HowTo use XCA

WPIA Logo

2018-12-12

Obtain Software

XCA is an open source tool to manage private und public keys.

XCA is available under [https://www.hohnstaedt.de/xca/index.php/download] (https://www.hohnstaedt.de/xca/index.php/download).

Please download the newest version at the top of the page.

Windows users can press the download button, Apple or Linux users select their appropriate file. Then install the program on your system. During the installation you can choose from several languages.

Create Certificate Signing Request (CSR)

At the first program start you have to create a new database. To do this, press "STR + N", choose a directory and name the new database, e.g. WPIA.xdb. You can continue to use this database at any time later. A password for this database is required; without entering a password later export is not possible.

To create a new CSR open a xca database and go to the Certificate Signing Request tab.

Screenshot Certificate Signing Request tab

Screenshot Certificate Signing Request tab

Use 'New Request' to create a new request.

Screenshot New Request

Screenshot New Request

You only need to fill data on the Subject tab.

Fill in:

  • Internal name - any data, it is for you to find the entry later, but no special characters
  • CommonName - your Firstname and Lastname
  • emailAddress - an email address used in your CA account

Generate a new private key with 'Generate a new key'.

Screenshot New Key

Screenshot New Key

It is recommended to use the keytype RSA with a keysize of 4096 bit. It is advised to change the default setting of 2048 bit to 4096 bit. Then create a new key by pressing the "Create" button. After a moment, the message appears that the key was successfully created; please confirm this with the "OK" button. Close the window with "OK" and the newly created key appears.

Once you have the data filled and a private key finish with 'Create'.

Copy CSR To Clipboard

Screenshot Paste CSR to clipboard

Screenshot Paste CSR to clipboard

Select the CSR and use a right mouse click to Export - Clipboard.

Now the CSR can be pasted to an email, to a file or into a CA application.

Import Public Key Via Clipboard

If you receive your public key in an CA application or as text in an email copy the public key from

    -----BEGIN CERTIFICATE-----
    until
    -----END CERTIFICATE-----
Screenshot Import PEM file via clipboard

Screenshot Import PEM file via clipboard

To import the public key go to the Cerificates tab and choose from the menu Import - 'Paste PEM file'

Screenshot Import key

Screenshot Import key

Use 'Import' to import the public key to the XCA database.

Export Certificate

To export a certificate from the XCA database select the certifcate on the Certificates tab and use the button 'Export'.

Screenshot Export certificate

Screenshot Export certificate

Select a file name and define the export format.

To use the certificate with Windows you should export the file as PKCS#12 (*.p12).

Finish the export with 'OK'.

Back to top of page
Table of Contents | Copyright WPIA 2018-2019 | Imprint | Data Protection