xca 1.4.1 Sat Mar 3 2018

• Replace links to XCA on Sourceforge in the software and documentation by links to my Site. xca 1.4.1-pre02 Thu Mar 1 2018
• SF Bug #122 isValid() tried to convert the serial to 64 bit
• Beautify mandatory distinguished name entry errors
• Support dragging certificates and other items as PEM text
• Show User settings and installation path in the about dialog xca 1.4.1-pre01 Sun Feb 18 2018
• Remove SPKAC support. Netscape is not of this world anymore.
• SF bug #124 Wrong assumptions about slots returned by PKCS11 library
• Cleanup and improve the OID text files, remove senseless aia.txt
• Update HTML documentation
• Refine and document Entropy gathering
• Indicate development and release version by git commit hash
• Fix dumping private keys during "Dump database"
• Fix Null pointer exception when importing PKCS#12 with OpenSSL 1.1.0
• SF Bug #110 Exported private key from 4096 bit SSH key is wrong
• SF Bug #109 Revoked.png isn't a valid image
• SF Bug #121 CA serial number is ignored in hierarchical view
• Improve speed of Bulk import.
• Fix starting xca with a database as first arg

xca 1.4.0 Thu Jan 4 2018

• Update OpenSSL version for MacOSX and W32 to 1.1.0g
• Change default hash to SHA-256 and add a warning if the default hash algorithm is SHA1 or less
• Switch to Qt5 for Windows build and installation
• Do not apply the default template when creating a similar cert
• Close SF #120 Crash when importing CA certificate
• Close SF #116 db_x509.cpp:521: Mismatching allocation and deallocation
• Add support for OpenSSL 1.1 (by Patrick Monnerat)
• Support generating an OpenSSL "index.txt" (by Adam Dawidowski)
• Thales nCipher key generation changes for EC and DSA keys
• Add Slovak translation

xca 1.3.2 Sat Oct 10 2015

• Gentoo Bug #562288 linking fails
• Add OID resolver, move some Menu items to "Extra"
• SF. Bug. #81 Make xca qt5 compatible
• SF. Bug. #107 error:0D0680A8:asn1 encoding
• Don't validate notBefore and notAfter if they are disabled.

xca 1.3.1 Fri Aug 21 2015

• Fix endless loop while searching for a signer of a CRL

xca 1.3.0 Thu Aug 11 2015

• Update to OpenSSL 1.0.2d for Windows and MAC
• SF Bug #105 1.2.0 OS X Retina Display Support
• Digitaly sign Windows and MAC binaries with a valid certificate
• Refactor the context menu. Exporting many selected items to the clipboard or a PEM file now works. Certificate renewal and revocation may now be performed on a batch of certificates.
• Feat. Reg. #83 Option to revoke old certificate when renewing
• Refactor revocation handling. All revocation information is stored with the CA and may be modified. Revoked certificates may now be deleted from the database
• Support nameConstraints, policyMappings, InhibitAnyPolicy, PolicyConstraint and (OSCP)noCheck when transforming certificates to templates or OpenSSL configs
• Fix SF Bug #104 Export to template introduces spaces
• Add option for disabling legacy Netscape extensions
• Support exporting SSH2 public key to the clipboard
• SF Bug #102 Weak entropy source used for key generation: Use /dev/random, mouse/kbd entropy, token RNG
• SF Feat. Req. #80 Create new certificate, based on existing certificate, same for requests
• Add Cert/Req Column for Signature Algorithm
• SF Feat. Req. #81 Show key size in New Certificate dialog
• Distinguish export from transform: - Export writes to an external file, - Transform generates another XCA item

xca 1.2.0 Sat Mar 21 2015

• Update to OpenSSL 1.0.2a for Windows and MAC drop brainpool extra builds
• Use CTRL +/- to change the font size in the view
• Add Row numbering for easy item counting
• Support SSH2 public key format for import and export
• Add support for SHA-224
• add "xca extract" to export items from the database on the commandline

xca 1.1.0 Sat Nov 22 2014

• SF Bug #79 Template export from WinXP cannot be imported in Linux and Mac OS X
• Support for Brainpool windows and MacOSX binaries
• SF Feat. Req. #70 ability to search certificates
• SF Feat. Req. #75 show SHA-256 digest
• RedHat Bug #1164340 - segfault when viewing a RHEL entitlement certificate
• Database hardening - Delete invalid items (on demand) - Be more tolerant against database errors - Gracefully handle and repair corrupt databases - Add "xca_db_stat(.exe)" binary to all installations
• Translation updates
• Optionally allow hash algos not supported by the token
• Select whether to translate established x509 terms
• Finish Token EC and DSA support - generate, import, export, sign
• SF Feat. Req. #57 More options for Distinguished Name
• Switch to autoconf for the configure script
• SF Feature Req. #76 Export private keys to clipboard
• EC Keys: show Curve name in table
• Support EC key generation on PKCS#11 token
• PKCS#11: Make EC and RSA signatures work
• PKCS#11: Fix reading EC keys from card
• SF Bug #82 Certificate Creation out of Spec
• SF Bug #95 XCA 1.0 only runs in French on a UK English Mac

xca 1.0.0 Wed Oct 22 2014

• SF Bug #89 Validating CRL distribution point results in error
• SF Feature Req. #69 Create "Recent databases..." file menu item
• SF Bug #75 authorityInfoAccess set error
• SF Bug #88 Minor spelling error
• SF Bug #87 Unable to set default key length The Key generation dialog now allows to remember the current settings
• Do not interpret HTML tags in message boxes
• Overwite extensions from the PKCS#10 request by local extensions This avoids duplication errors and allows to overwrite some extensions from the request
• SF Bug #78 replace path separators in export filenames
• SF Feature Req. #71 Add KDC Authentication OIDs to default files
• SF Bug #82 Certificate Creation out of Spec
• Add Croatian translation
• SF Bug #83 Inappropriate gcc argument order in configure script

xca 0.9.3 Sat May 12 2012

• Fix double free in a1time resulting in random crashes

xca 0.9.2 Sun May 6 2012

• Support for Local timezone dates. Differentiate between invalid and undefined dates.
• Fix Bug #3461403 Error when create certificate with CRL distribution point User error -> Improve user-friendlyness
• Fix Bug #3485139 Exception when creating certificates in passwordless db
• Avoid very long names resulting in duplicate names in the database.
• Add warning colors for expired dates.

xca 0.9.1 Fri Oct 21 2011

• Close bug [ 3372449 ] All numeric names cannot be used
• add search functionality for PKCS#11 libraries
• fix ASN.1 encoding of PKCS#10 request
• Close bug [ 3318203 ] Build failure with GNU gold linker
• Add x509v3 extensions to the list of selectable columns
• Close bug [ 3314262 ] Incorrect "Path length" template parameter handling
• Close bug [ 3314263 ] Unrevoking a certificate does not make it "Trusted"
• Feature Request [3286442] Make success/import messges optional
• improve Password entry
• Improve SPKAC import
• add french translation by Patrick Monnerat
• Export requests or certificates as openssl config file
• Support building with EC disabled
• Close bug [3091576] Private key export is always PKCS#8 encoded
• Feature Request [3058196] Autoload database
• Feature Request [3058195] Export directly to the clipboard
• Close bug [3062711] Additional OIDs
• Close bug [3062708] Invalid user configuration file path name
• Fix PKCS#11 library handling

xca 0.9.0 Sun Aug 29 2010

• support loading more than one PKCS#11 library
• remove the need for engine_pkcs11 now more than one PKCS#11 library can be loaded and used in parallel
• Add de/selection of columns and add a lot of new possible columns All Subject entries, the subject hash and whole name, Certificate fingerprints, dates, CA info, CRL number, corresponding key of certs and requests
• Improve CRL generation [3035294] CRLNumber, CRLReason
• improve creating templates from cert - enhance parsing of CRL-DP, SAN, IAN and AuthInfoAcc - add support for CertificatePolicies - unknown extension are written as generic DER
• improve date handling. "notBefore" is not reset to now anymore when applying a time range
• Support dropping files onto the application
• russian translation by Pavel Belly
• support loading DER formatted PKCS#8 keys
• ease commandline use
• add DH param generation menu entry
• improve token handling and PIN changing dialogs
• improve key-value table input for "additional DN entries"
• PIN and PUK changing implemented
• apply partial template-contents - applying the subject only or the extensions only is possible now
• add informational messageboxes - whenever an item was successfully created or imported
• add support for random serial numbers
• improve messages, usability and german translation
• improve token support - token initializing - creating keys on a token - store existing keys on a token - delete keys and certs from a token

xca 0.8.1 Tue Jan 5 2010

• fix string conversion from QString to ASN1

xca 0.8.0 Thu Dec 10 2009

• improve documentation
• improve file-dialog handling
• Generate Template from certificate or PKCS#10 request -> Feature request [2213094] and [1108304]
• add hash algos "ripemd160" and "SHA384"
• add the "no well-defined date" from RFC 5280 as checkbox
• Feature request [1996192] Include "OCSPSigning" in misc/eku.txt
• Support for EC keys
• Update Step-by-step documentation Thanks Devin Reade
• Support for Smart Cards
• set proper file-extension .xdb on opening databases

xca 0.7.0 Fri Sep 11 2009

• support modifying the CSR subject during signing
• update key images
• fix date settings in Certificate renewal dialog
• fix certificate request verification
• check for duplicate x509 v3 extensions Bug [ 1881482 ] and [ 1998815 ]
• make sha1 the default hash to avoid problems with other software Bug [ 1751397 ]
• add validation button to see all extensions before creating the cert
• change the hashing for the default password. this makes it incompatible to older versions
• Major changes for MAC OS X
• extend template format for nconf settings
• add nconf input field for arbitrary OpenSSL extensions and a "validate" button to check the settings before applying
• fix xca.desktop Bug [ 1837956 ]
• fix item-export error handling
• add PEM paste import feature
• extend PEM import to import all items from a PEM file

xca 0.6.4 Mon Aug 13 2007

• Bug "tree view loose track" fixed
• check for certificate errors and display them instead of crashing
• move used-keys-button form options to NewX509 dialog
• Set string options in options dialog
• remove extension and attribute tab in details dialog if no extensions or attributes available
• documentation updated
• X509 request attributes (like challange password) can be set and viewed.

xca 0.6.3 Thu May 17 2007

• show CRL signature algorithm information
• Add options dialog to set the default hash algo, mandatory distinguished name entries and allow duplicate key use as requested by some users
• make cert, crl and key details copy&paste able
• fix background color of clicklabels Bug [ 1704699 ]
• remove missleading tooltips Bug [ 1704700 ]
• fix segfault
• switch string handling to UTF8

xca 0.6.2 Mon Apr 9 2007

• break endless loop in chain building Bug [ 1696878 ]

xca 0.6.1 Thu Apr 5 2007

• minor documentation updates
• Fix openssl-cross patch
• recognize certificates with circular references [ xca-Bugs-1693027 ]
• be compatibile to QT-4.1 (thanks Tamas TEVESZ)
• remove all usages of QT3 backward lib [ xca-Feature Requests-1692800 ]

xca 0.6.0 Fri Mar 16 2007

• set initial sorting to ascending order
• add RFC2253 representation of subject and issuer to copy & paste
• fix dialog sizes for long DNs
• move hash algo into signer box [ 1656260 ]
• make QA serial a compile time option
• fix date generation and warn if generalized time is used
• autodetect and load any type of PEM files
• fix version number in exported *.xca template
• fix import of older XCA templates
• add support for predefined templates as there was in 0.5.1
• fix cmdline import of crypto items
• add undelete feature for deleted items
• fix database shrinking of curent db during opening of new db xca 0.6.0-beta02 Fri Feb 2 2007
• correct and fixate the order of x509name entries
• Add CRL properties dialog to select the dates and the signing algo
• Add SHA256 and SHA512
• Certificate export for apache and OpenSSH+X509
• Default templates for client, server, CA removed
• template duplication added
• sort serial numbers numerically and not lexicographically Bug [1166075]
• add build support for cygwin and mingw-cross
• delete rpm/ and debian/ subdirs
• Port to QT4 and openssl 0.9.8 remove the need of Berkeley DB importing of old database dump possible
• finish support for Mac OS X
• add X509 V3 extensions to PKCS#10 requests
• add "validation" function for editable extensions below
• add "edit" buttons for subject/issuer alt. name, crl dist. point and cert. auth. info access
• add DB-dump function into subdirs
• Support for DSA keys
• Fix error in template changing
• change storage-format of keys: store the public unencrypted and the private additionally encrypted.
• Allow different passwords for keys

xca 0.5.1 Tue Jul 13 2004

• support for different languages on WIN platform (Thanks Ilya)
• better installation and deinstallation on WIN platform
• documentation updated

xca 0.5.0 Sun Jun 13 2004

• orthographical changes
• more translations
• segfault in CRL import removed
• manpage and documentation updated
• store "midnight" in template xca 0.4.7-RC2 Fri Apr 16 2004
• open db if explicit mentioned, otherwise do not.
• Errormessage on a wrong pkcs12 password more comprehensive
• postinst and postrm do update-menu
• search more intensive for the CRL signer
• add /etc/xca/nid.txt to OID search path
• debian build enhanced, lintian satisfied, manpage added.
• AuthorityInfoAccess enhanced "aia.txt" as oid list added
• allow empty passwords on PKCS#12 import xca 0.4.7-RC1 Thu Feb 5 2004
• debian menu-entry added
• Open and closing of different databases
• Menu added
• German translation
• CRLs will revoke existing certs
• memory leaks removed
• support for other compiled in basedir on unix
• Authority info access added Certificate policies still pending :-(
• additional (private) oids can be registered in oids.txt
• OIDs for extended key usage and Distinguished name are now read from eku.txt and dn.txt respectively.
• About dialog and help window added.
• Requestdetail is now tabdialog

xca 0.4.6 Tue Nov 25 2003

• Country is State or Province
• xca.dsp: WIN32 changes from Ilya
• New configure added, Makefile.in's purged and one configuration: "Local.mak" for flags and compilers. supports parallel builds (make -j)
• SmartCard Logon OID added
• Fixed bugs:
• [ 846052 ] Tab order in Certificate Netscape extensions is wrong
• [ 845800 ] CRL Generation problem for Netscape
• [ 836967 ] Unable to specify alternate database
• [ 843725 ] xca dies when opened with a pem key as argument
• [ 789374 ] Bad encoding in misc/xca.desktop
• by Wolfgang Glas <wolfgang.glas@ev-i.at>: - Support for UTF8 in x509name - Netscape SPKAC support added

xca 0.4.5 Wed Aug 13 2003

• more german translations
• [ 737036 ] make error texts copiable from pop-up-windows to clipboard by adding a button doing this
• [ 767603 ] Key sizes Implemented by making the Key-size ComboBox editable to enter arbitrary key sizes.
• [ 765774 ] change password for database

xca 0.4.4 Wed Aug 6 2003

• [ 783853 ] renewal uses 'notBefore' as 'notAfter' date
• [ 783830 ] GeneralizedTime-format breaks browsers

xca 0.4.3 Tue Aug 5 2003

• remove Certificate creation bug (AuthKeyId)
• always take the right cert for signing
• critical flag in key usage and extended key usage works now
• Import of Multiple items is done and works [ 739726 ] extend description of -p option [ 775529 ] Import of PKCS#7 item not shown
• made the details dialogs internal name read only
• some segmentation faults removed
• VPN OIDs added to Ext. Keyusage

xca 0.4.2 Sun Jul 20 2003

• Memory leak removed
• Template import and export added
• fix bug [ 773056 ] Duplicate 'All files (*.*)' selection on import menus
• import of PKCS#12 keys repaired
• crl icon added to W32 installation
• /usr/local/include removed from CPP flags
• Buttons "Export Cert" and "Change Template" reconnected.
• Authority Key identifier repaired

xca 0.4.1 Tue Jul 15 2003

• some compiling issues removed
• Import via commandline repaired,
• signing of requests without key fixed
• Changes for WIN32 version from Ilya added
• solved bug: [ 770120 ] Attempting to export private key results in no file exported
• implemented feature request: [ 755599 ] add PFX import button to Keytab

xca 0.4.0 Tue Jul 8 2003

• Solved bugs:
• [ 752111 ] Cannot handle dates past 32-bit boundary (2038)
• [ 744227 ] Bug in handling of 3rd. party CRLs
• The following Feature requests were implemented:
• [ 743152 ] Attributes in subject name
• [ 755853 ] select the hash algorithm for signing.
• The code was completely rewritten to remove many unpretty codefragements and get a more stable codebase
• The names of certs and keys in the detailsview of Certs, CRLs and Requests are clickable.
• xca desktopfile added and will be installed in applications, key.xpm will be installed as xca.xpm in pixmaps ([ 763954 ] xca.desktop file) Thanks to Enrico Scholz

xca 0.3.2 Thu May 15 2003

• Optimizations, icon for WIN32 platform
• MS Registry and %USERPROFILE% support
• Support for PKCS#7 certs (im/export)
• small UI changes

xca 0.3.1 Thu Apr 24 2003

• Tool Tips added
• CRL handling (import, export, details) added

xca 0.3.0 Fri Apr 25 2003

• several bugfixes and memoryleaks removed
• export to TinyCA and "openssl ca" added
• switch between tree/plain view in certificate list
• notAfter dates in certificate view can be sorted reasonably
• libdb-4.1.24 and higher is supported
• The certificate details dialog was redesigned to be a smaller tab-dialog
• Mainwindow dialog shrinked
• Item viewing and import via the commandline is possible
• documentation littlebit updated
• changes in configure
• The wizard invokes the key generation process only if really needed

xca 0.2.12 Mon Jan 6 2003

• PKCS#7 encryption and signing of files added
• First attempt of documentation added
• Several export targets added
• Certificate renewal repaired

xca 0.2.11 Wed Dec 4 2002

• Certificate export enhanced, increase signer-serial on certimport.
• interpretation of serial as hex and not as dezimal.
• configure continues even if qt lib is absent.
• $HOME/xca is created if it does not exist.

xca 0.2.10 Tue Oct 29 2002

• shows not After time and serial in listview
• some segfaults removed
• Certificate renewal implemented
• extension-bug removed
• request-kontextmenu contains signing
• create request from certificate
• FreeBSD paths and libs recognized by configure

xca 0.2.9 Mon Oct 21 2002

• several segfaults eliminated
• key-use counter corrected
• initial truststate fixed
• remembers Im/Export directories
• import of mutiple certs/keys/requests/pkcs12
• database transactions activated
• exception-handling completed

xca 0.2.8 Sun Oct 13 2002

• consistency checks for Iss-alt-name and Sub-alt-name
• Check for certificate dates to not exceed those of the signer
• defines for libdb >4.1.x
• default templates added
• package-builder do build without printf-debugging
• key-use counter works now well

xca 0.2.7 Tue Oct 8 2002

• segfaults removed
• minor wizard changes

xca 0.2.6 Mon Sep 30 2002

• show common name in request list and certificate list
• CRL generation added
• Key-export fixed
• signing-template, CRL date and CRL time interval adjustable
• Fix for windows filenames

xca 0.2.5 Tue Sep 24 2002

• Certificate and Template Wizard completed
• CA-serial can be changed and is stored with the cert
• Passwordboxes set focus right (Andrey Brindeew <abr@abr.pp.ru>)
• configure enhanced with error and success messages
• x509 v3 extensions completed inc. Netscape extensions
• Templates implemented
• Files for MS Visual C++ added (yes, it compiles on MS Windows)
• Windows Installer added (Nullsoft)

xca 0.2.4 Tue Sep 10 2002

• PKCS#12 import added
• bugfixes fileview, requestgeneration

xca 0.2.3 Wed Sep 4 2002

• icons changed
• context menu on right mousebutton
• trust state settings added
• dialogboxes are resizeable
• extended keyusage added to v3 extensions when creating new cert
• all dialogs translated to english
• no more images in *.ui files

xca 0.2.2 Thu Jul 18 2002

• basic constraints, key usage and subject/authority key identifier
• signing wizard...
• Signatures can be done with requests and from scratch
• Certificate for signing can be self or foreign,
• password is saved as md5sum

xca 0.1.12 Thu Jul 11 2002

• icons added
• treeview for Certificates
• private keys are triple DES encrypted in db
• program asks for initial password on startup
• some segfaulting bugs removed

xca 0.1.11 Wed Jul 3 2002

• RSA Keys are generated and stored to or loaded from a file in either DER or PEM format.
• They get stored in a local Berkeley DB.
• Changing their description and viewing their contents, as well as deleting them from local DB is possible.