Next Previous Contents

8. Certificate Signing Requests

Certificate signing requests are described in PKCS#10 standard. They are used to supply a Certification Authority with the needed information to issue a valid certificate without knowing the private key. This includes personal information, they public key and additional extensions.

Netscape SPKAC files can not be created or exported, but they can be imported and signed. This requests are marked in the Signature field as SPKAC and a Netscape icon is shown.

It is not necessary to generate a request prior to signing it by your CA or before self-signing it. Simply start generating the certificate directly. People using the OpenSSL command line tools, are used to generate a request with "openssl req -new ..." and then signing it . This is not necessary with XCA.

8.1 Generating a new Request

After clicking on the New Request button the Certificate dialog will be started to ask all needed information for generating a new Request. See: The Certificate input dialog

The request generation can also be invoked by the context menu of a certificate (Export->Request). This menu point is only available if the private key of the certificate is available. In this case all needed data is copied from the certificate and the Certificate dialog is not invoked.

8.2 Request Export

Requests can be exported by the context-menu or by the button on the right.

8.3 Request Transformation

A request transformation creates a new database entry based on the selected request

8.4 Request Details

All information contained in the request are shown. If the keystore contains the private key corresponding to the request the keys internal name is shown in the Key field.


Next Previous Contents