xca

XCA(1) General Commands Manual XCA(1)

NAME

   xca - X Certificate and key management

   A GUI for handling X509 certificates, RSA/DSA/EC keys, PKCS#10 Requests and CRLs in Software and on Smartcards.

SYNOPSIS

   xca [OPTIONS]

DESCRIPTION

   This  application  is intended as CA, certificate- and Key store.  It uses a SQL database to store the items. By default this is SQLite3, but MySQL and PostrgreSQL are also tested and
   supported.  Known types are Certificate signing requests (PKCS#10), Certificates (X509v3), RSA, DSA and EC keys and Certificate revocation lists.  The signing  of  requests,  and  the
   creation  of  self-signed certificates is supported. Both can use templates for simplicity.  The PKI structures can be imported and exported in several formats like PKCS#12, PEM, DER,
   PKCS#8, PKCS#7.
   XCA enables users to manage smartcards via the PKCS#11 interface

OPTIONS

   --crlgen=<ca-identifier> *
          Generate CRL for <ca>. Use the 'name' option to set the internal name of the new CRL.

   --database=<database>
          File name (*.xdb) of the SQLite database or a remote database descriptor: [user@host/TYPE:dbname#prefix].

   --exit Exit after importing items.

   --help Print this help and exit.

   --hierarchy=<directory> *
          Save OpenSSL index hierarchy in <dir>.

   --index=<file> *
          Save OpenSSL index in <file>.

   --import *
          Import all provided items into the database.

   --import-names *
          A semicolon separated list of names applied to the imported items in the order found in the PEM file and on the commandline.

   --issuers *
          Print all known issuer certificates that have an associated private key and the CA basic constraints set to 'true'.

   --keygen=<type> *
          Generate a new key  and  import  it  into  the  database.  Use  the  'name'  option  to  set  the  internal  name  of  the  new  key.  The  <type>  parameter  has  the  format:
          '[RSA|DSA|EC]:[<size>|<curve>].

   --list-curves
          Prints all known Elliptic Curves.

   --list-items *
          List all items in the database.

   --name=<internal-name> *
          Provides the name of new generated items. An automatic name will be generated if omitted.

   --no-native-dialogs
          Disables the native dialogs of the operating system for messages and file operations and uses Qt specific dialogs instead.

   --no-gui
          Do not start the GUI. Alternatively set environment variable XCA_NO_GUI=1 or call xca as 'xca-console' symlink.

   --password=<password>
          Database password for unlocking the database. See below for password format options.

   --pem  Print PEM representation of provided files. Prints only the public part of private keys.

   --pem-file
          Specify a file name for the PEM data. Implies '--pem'.

   --print
          Print a synopsis of provided files.

   --select=<id-list> *
          Selects all items in the comma separated id-list to be shown with 'print', 'text' or 'pem'.

   --sqlpass=<password>
          Password to access the remote SQL server. See below for password format options.

   --text Print the content of provided files as OpenSSL does.

   --verbose
          Print debug log on stderr. Same as setting XCA_DEBUG=all. See XCA_DEBUG

   --version
          Print version information and exit.

   Options marked with an asterisk need a database. Either from the commandline or as default database.

PASS PHRASE ARGUMENTS

   The password options accept the same syntax as openssl does:

   env:var
          Obtain  the  password  from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option
          should be used with caution.

   fd:number
          Read the password from the file descriptor number. This can be used to send the data via a pipe for example.

   file:pathname
          The first line of pathname is the password. If the same pathname argument is supplied to password and sqlpassword arguments then the first line will be used for both passwords.
          pathname need not refer to a regular file: it could for example refer to a device or named pipe.

   pass:password
          The actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.

   stdin  Read the password from standard input.

ENVIRONMENT VARIABLES

   Some more or less useful environment variables are evaluated by xca

   XCA_NO_GUI=1
          Do not start the graphical user interface forcefully. Same as --no-gui argument. If both were not given, XCA tries to be smart and looks at the other arguments to judge whether
          to start the GUI or not.

   XCA_DEBUG=<pattern>
          The environment variable XCA_DEBUG controls the dynamic debugging. The format is a comma separate list of pattern.   Each  pattern  is:  all|[-]<function>|[-]<filename>:<first
          line>[-<lastline>] A leading dash skips the match. The firstline and lastline may be empty and will be replaced by the first and last line of the file.  If -<lastline> is omit
          ted then only the exact line number of lastline is matched.
          Example: XCA_DEBUG=all,-timerEvent Log everything but skip the annoying timerEvent messages.
          Example: XCA_DEBUG=pki_base.cpp:100-,-pki_base.cpp:340 Log pki_base Messages from line 100 up to the last line, except line 340.

   XCA_ABORT_ON_WARNING=1
          Developer option to crash into debugger in case of a warning-level log message.  Documented for completeness. Not useful for non-developers

   XCA_PORTABLE=1
          Force the windows portable mode.  Documented for completeness. Not useful for non-developers

   XCA_ARGUMENTS=<man|rst|completion>
          Outputs the commandline arguments in man-page nroff, sphinx rst or as oneline list for command-completion to automatically update the documentation if new arguments are added.

   XCA_QPSQL_OPTIONS XCA_QMYSQL_OPTIONS XCA_QODBC_OPTIONS
          Additional connection options for the SQL database drivers as described in https://doc.qt.io/qt-5/qsqldatabase.html#setConnectOptions like QPSQL_OPTIONS=requiressl=1

SEE ALSO

   A more detailed HTML documentation can be found in the doc directory, in the "Help" menu of the application or on https://hohnstaedt.de/documentation

AUTHOR

   This manual page was written by Christian Hohnstaedt <christian@hohnstaedt.de>

                                                                                                                                                                                    XCA(1)