Older versions of XCA used a Berkely database for storing the crypto items.
Starting from version 0.6.0 this has changed to a simple
endian independent file format for several reasons:
- The Berkeley db API was a moving target and every distribution had different versions installed.
Handling all versions well ended up in an "#ifdef hell"
where every second build failure was based on a different API in an other db version.
- The database got corrupted if a log.0000001 file was deleted.
- copying a database from one place to another was only possible, if
the log file was also copied. This breaks the approach of having
one single, simpe file containing the crypto items.
Since XCA 0.6.0 is not compiled with Berkeley DB support it cannot read old
file formats. The extension of files has changed from *.db to *.xdb .
Importing old databases is done by the following steps:
- Use db_dump of your distribution to dump the database to an ASCII file.
(Windows users will find a db_dump.exe in the XCA installation dir).
The command is: db_dump -f xca.db.dump xca.db
- Start XCA and open a new database (e.g. xca.xdb). XCA asks for a
password for this new, empty database.
- Point your mouse to "File->Import old db_dump" and select the file "xca.db.dump"
- XCA now asks for the password of the ORIGINAL database, since the ASCII
dump still contains the private keys encrypted with the password.
- Enjoy XCA 0.6.0
The most recent stable version of XCA can be downloaded from
The current (unstable) HEAD of development can be downloaded and tested via
Please do not hesitate to contact me for information about branches.
Diffie Hellman parameters can be created by XCA.
It does neither need nor use the parameters.
Applications like OpenVPN however need them and so XCA provides this
functionality for users convenience.