X Certificate and Key Management

This application is intended for creating and managing X.509 certificates, certificate requests, RSA, DSA and EC private keys, Smartcards and CRLs.
Everything that is needed for a CA is implemented.
All CAs can sign sub-CAs recursively. These certificate chains are shown clearly.
For an easy company-wide use there are customiseable templates that can be used for certificate or request generation.
All crypto data is stored in an endian-agnostic file format portable across operating systems.


  • Start your own PKI and create all kinds of certificates, requests or CRLs
  • Import and export them in any format like PEM, DER, PKCS#7, PKCS#12
  • Use them for your IPsec, OpenVPN, HTTPs or any other certificate based setup
  • Manage your Smart-Cards via PKCS#11 interface
  • Export certificates and requests to a OpenSSL config file
  • Create Subject- and/or Extension- templates to ease issuing similar certs
  • Convert existing certificates or requests to templates
  • Get the broad support of x509v3 extensions as flexible as OpenSSL but user friendlier
  • Adapt the Columns to have your important information at a glance


  • PKCS#1 unencrypted RSA key storage format.
  • PKCS#7 Collection of public certificates.
  • PKCS#8 Encrypted private key format for RSA DSA EC keys.
  • PKCS#10 Certificate signing request.
  • PKCS#11  Security token / Smart card / HSM access.
  • PKCS#12 Certificate, Private key and probably a CA chain.

File formats

  • DER Distinguished Encoding Rules - Binary format
  • PEM Privacy Enhanced Mail - Text format
  • SSH2 Public key


Templates for common subjects and extensions.

All subject entries, x509v3 extensions, and other properties can be displayed in separate columns.