This article explains how to create a CA-Signed certificate using XCA application.
First, we need to create Certification authority (CA) certificate.
- Click the Certificates tab
- Click the New Certificate button
- Under Signing settings select “Create a self-signed certificate”
- Under “Template for the new certificate”, select [default] CA and click Apply all
5.Click the Subject tab and fill in all the information then click the Generate a new key button.
6. Click the the Extensions tab and chose the Certification Authority Type under X509v3 Basic Constraints and click OK
Next, we need to create a device certificate.
- Click the Certificates tab
- Click the New Certificate button
- Under Signing, make sure to select “Use this Certificate for signing” and chose the previously created CA.
- Under “Template for the new certificate”, select default HTTPS_server and click Apply all
5. Go to the Subject tab, fill in all the information then click the Generate a new key button and click OK
Parameter
|
Setting
|
Internal name
|
This is for display purposes in the tool, only
|
Country Name
|
The two-letter ISO 3166 abbreviation for your country.
In this example:DE
|
State or Province Name
|
The state or province where your organization is legally located. Do not abbreviate.
In this example: BY
|
Locality Name
|
The city where your organization is legally located. Do not abbreviate.
In this example: Ismaning
|
Organization Name
|
The exact legal name of your organization. Do not abbreviate your organization name.
In this example: Digi
|
Organizational Unit Name
|
Section of the organization.
Examples of sections are Marketing, Research and Development, Human Resources or Sales.
In this example:Support
|
Common Name
|
In this example, EZ4 will be used.
|
Email Address
|
Enter your organization general email address.
In this example support@digi.com
|
6. The certificate should now appear in the window under the CA certificate.
Export the certificates and keys in .PEM format
- Select the Certificates Tab.
- Highlight the CA certificate and click the Export button
- Highlight the EZ4 certificate and click the Export button
- In the Certificate export window, select PEM as the export format and click OK
- Select the Private Keys tab.
- Highlight the host certificate and click the Export button
- In the Key export window, select PEM as the export format and click OK
Last updated:
Jan 17, 2024