library
-
Integrated into XCA 1.4.1 commit b0d131e79a060c89a9d7e3ade020caf7bd67bd8b Author: Dancho Penev [email protected] Date: Wed Feb 7 11:04:32 2018 +0100 SF bug #124 Wrong assumptions about slots returned by PKCS11 library When using PKCS11 library to manage smart cards the code assumes that all slots returned by the library call are not empty. In some cases Gemalto's library returns list of slots in which the first one is empty and the second one is occupied by the smart card, this causes...
-
-
-
Certificates and requests allow to "Transform->public key" in the comtext menu (I wanted to link to the documentation, but this is poorly documented. Will fix it) "Transform->public key" Will take the public key and create a new item in the "Private Keys" tab. If the option is greyed out then there is already a matching key in the "Private keys" tab. And the keys (public (transformed from the CSR or certificate) as well as private) allow to "Export -> Clipboard or File" and select "PEM public" Which...
-
Hello, i created a 1.4.1-pre01 version downloadable at https://hohnstaedt.de/downloads/ It should give better error location information. Please test it and report any error message. Thank you.
-
Is there any known issue with the ocsp option in xca? XCA uses the OpenSSL mechanisms to add the entry, so I don't think there is anything XCA can do differently. Did you try an other browser? They (IE, FF, Chrome) are known to behave differently.
-
Error when opening database from v1.3.4
-
Duplicate of Bug #122
-
I cannot trigger the problem here. Can you provide a database without sensible data that shows the issue?
-
1.4.0 Cannot open DB
-
Hi Harald, the current behavior of XCA is as described in my comment above. I think this behavior is the most sane. Associating a Certificate to its signing CA happens by the following indicators: CA:Subject == Cert:Issuer and CA:pubkey verifies Cert:signature. Neither the serial number nor the validity time is considered for the "Issuer CA -> Issued cert" relation. XCA does not distinguish why a certificate appears (Signing or import). So the following may happen: A CA certifcate exists and has...
-
Export -> File -> PEM Private exports a PKCS#1 key Export -> Clipboard -> PEM Private exports a PKCS#8 structure puttykeygen apparently can't handle the PKCS#8 structure.
-
Exported private key from 4096 bit SSH key is wrong
-
configure.patch
-
My small configure has been replaced by the autotools configure bazooka since.
-
outdated :-)
-
patch to build with qt-4.2.1
-
replace path separators in export filenames
-
Integrated differently in xca 1.0.0 commit a1f350d80805aa59ffd037513153a2d7bd6d9b00 Author: Christian Hohnstaedt [email protected] Date: Wed Nov 20 08:05:26 2013 +0100 SF Bug #78 replace path separators in export filenames Thanks Andreas for the hint
-
Implemented differently for xca 1.4.0 commit 806312800de5ee893720df490a971e494dc984e0 Author: Christian Hohnstaedt [email protected] Date: Wed Dec 2 08:48:30 2015 +0100 Thales nCipher key generation changes for EC and DSA keys Developed and tested by Mak, Mcken <[email protected]> Thanks!
-
Thales/nCipher nShield PKCS#11 integration - EC generate key CKR_TEMPLATE_INCONSISTENT error
-
Fixes for openssl 1.0.1i
-
Has long been integrated in xca 1.0.0 commit 4f7cd417320215c8ed3567536cbf2ca008946c38 Author: Oliver Winker [email protected] Date: Tue Aug 12 19:08:05 2014 +0200 Fix for openssl 1.0.1i
-
Suppress icon file extension in desktop entry
-
Has long been integrated with xca 1.0.0 commit de7da9a1ed53b0ad866cf928d2017a74a4f09045 Author: Patrick MONNERAT [email protected] Date: Wed Oct 22 21:19:30 2014 +0200 Suppress icon file extension in desktop entry
-
It was an unused gimp XCF image. No functional impact. Will be removed with xca 1.4.1.
-
Revoked.png isn't a valid image
-
Chapter 4.2.1.10. of RFC 5280 is about "CA Name Constraints". The subject alternative name only supports IP addresses.
-
Subject Alternative Name box does not accept IPv4 or IPv6 addresses with a subnet declaration
-
xca silently ignores database items. should show warning in gui.
-
Version 2.0 will handle this better
-
Importing the attached certificate works with 1.3.2. I assume you already had a certificate signed by this CA installed. Which then means it is a duplicate of Bug #120: commit 22b441046aa4be986fc2543a18c87b1d2abdebdc Author: Christian Hohnstaedt [email protected] Date: Sun Jul 9 20:59:21 2017 +0200 SF: #120 Crash when importing CA certificate for certificates which already exist The QAbstractItemModel is simetimes called with column index -1 Catch those calls.
-
xca crashes on import of latest RapidSSL Root CA
-
Duplicate of Bug #120 and fixed with xca 1.4.0: commit 22b441046aa4be986fc2543a18c87b1d2abdebdc Author: Christian Hohnstaedt [email protected] Date: Sun Jul 9 20:59:21 2017 +0200 SF: #120 Crash when importing CA certificate for certificates which already exist The QAbstractItemModel is simetimes called with column index -1 Catch those calls.
-
Import of StartCom Intermidate Class 1 crashes
-
Please reopen if the issue occures again
-
Crash while open 'open file dialog'
-
Currently XCA does not support conncurrent access reliably. I will change the database format with version 2.0 to a SQL API. SQLite supports concurrent access. For multi user access over network mysql or postgres should be used then
-
Concurrent database access not supported
-
The serial number is only used to distinguish 2 ccertificates. It is common practice to simply use unique random numbers as serial. XCA will soon remove the increasing serials and always generate random serials. Currently the "CA options" allow to switch to random serials. If more than one possible issuer exist (Issuer name matches CA subject and public key verifies the signature, XCA selects the CA with the latest expiry date (validUntil). This allows smooth CA rollover. There is however one issue...
-
XCA 1.4.0 released
-
Integrated into xca-1.4.0 as: commit 0d34bc1c1ce4bd52cd53ffeab24c14ace260db8c Author: Adam Dawidowski [email protected] Date: Tue Sep 6 19:32:46 2016 +0200 Extend generating an OpenSSL "index.txt" Updated patch adds another export option automating the creation of multiple index.txt files to be used with multiple ocsp responders. New export option is available via command line (-I index.txt) and the Extras menu (Extra->Export Certificate Index hierarchy). The option causes the creation of an...
-
Export certificate index (index.txt)
-
In xca 1.4.0 not only the default hash changed to SHA256, but also opening exisiting databases with SHA-1 default hash will issue a warning and propose changing the hash to something more secure. commit 13580262f696aee8bedc3d7b3a7ec4be925a4ddb Author: Christian Hohnstaedt [email protected] Date: Tue Oct 24 11:56:11 2017 +0200 Change default hash to SHA-256 commit cfc65af48a0404bd0e5f2729525ae720e92d59a9 Author: Christian Hohnstaedt [email protected] Date: Mon Nov 13 17:51:48 2017 +0100...
-
Change default to SHA256 for signature algorithm / Depricate SHA1
-
[build] add --disable-doc
-
Merged into xca 1.4.0 as: commit 9a6f03b9160fb1ae18816fbeb5a11cbcffa2d2fb Author: Alon Bar-Lev [email protected] Date: Fri Jun 3 23:58:01 2016 +0300 build: add --disable-doc to disable doc installation
-
[build] add --with-qt-version
-
Merged into xca 1.4.0 as: commit 8fc3ea7a3a3af69d3c7403169c6b6f1d9b51f0e7 Author: Alon Bar-Lev [email protected] Date: Fri Jun 3 23:15:29 2016 +0300 build: add --with-qt-version to force specific qt linkage Signed-off-by: Alon Bar-Lev <[email protected]>
-
OpenSSL 1.1 support
-
Integrated and amended. Can't stress this too much: Thanks Patrick :-)
-
Fixed in xca 1.4.0 with commit b22d82a3f90586df10d80a6eb268905896ba39ca and many previous ones. Initial heavy work by Patrick Monnerat. Thank You !
-
openssl-1.1 support
-
db_x509.cpp:521]: (error) Mismatching allocation and deallocation: cert
-
Fixed in version 1.4.0 commit 4ef4c9ad8739c6503a9aecbaec2e8ecc907cf645 Author: Christian Hohnstaedt [email protected] Date: Mon Jul 10 09:12:37 2017 +0200 SF #116 db_x509.cpp:521: Mismatching allocation and deallocation: cert free(cert) -> delete cert
-
Fixed in 1.4.0 with commit 22b441046aa4be986fc2543a18c87b1d2abdebdc Author: Christian Hohnstaedt [email protected] Date: Sun Jul 9 20:59:21 2017 +0200 SF: #120 Crash when importing CA certificate for certificates which already exist The QAbstractItemModel is simetimes called with column index -1 Catch those calls.
-
Crash when importing CA certificate, for certificates, which already exist
-
Avoid updateAfterCrlLoad
-
Add PKI Source: generated, imported, transformed
-
Fix indentation error
-
Settings are Sql
-
Allow to edit item properties
-
Remove xca_db_stat application
-
Convert QByteArray.base64() to QString before writing it to the DB
-
Make use of C++ templates for more type-safety
-
WIP
-
WIP Connect
-
Fix minor problems during db open and key import
-
Rebase on master
-
Add Views and a concept of schema updates
1 >
