Provided by: xca_2.4.0-2_amd64 
NAME
xca - X Certificate and key management
A GUI for handling X509 certificates, RSA/DSA/EC keys, PKCS#10 Requests and CRLs in
Software and on Smartcards.
SYNOPSIS
xca [OPTIONS]
DESCRIPTION
This application is intended as CA, certificate- and Key store. It uses a SQL database to
store the items. By default this is SQLite3, but MySQL and PostrgreSQL are also tested and
supported. Known types are Certificate signing requests (PKCS#10), Certificates (X509v3),
RSA, DSA and EC keys and Certificate revocation lists. The signing of requests, and the
creation of self-signed certificates is supported. Both can use templates for simplicity.
The PKI structures can be imported and exported in several formats like PKCS#12, PEM, DER,
PKCS#8, PKCS#7.
XCA enables users to manage smartcards via the PKCS#11 interface
OPTIONS
--crlgen=<ca-identifier> *
Generate CRL for <ca>. Use the 'name' option to set the internal name of the new
CRL.
--database=<database>
File name (*.xdb) of the SQLite database or a remote database descriptor:
[user@host/TYPE:dbname#prefix].
--exit Exit after importing items.
--help Print this help and exit.
--hierarchy=<directory> *
Save OpenSSL index hierarchy in <dir>.
--index=<file> *
Save OpenSSL index in <file>.
--import *
Import all provided items into the database.
--issuers *
Print all known issuer certificates that have an associated private key and the CA
basic constraints set to 'true'.
--keygen=<type> *
Generate a new key and import it into the database. Use the 'name' option to set
the internal name of the new key. The <type> parameter has the format:
'[RSA|DSA|EC]:[<size>|<curve>].
--list-curves
Prints all known Elliptic Curves.
--name=<internal-name> *
Provides the name of new generated items. An automatic name will be generated if
omitted.
--no-gui
Do not start the GUI. Alternatively set environment variable XCA_NO_GUI=1 or call
xca as 'xca-console' symlink.
--password=<password>
Database password for unlocking the database.
--pem Print PEM representation of provided files. Prints only the public part of private
keys.
--print
Print a synopsis of provided files.
--sqlpass=<password>
Password to access the remote SQL server.
--text Print the content of provided files as OpenSSL does.
--verbose
Print debug log on stderr. Alternatively set the environment variable XCA_DEBUG=1.
--version
Print version information and exit.
Options marked with an asterisk need a database. Either from the commandline or as default
database.
PASS PHRASE ARGUMENTS
The password options accept the same syntax as openssl does:
env:var
Obtain the password from the environment variable var. Since the environment of
other processes is visible on certain platforms (e.g. ps under certain Unix OSes)
this option should be used with caution.
fd:number
Read the password from the file descriptor number. This can be used to send the
data via a pipe for example.
file:pathname
The first line of pathname is the password. If the same pathname argument is
supplied to password and sqlpassword arguments then the first line will be used for
both passwords. pathname need not refer to a regular file: it could for example
refer to a device or named pipe.
pass:password
The actual password is password. Since the password is visible to utilities (like
'ps' under Unix) this form should only be used where security is not important.
stdin Read the password from standard input.
SEE ALSO
A more detailed HTML documentation can be found in the doc directory, in the "Help" menu
of the application or on https://hohnstaedt.de/documentation
AUTHOR
This manual page was written by Christian Hohnstaedt <christian@hohnstaedt.de>
XCA(1)