lunar (1) xca.1.gz

Provided by: xca_2.4.0-2_amd64 bug

NAME

       xca - X Certificate and key management

       A  GUI  for  handling  X509  certificates,  RSA/DSA/EC  keys, PKCS#10 Requests and CRLs in
       Software and on Smartcards.

SYNOPSIS

       xca [OPTIONS]

DESCRIPTION

       This application is intended as CA, certificate- and Key store.  It uses a SQL database to
       store the items. By default this is SQLite3, but MySQL and PostrgreSQL are also tested and
       supported.  Known types are Certificate signing requests (PKCS#10), Certificates (X509v3),
       RSA,  DSA  and EC keys and Certificate revocation lists.  The signing of requests, and the
       creation of self-signed certificates is supported. Both can use templates for  simplicity.
       The PKI structures can be imported and exported in several formats like PKCS#12, PEM, DER,
       PKCS#8, PKCS#7.
       XCA enables users to manage smartcards via the PKCS#11 interface

OPTIONS

       --crlgen=<ca-identifier> *
              Generate CRL for <ca>. Use the 'name' option to set the internal name  of  the  new
              CRL.

       --database=<database>
              File  name  (*.xdb)  of  the  SQLite  database  or  a  remote  database descriptor:
              [user@host/TYPE:dbname#prefix].

       --exit Exit after importing items.

       --help Print this help and exit.

       --hierarchy=<directory> *
              Save OpenSSL index hierarchy in <dir>.

       --index=<file> *
              Save OpenSSL index in <file>.

       --import *
              Import all provided items into the database.

       --issuers *
              Print all known issuer certificates that have an associated private key and the  CA
              basic constraints set to 'true'.

       --keygen=<type> *
              Generate  a  new  key and import it into the database. Use the 'name' option to set
              the  internal  name  of  the  new  key.  The  <type>  parameter  has  the   format:
              '[RSA|DSA|EC]:[<size>|<curve>].

       --list-curves
              Prints all known Elliptic Curves.

       --name=<internal-name> *
              Provides  the  name  of new generated items. An automatic name will be generated if
              omitted.

       --no-gui
              Do not start the GUI. Alternatively set environment variable XCA_NO_GUI=1  or  call
              xca as 'xca-console' symlink.

       --password=<password>
              Database password for unlocking the database.

       --pem  Print  PEM representation of provided files. Prints only the public part of private
              keys.

       --print
              Print a synopsis of provided files.

       --sqlpass=<password>
              Password to access the remote SQL server.

       --text Print the content of provided files as OpenSSL does.

       --verbose
              Print debug log on stderr. Alternatively set the environment variable XCA_DEBUG=1.

       --version
              Print version information and exit.

       Options marked with an asterisk need a database. Either from the commandline or as default
       database.

PASS PHRASE ARGUMENTS

       The password options accept the same syntax as openssl does:

       env:var
              Obtain  the  password  from  the environment variable var. Since the environment of
              other processes is visible on certain platforms (e.g. ps under certain  Unix  OSes)
              this option should be used with caution.

       fd:number
              Read  the  password  from  the file descriptor number. This can be used to send the
              data via a pipe for example.

       file:pathname
              The first line of pathname is the  password.  If  the  same  pathname  argument  is
              supplied to password and sqlpassword arguments then the first line will be used for
              both passwords. pathname need not refer to a regular file:  it  could  for  example
              refer to a device or named pipe.

       pass:password
              The  actual  password is password. Since the password is visible to utilities (like
              'ps' under Unix) this form should only be used where security is not important.

       stdin  Read the password from standard input.

SEE ALSO

       A more detailed HTML documentation can be found in the doc directory, in the  "Help"  menu
       of the application or on https://hohnstaedt.de/documentation

AUTHOR

       This manual page was written by Christian Hohnstaedt <christian@hohnstaedt.de>

                                                                                           XCA(1)