Next Previous Contents

4. The Wizard

The Wizard is the central part for collecting all data regarding Certificates, Requests and Templates. It will be invoked whenever such an item is going to be created or, in case of a Template, is altered. and Templates and for changing Templates.

4.1 Template selection

On this page the template to be used can be selected. All following pages will be preset to the appropriate values of the selected template. If you don't want to use a template just select the Empty Template. If the checkbox labeled: Change the default extensions of the template is checked the Wizard will show 3 more pages containing all certificate extensions. The lazy people leave this checkbox unchecked.

For generating Certificates there is a drop-down list of all Requests that are available. If you don't want to sign a request but generate a certificate from scratch or template, uncheck the checkbox to the left of the request list. Also only for creating certificates the signer of the new certificate can be selected wether it shall become a self-signed certificate or get signed by one of the CA certificates in the drop-down list.

This page is not shown when creating or changing templates.

4.2 Personal settings

On this Page all personal data like country, name and Email address can be filled in. Only the Internal name is mandatory. The Country code field must either be empty or exactly contain two letters representing your country code; e.g. DE for Germany. If you want to create a SSL-server certificate the Common name must contain the DNS name of the server.

Keys can be generated here on the fly by pressing the button. If there is no usable key and you need one, they key generation is invoked automatically. The newly generated key will be stored in the database, even if you cancel the Wizard. The drop-down list of the keys does only contain keys that were not used by any other certificate or request. The keylist is not available for creating or changing templates.

This page does not appear when signing a request, because the request does contain all needed data from this page.

4.3 X509v3 Extensions

The following 3 pages do contain all fields for adjusting the certificate extensions. It is not in the focus of this document to explain them in detail. The most important are the Basic Constraints and the Validity range.

For more information consult the documents in otherdoc . Expecially if you don't know what this is all about consider not to create any certificates before reading those documents.

Basic Constraints

If the CA flag is set to true the certificate is recognized by XCA and other instances as issuer for other certificates. Server-certificates or E-Mail certificates must have set this flag to false

Validity Range

The not Before field is set to the current date and time of the operating system and the not After field is set to the current date and time plus the specified time range.


Next Previous Contents