SimpleCA is a simple utility to manage your own web certificates, both server sertificates (IIS, apache, ...) and client certificates (IE, NS, ...). It is perfectly fit for demo usage, but lacks some functionality you may expect from a real production CA. SimpleCA does not offer lots of customisation possibilities but provides sensible defaults for demo purposes. The most important are : the Root CA has fixed validity of 10 years, certificates all contain the same information and can not be customised, certificates are 1 year valid, CRL's are generated for 30 days, etc...
SimpleCA allows you to do following.
SimpleCA is Copyright 2001 by Joris Ballet.
SimpleCA is available under GPL License (see also here).
To use SimpleCA, unzip simpleca.zip in a directory of your choice. You should end up with 3 files : SimpleCA.exe (the GUI), openssl.exe (the workhorse) and readme.html (this file). To use SimpleCA, double click on SimpleCA.exe
On first use, SimpleCA will ask you to provide information (such as a common name and an organisation) about the name of the root CA that you will manage. For a demo you can use the defaults that are presented, if you want a more personal approach you can choose other names. Be sure to remember the password, as this is the password that protects your CA private key. It is needed for every CA operation. After entering this information, the main CA database will be created. Along with the CA database, the CA root certificate and the ca private key are created in the same directory as SimpleCA.exe with names ca.key and ca.crt. The file ca.crt has to be imported into the browser if you want the browser to trust this Demo CA, so you should make this file available somewhere. The file ca.key contains your private key so this should be kept secret. By default the root CA certificate is 10 years valid.
Then you can continue as follows :
The SimpleCA menu has following options
Generates a new server certificate request. You receive a dialog asking you for essential information about the server you want a certificate for. You have to fill out all fields marked with an asterisk (mandatory fields). After that, you are asked for a filename under which to save the certificate. The default is the server common name in subfolder certificates, with .csr extension (for example certificates/www.mydomain.com.csr). This is fine in most cases. When you choose save, two files will be generated : a certificate signing request (file with extension .csr) and a private key file (with extenstion .key). The private key is not protected by a password.
This will generate a server certificate from an existing certificate signing request. You are asked to select a file (a certificate request) you want to have a certificate for. Then some certificate information (mainly the subject, and requested use) is shown for verification. After that, a certificate is generated having same file name but .csr extension replace by .crt. Also the certificate is registered as a valid certificate in the database. By default the certificate is 1 year valid.
Generates a new client certificate request. The procedure is analog to a server certificate request, the main difference is that only a common name and an email address are required.
This will generate a client certificate from an existing certificate signing request. The procedure is analog to a server certificate request.
This will transform a client certificate into PKCS12 export format. You are requested to select an certificate file. Then you will have to provide friendly names for the certificate and for the CA, and a password to protect the PKCS12 file. This password is required when importing an PKCS12 (.p12) file into a browser.
<to do>
<to do>
Displays this readme.
Shows info about the program.
SimpleCA is basically a thin GUI layer on top of openssl. If you want to find out how SimpleCA commands translate into openssl commands, you can check the message log, which you can access via the system menu. This message log can also provide usefull information in case SimpleCA is not behaving as expected.
fixes:
fixes:
fixes:
first release.