FEEDBACK

[bimmerdriver]

I have some feedback based on using XCA.

I like using it compared to openssl. I find it to be quicker to use and it's also more friendly due to the GUI.

I already commented about the "friendly name". It would be nice if this feature was built-in, since it currently relies on the XCA internal name, which is also used for the filename. The filename and the "friendly name" are not the same (at least not in openssl). The specific application I'm creating the certificates for requires the friendly name to be generic (securekey), regardless of the CN. They need to have unique filenames, even though they have the same "friendly name".

I found that copy / paste doesn't work. It would be handy if it was possible to copy fields from an existing certificate into a new certificate to save typing.

When creating a CA, if you don't fill in the length, no length appears in the Extensions tab, but if you show the config, pathlen:0 is included in the basicConstraints.

I tried using the transform feature to create a new version of a certificate (a private CA). The only difference between the new version and the old version was the validity. I wanted it to be 10 years, so I changed it and applied it. When I saved the new certificate, the validity was one year. I tried several times to be sure it wasn't a finger problem, which it was not.

Since I couldn't create a new certificate with a 10 year validity using transform, I renamed the old certificate to xxx OLD and saved it. Then I created a new CA certificate from scratch, but using the existing key. When I tried to create tls server certificates using the new CA, I selected the new CA (as opposed to the OLD CA). However, the new certificates were created under the OLD CA, not under the new CA. Perhaps this is because I used the same key. Again, I tried several times to be sure it wasn't a finger problem, which it was not, so I deleted the OLD certificate. After that, all of the tls server certificates (old and new) appeared under the new CA.