The options dialog can be found in the file menu. All options are saved in the database and do not depend on the operating systems registry or configuration files.
A list of mandatory distinguished name entries may be specified to get a warning, whenever issuing a certificate that lacks one or more listed entries. This requirement is not checked when editing templates, because templates may have empty entries that will be filled during the rollout of the certificate.
This option applies to all strings converted to ASN1 strings. The selected string type is automatically set to the smallest possible and allowed type, covering all contained characters.
The list of allowed string types can be selected:
Older Windows versions and OpenSSL versions can not handle SHA256 and SHA512. This option allows to set the hash algorithm to SHA1 for instance.
After importing and generating new items a success message is shown. This switch disables the messages.
Since version 0.9.2 the expiration dates of certificates will be colorized. Red means expired or not yet valid. Yellow indicates certificates that only have 4/5 of their lifetime until expiration. The CRL expiration date will be marked red 2 days before expiration.
Here you can select the path to the PKCS#11 library on your system.
If it is empty, the default
/usr/lib/opensc-pkcs11.so will be used.
On Windows the opensc-pkcs11.dll in the XCA installation directory will be tried.