xca-4.html

一个跨平台的CA系统 实现了数字证书的制作、SSL安全通讯、加解密操作等功能

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>XCA : The Wizard </TITLE>
 <LINK HREF="xca-5.html" REL=next>
 <LINK HREF="xca-3.html" REL=previous>
 <LINK HREF="xca.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="xca-5.html">Next</A>
<A HREF="xca-3.html">Previous</A>
<A HREF="xca.html#toc4">Contents</A>
<HR>
<H2><A NAME="wizard"></A> <A NAME="s4">4.</A> <A HREF="xca.html#toc4">The Wizard </A></H2>

<P>The Wizard is the central part for collecting all data regarding Certificates,
Requests and Templates. It will be invoked whenever such an item is going 
to be created or, in case of a Template, is altered.</P>

<H2><A NAME="ss4.1">4.1</A> <A HREF="xca.html#toc4.1">Template selection</A>
</H2>

<P>On this page the template to be used can be selected. All following pages will be 
preset to the appropriate values of the selected template. If you don't want to 
use a template just select the <CODE>Empty Template</CODE>.
If the checkbox labeled: <CODE>Change the default extensions of the template</CODE>
is checked the Wizard will show 3 more pages containing all certificate extensions.
The lazy people leave this checkbox unchecked.</P>

<P>For generating Certificates there is a drop-down list of all Requests that are available. 
If you don't want to sign a request but generate a certificate from scratch
or template, uncheck the checkbox to the left of the request list.
Also only for creating certificates the signer of the new certificate
can be selected wether it shall become a <EM>self-signed</EM> certificate
or get signed by one of the 
<A HREF="xca-7.html#ca_cert">CA certificates</A> in the 
drop-down list.</P>
<P>This page is not shown when creating or changing templates.</P>

<H2><A NAME="ss4.2">4.2</A> <A HREF="xca.html#toc4.2">Personal settings</A>
</H2>

<P>On this Page all personal data like country, name and Email address
can be filled in. Only the <CODE>Internal name</CODE> is mandatory.
The <CODE>Country code</CODE> field must either be empty or exactly contain
two letters representing your country code; e.g. <EM>DE</EM> for Germany.
If you want to create an SSL-server certificate the <CODE>Common name</CODE>
must contain the <EM>DNS</EM> name of the server.</P>
<P>Other rarely used <CODE>name-entries</CODE> can be selected in the dialog
below. Only items that were added using the <CODE>add</CODE>
button are recognized. All items can be added more than once, even those from above.
This is not very usual but allowed.</P>

<P>Keys can be generated here <EM>on the fly</EM> by pressing the button.
If there is no usable key and you need one, 
the key generation process will be invoked automatically.
The newly generated key will be stored in the database and stay there, 
even if you cancel the Wizard later. The drop-down list of the keys
does only contain keys that were not used by any other certificate or
request. The keylist is not available for creating or changing templates.</P>
<P>This page does not appear when signing a request, because the request does
contain all needed data from this page.</P>

<H2><A NAME="ss4.3">4.3</A> <A HREF="xca.html#toc4.3">X509v3 Extensions</A>
</H2>

<P>The following 3 pages contain all fields for adjusting the certificate extensions.
It is not in the focus of this document to explain them in detail.
The most important are the <CODE>Basic Constraints</CODE> and the <CODE>Validity</CODE> range.</P>
<P>For more information consult the documents in 
<A HREF="xca-1.html#otherdoc">otherdoc</A>
.
If you don't know what this is all about please read those documents before
creating any certificates.</P>

<H3>Basic Constraints</H3>

<P>If the <CODE>CA</CODE> flag is set to true the certificate is recognized by XCA and other
instances as issuer for other certificates. Server-certificates or E-Mail certificates
must have set this flag to <CODE>false</CODE></P>
<H3>Validity Range</H3>

<P>The <EM>not Before</EM> field is set to the current date and time of the
operating system and the <EM>not After</EM> field is set to the current date and time
plus the specified time range.</P>
<P>For templates the specified times are not saved, because it does not make much sense.
Rather the time range is stored and automatically applied when selecting this 
template. Applying the time range means to set notBefore to "now" and notAfter
to "now + time range"</P>


<HR>
<A HREF="xca-5.html">Next</A>
<A HREF="xca-3.html">Previous</A>
<A HREF="xca.html#toc4">Contents</A>
</BODY>
</HTML>