You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is not a bug report, it's a enhancement suggestion.
While xca can create certificate requests itself, it is still considered not a good idea to generate private keys with the CA. They should be generated on the client system and never leave it. The way to do this is to import a certicate request into xca to make them a certificate.
I don't do this very often and always have to figure out again which openssl command line and which openssl.cnf contents is needed to create a request that contains what I want it to contain. When I create the certificate request or directly the certificate with xca, this is all gui driven and really nice to use.
Maybe it would be possible to allow xca to not actually generate the certificate request after going through the motions of configuring the certificate parameters and other contents, but to export an openssl.cnf and an openssl command line (maybe a shell script containing both?) via clipboard or file, so that this can be copied or pasted to the client so that the actual generation takes place on the remote system.
I think this would probably be easiest to implement by giving the Create Certificate signing request dialog a new tab with two text fields, one for (a minimal) openssl.cnf and one for the openssl command line so that the information can be cut from there and pasted elsewhere.
Thanks for considering this suggestion.
Greetings
Marc
The text was updated successfully, but these errors were encountered:
This is not a bug report, it's a enhancement suggestion.
While xca can create certificate requests itself, it is still considered not a good idea to generate private keys with the CA. They should be generated on the client system and never leave it. The way to do this is to import a certicate request into xca to make them a certificate.
I don't do this very often and always have to figure out again which openssl command line and which openssl.cnf contents is needed to create a request that contains what I want it to contain. When I create the certificate request or directly the certificate with xca, this is all gui driven and really nice to use.
Maybe it would be possible to allow xca to not actually generate the certificate request after going through the motions of configuring the certificate parameters and other contents, but to export an openssl.cnf and an openssl command line (maybe a shell script containing both?) via clipboard or file, so that this can be copied or pasted to the client so that the actual generation takes place on the remote system.
I think this would probably be easiest to implement by giving the Create Certificate signing request dialog a new tab with two text fields, one for (a minimal) openssl.cnf and one for the openssl command line so that the information can be cut from there and pasted elsewhere.
Thanks for considering this suggestion.
Greetings
Marc
The text was updated successfully, but these errors were encountered: