CaProperties
Form
Days until next CRL issuing
Default template
CertDetail
Details of the Certificate
Serial
The serial number of the certificate
The internal name of the certificate in the database
Status
Internal name
Signature
Key
Fingerprints
MD5
An md5 hashsum of the certificate
SHA1
A SHA-1 hashsum of the certificate
SHA256
A SHA-256 hashsum of the certificate
Validity
The time since the certificate is valid
The time until the certificate is valid
Subject
Issuer
Extensions
Validation
Purposes
Strict RFC 5280 validation
Comment
Attributes
Show config
Show extensions
Show public key
This key is not in the database.
Not available
No verification errors found.
Signer unknown
Self signed
Revoked at %1
Not valid
Valid
Details of the certificate signing request
CertExtend
Certificate renewal
This will create a new certificate as a copy of the old one with a new serial number and adjusted validity values.
Validity
Not before
Not after
Time range
Local time
Days
Months
Years
No well-defined expiration
Midnight
Apply
Revoke old certificate
Replace old certificate
Keep serial number
The certificate will be earlier valid than the signer. This is probably not what you want.
Edit dates
Abort rollout
Continue rollout
Adjust date and continue
The certificate will be longer valid than the signer. This is probably not what you want.
CertTreeView
Hide unusable certificates
Import PKCS#12
Import from PKCS#7
Request
Security token
Other token
Similar Certificate
Delete from Security token
CA
Properties
Generate CRL
Manage revocations
Import OpenVPN tls-auth key
Renewal
Revoke
Unrevoke
Plain View
Tree View
days
No template
CA Properties
Certificate export
X509 Certificates ( *.pem *.cer *.crt *.p12 *.pfx *.p7b )
vCalendar entry ( *.ics )
OpenVPN file ( *.ovpn )
OpenVPN tls-auth key ( *.key )
ClickLabel
Double click for details
CrlDetail
Details of the Revocation list
&Status
Version
Signature
Signed by
Name
The internal name of the CRL in the database
issuing dates
Next update
Last update
&Issuer
&Extensions
&Revocation list
Comment
Failed
Unknown signer
Verification not possible
CrlTreeView
There are no CA certificates for CRL generation
Select CA certificate
Revocation list export
CRL ( *.pem *.der *.crl )
vCalendar entry ( *.ics )
ExportDialog
Name
The internal name of the CRL in the database
...
Filename
Each Item in a separate file
Same encryption password for all items
Export comment into PEM file
Export Format
%n selected item(s)
All files ( * )
The file: '%1' already exists!
Overwrite
Do not overwrite
The path: '%1' exist, but is not a file
The path: '%1' exist, but is not a directory
The directory: '%1' does not exist. Should it be created?
Create
Failed to create directory '%1'
Directory
Form
last update
next update
Days
Months
Years
Apply
Midnight
Local time
No well-defined expiration
Help
<<
>>
&Done
ImportMulti
Import PKI Items
Import &All
&Import
&Done
&Remove from list
Details
Delete from token
Rename on token
Name: %1
Model: %2
Serial: %3
Manage security token
The type of the item '%1' is not recognized
Could not open the default database
The file '%1' did not contain PKI data
The %1 files: '%2' did not contain PKI data
ItemProperties
Name
Source
Insertion date
Comment
KeyDetail
Name
The internal name of the key used by xca
Security token
Manufacturer
Serial
Key
Public Exponent
Keysize
Private Exponent
Security Token
Label
PKCS#11 ID
Token information
Model
Fingerprint
Comment
Details of the %1 key
Not available
Available
Sub prime
Public key
Private key
Curve name
Unknown key
KeyTreeView
Change password
Reset password
Change PIN
Init PIN with SO PIN (PUK)
Change SO PIN (PUK)
Security token
This is not a token
Shall the original key '%1' be replaced by the key on the token?
This will delete the key '%1' and make it unexportable
Key export
Private Keys ( *.pem *.der *.pk8 );; SSH Public Keys ( *.pub )
SSH Private Keys ( *.priv )
Microsoft PVK Keys ( *.pvk )
MainWindow
Private Keys
&New Key
&Export
&Import
Import PFX (PKCS#12)
&Show Details
&Delete
Certificate signing requests
&New Request
Certificates
&New Certificate
Import &PKCS#12
Import P&KCS#7
Plain View
Templates
&New Template
&New CRL
Ch&ange Template
Revocation lists
Using or exporting private keys will not be possible without providing the correct password
The currently used default hash '%1' is insecure. Please select at least 'SHA 224' for security reasons.
Recent DataBases
System
Croatian
English
French
German
Japanese
Korean
Russian
Slovak
Spanish
Persian
Bulgarian
Polish
Italian
Chinese
Dutch
Portuguese in Brazil
Indonesian
Turkish
Language
&File
Open Remote DataBase
Set as default DataBase
New DataBase
Open DataBase
Close DataBase
Options
Exit
I&mport
Keys
Requests
PKCS#12
PKCS#7
Template
Revocation list
PEM file
Paste PEM file
Token
Export Certificate &Index hierarchy
Content
&Manage Security token
&Init Security token
&Change PIN
Change &SO PIN
Init PIN
Extra
&Dump DataBase
&Export Certificate Index
C&hange DataBase password
&Undelete items
Generate DH parameter
OID Resolver
&Help
About
Import PEM data
Please enter the original SO PIN (PUK) of the token '%1'
Search
Please enter the new SO PIN (PUK) for the token '%1'
The new label of the token '%1'
The token '%1' did not contain any keys or certificates
Retry with PIN
Retry with SO PIN
Current Password
Please enter the current database password
The entered password is wrong
New Password
Please enter the new password to encrypt your private keys in the database-file
Transaction start failed
Database: %1
The currently used PFX / PKCS#12 algorithm '%1' is insecure.
Change
Certificate Index ( index.txt )
All files ( * )
Diffie-Hellman parameters saved as: %1
Diffie-Hellman parameters are needed for different applications, but not handled by XCA.
Please enter the DH parameter bits
NewCrl
Last update
Next update
Days
Months
Years
Midnight
Local time
Apply
Options
CRL number
Subject alternative name
Revocation reasons
Authority key identifier
Hash algorithm
Create CRL
NewKey
Please give a name to the new key and select the desired keysize
Key properties
Name
The internal name of the new key
Curve name
Usually at least 2048 bit keys are recommended
New Key
Keysize
Keytype
Remember as default
Create
NewX509
Source
Signing request
Show request
Sign this Certificate signing &request
Copy extensions from the request
Modify subject of the request
Signing
Create a &self signed certificate
Use &this Certificate for signing
All certificates in your database that can create valid signatures
Signature algorithm
Template for the new certificate
All available templates
Apply extensions
Apply subject
Apply all
Subject
Internal Name
Distinguished name
Add
Delete
Private key
This list only contains unused keys
Used keys too
&Generate a new key
Extensions
Type
If this will become a CA certificate or not
Not defined
Certification Authority
End Entity
Path length
How much CAs may be below this.
The basic constraints should always be critical
Key identifier
Creates a hash of the key following the PKIX guidelines
Copy the Subject Key Identifier from the issuer
Validity
Not before
Not after
Time range
Days
Months
Years
Apply
Set the time to 00:00:00 and 23:59:59 respectively
Midnight
Local time
No well-defined expiration
DNS: IP: URI: email: RID:
Edit
URI:
Key usage
Netscape
Advanced
Validate
Comment
This name is only used internally and does not appear in the resulting certificate
Critical
Create Certificate signing request
minimum size: %1
maximum size: %1
only a-z A-Z 0-9 '()+,-./:=?
only 7-bit clean characters
Edit XCA template
Create x509 Certificate
Template '%1' applied
Subject applied from template '%1'
Extensions applied from template '%1'
New key '%1' created
Other Tabs
Advanced Tab
Errors
From PKCS#10 request
Error
duplicate extensions
The Name Constraints are invalid
The Subject Alternative Name is invalid
The Issuer Alternative Name is invalid
The CRL Distribution Point is invalid
The Authority Information Access is invalid
Abort rollout
The following length restrictions of RFC3280 are violated:
Edit subject
Continue rollout
The verification of the Certificate request failed.
The rollout should be aborted.
Continue anyway
The internal name and the common name are empty.
Please set at least the internal name.
Edit name
There is no Key selected for signing.
Select key
The following distinguished name entries are empty:
%1
though you have declared them as mandatory in the options menu.
The key you selected for signing is not a private one.
Select other signer
Select other key
The currently selected hash algorithm '%1' is insecure and should not be used.
Select other algorithm
Use algorithm anyway
The certificate will be earlier valid than the signer. This is probably not what you want.
Edit dates
Adjust date and continue
The certificate will be longer valid than the signer. This is probably not what you want.
The certificate will be out of date before it becomes valid. You most probably mixed up both dates.
The certificate contains invalid or duplicate extensions. Check the validation on the advanced tab.
The certificate contains no extensions. You may apply the extensions of one of the templates to define the purpose of the certificate.
The certificate contains invalid extensions.
Edit extensions
The subject alternative name shall contain a copy of the common name. However, the common name is empty.
A name constraint of the issuer '%1' is violated: %2
Configfile error on line %1
OidResolver
OID Resolver
Enter the OID, the Nid, or one of the textual representations
Search
OID
Long name
OpenSSL internal ID
Nid
Short name
OpenDb
Open remote database
Database type
Hostname
Username
Password
Database name
Table prefix
No SqLite3 driver available. Please install the qt-sqlite package of your distribution
Options
XCA Options
Settings
Default hash algorithm
String types
Suppress success messages
Don't colorize expired certificates
Translate established x509 terms (%1 -> %2)
The hashing functionality of the token is not used by XCA.
It may however honor a restricted hash-set propagated by the token.
Especially EC and DSA are only defined with SHA1 in the PKCS#11 specification.
Only use hashes supported by the token when signing with a token key
Disable legacy Netscape extensions
PKCS12 encryption algorithm
Certificate expiry warning threshold
Send vCalendar expiry reminder
Serial number length
bit
Distinguished name
Mandatory subject entries
Add
Delete
Explicit subject entries
Dynamically arrange explicit subject entries
Default
PKCS#11 provider
Remove
Search
Printable string or UTF8 (default)
PKIX recommendation in RFC2459
No BMP strings, only printable and T61
UTF8 strings only (RFC2459)
All strings
Days
Weeks
PwDialog
The password is parsed as 2-digit hex code. It must have an even number of digits (0-9 and a-f)
Take as HEX string
Repeat %1
%1 mismatch
Hex password must only contain the characters '0' - '9' and 'a' - 'f' and it must consist of an even number of characters
Exit
QObject
Undefined
Broken / Invalid
in %1 seconds
%1 seconds ago
in %1 minutes
%1 minutes ago
Yesterday
Tomorrow
in %1 hours
%1 hours ago
Out of data
Error finding endmarker of string
All files ( * )
PKI Keys ( *.pem *.der *.key );; PKCS#8 Keys ( *.p8 *.pk8 );; Microsoft PVK Keys ( *.pvk );; SSH Public Keys ( *.pub );;
Import RSA key
PKCS#10 CSR ( *.pem *.der *.csr );;
Import Request
Certificates ( *.pem *.der *.crt *.cer );;
Import X.509 Certificate
PKCS#7 data ( *.p7s *.p7m *.p7b );;
Import PKCS#7 Certificates
PKCS#12 Certificates ( *.p12 *.pfx );;
Import PKCS#12 Private Certificate
XCA templates ( *.xca );;
Import XCA Templates
Revocation lists ( *.pem *.der *.crl );;
Import Certificate Revocation List
XCA Databases ( *.xdb );;
Open XCA Database
OpenVPN tls-auth key ( *.key );;
Import OpenVPN tls-auth key
PKCS#11 library ( *.dll );;
PKCS#11 library ( *.dylib *.so );;
PKCS#11 library ( *.so );;
Open PKCS#11 shared library
PEM files ( *.pem );;
Load PEM encoded file
Please enter the PIN on the PinPad
Please enter the SO PIN (PUK) of the token %1
Please enter the PIN of the token %1
No Security token found
Select
Please enter the new SO PIN (PUK) for the token: '%1'
Please enter the new PIN for the token: '%1'
Required PIN size: %1 - %2
Disabled
Library loading failed
PKCS#11 function '%1' failed: %2
PKCS#11 function '%1' failed: %2
In library %3
%4
Invalid
%1 is shorter than %2 bytes: '%3'
%1 is longer than %2 bytes: '%3'
String '%1' for '%2' contains invalid characters
Error reading config file %1 at line %2
The Object '%1' from file %2 line %3 is already known as '%4:%5:%6' and should be removed.
The identifier '%1' for OID %2 from file %3 line %4 is already used for a different OID as '%5:%6:%7' and should be changed to avoid conflicts.
Unknown object '%1' in file %2 line %3
Failed to start a database transaction
Country code
State or Province
Locality
Organisation
Organisational unit
Common name
E-Mail address
Serial number
Given name
Surname
Title
Initials
Description
Role
Pseudonym
Generation Qualifier
x500 Unique Identifier
Name
DN Qualifier
Unstructured name
Challenge password
Basic Constraints
Name Constraints
Subject alternative name
issuer alternative name
Subject key identifier
Authority key identifier
Key usage
Extended key usage
CRL distribution points
Authority information access
Certificate type
Base URL
Revocation URL
CA Revocation URL
Certificate renewal URL
CA policy URL
SSL server name
Comment
Index file written to '%1'
Index hierarchy written to '%1'
Unknown key type %1
Failed to write PEM data to '%1'
Password verify error, please try again
The following error occurred:
Failed to update the database schema to the current version
Password
insecure
ReqTreeView
Sign
Unmark signed
Mark signed
Similar Request
Certificate request export
Certificate request ( *.pem *.der *.csr )
RevocationList
Manage revocations
Add
Delete
Edit
No.
Serial
Revocation
Reason
Invalidation
Generate CRL
Revoke
Certificate revocation
Revocation details
Revocation reason
Local time
Invalid since
Serial
SearchPkcs11
Directory
...
Include subdirectories
Search
The following files are possible PKCS#11 libraries
SelectToken
Security token
Please select the security token
TempTreeView
Duplicate
Create certificate
Create request
copy
Preset Template values
Template export
XCA Templates ( *.xca )
Validity
yyyy-MM-dd hh:mm
X509SuperTreeView
Transform
Template
Public key
XFile
Error opening file: '%1': %2
Error rewinding file: '%1': %2
XcaDetail
Import
XcaTreeView
Item properties
Subject entries
X509v3 Extensions
Netscape extensions
Key properties
Reset
Hide Column
Details
Columns
Export Password
Please enter the password to encrypt all %n exported private key(s) in:
%1
Singular form for 0 or 1 item can be ignored. Will always be called with n >= 2
New
Import
Paste PEM data
Rename
Properties
Delete
Export
Clipboard
File
Clipboard format
database_model
Please enter the password to access the database server %2 as user '%1'.
Unable to create '%1': %2
The file '%1' is not an XCA database
No SqLite3 driver available. Please install the qt-sqlite package of your distribution
New Password
Please enter a password, that will be used to encrypt your private keys in the database:
%1
Password
Please enter the password for unlocking the database:
%1
db_base
Internal name
No.
Primary key
Database unique number
Date
Date of creation or insertion
Source
Generated, Imported, Transformed
Comment
First line of the comment field
Import from: %1
Could not create directory %1
db_crl
Signer
Internal name of the signer
No. revoked
Number of revoked certificates
Last update
Next update
CRL number
The revocation list already exists in the database as:
'%1'
and so it was not imported
Failed to initiate DB transaction
Database error: %1
db_key
Type
Size
EC Group
Use
Password
The key is already in the database as:
'%1'
and is not going to be imported
The database already contains the public part of the imported key as
'%1
and will be completed by the new, private part of the key
Extending public key from %1 by imported key '%2'
Key size too small !
You are sure to create a key of the size: %1 ?
Internal key update: The keys: %1 must be updated once by resetting and setting its private password
Tried to change password of a token
db_temp
Bad template: %1
Empty template
db_x509
CA
reflects the basic Constraints extension
Serial
Start date
Expiry date
MD5 fingerprint
SHA1 fingerprint
SHA256 fingerprint
Not before
Not after
Revocation
CRL Expiration
Failed to retrieve unique random serial
The certificate already exists in the database as:
'%1'
and so it was not imported
Signed on %1 by '%2'
Unknown
Invalid public key
The key you selected for signing is not a private one.
Failed to create directory '%1'
Store the certificate to the key on the token '%1 (#%2)' ?
There was no key found for the Certificate: '%1'
Not possible for a token key: '%1'
Not possible for the token-key Certificate '%1'
db_x509name
Subject
Complete distinguished name
Subject hash
Hash to lookup certs in directories
db_x509req
Signed
whether the request is already signed or not
Unstructured name
Challenge password
Certificate count
Number of certificates in the database with the same public key
The certificate signing request already exists in the database as
'%1'
and thus was not stored
db_x509super
Key name
Internal name of the key
Signature algorithm
Key type
Key size
EC Group
Extracted from %1 '%2'
Certificate
Certificate request
The following extensions were not ported into the template
Transformed from %1 '%2'
kvView
Type
Content
pass_info
Password
PIN
pkcs11_lib
Failed to open PKCS11 library: %1: %2
This does not look like a PKCS#11 library. Symbol 'C_GetFunctionList' not found.
pki_base
Unknown
Imported
Generated
Transformed
Token
Legacy Database
Renewed
Property '%1' not listed in 'pki_base::print'
Internal error: Unexpected message: %1 %2
pki_crl
Successfully imported the revocation list '%1'
Successfully created the revocation list '%1'
Delete the %n revocation list(s): '%1'?
Unable to load the revocation list in file %1. Tried PEM and DER formatted CRL.
No issuer given
CRL Renewal of CA '%1' due
The latest CRL issued by the CA '%1' will expire on %2.
It is stored in the XCA database '%3'
Renew CRL: %1
The XCA CRL '%1', issued on %3 will expire on %4.
It is stored in the XCA database '%5'
pki_evp
Please enter the password to decrypt the private key %1.
The key from file '%1' is incomplete or inconsistent.
Please enter the password to decrypt the private key from file:
%1
Unable to load the private key in file %1. Tried PEM and DER private, public, PKCS#8 key types and SSH2 format.
Please enter the password to decrypt the private key: '%1'
Password input aborted
Please enter the database password for decrypting the key '%1'
Decryption of private key '%1' failed
Please enter the password to protect the private key: '%1'
Please enter the database password for encrypting the key
Please enter the password to protect the PKCS#8 key '%1' in file:
%2
Please enter the password to protect the private key '%1' in file:
%2
pki_export
PEM Text format with headers
PEM selected
Concatenated list of all selected certificates in one PEM text file
PEM chain
Concatenated text format of the complete certificate chain in one PEM file
The complete certificate chain and the private key of the selected certificate with tags usable in OpenVPN configuration files
PEM + key
Concatenation of the certificate and the unencrypted private key in one PEM file
Concatenation of the certificate and the encrypted private key in PKCS#8 format in one file
All unusable
Concatenation of all expired or revoked certificates in one PEM file
PKCS#7 encoded single certificate
All selected certificates encoded in one PKCS#7 file
PKCS #7 chain
PKCS#7 encoded complete certificate chain
PKCS #7 unusable
PKCS#7 encoded collection of all expired or revoked certificates
Binary DER encoded certificate
PKCS #12 chain
The complete certificate chain and the private key as encrypted PKCS#12 file
PKCS #12
The certificate and the private key as encrypted PKCS#12 file
Certificate Index file
OpenSSL specific Certificate Index file as created by the 'ca' command and required by the OCSP tool
vCalendar
vCalendar expiry reminder for the selected items
CA vCalendar
vCalendar expiry reminder containing all issued, valid certificates, the CA itself and the latest CRL
OpenSSL config
OpenSSL configuration file to create a certificate or request with the openssl commandline tool
OpenVPN tls-auth key
The OpenVPN tls-auth key is a secret key shared between endpoints
JSON Web Kit
The public key of the certificate in JSON Web Kit format with X.509 Certificate Thumbprint (x5t)
JSON Web Kit chain
The public key of the certificate in JSON Web Kit format with X.509 Certificate Thumbprint (x5t) and certificate chain (x5c)
PEM public
Text format of the public key in one PEM file
PEM private
Unencrypted private key in text format
PEM encrypted
OpenSSL specific encrypted private key in text format
SSH2 private
SSH2 public
The public key encoded in SSH2 format
DER public
Binary DER format of the public key
DER private
Unencrypted private key in binary DER format
PVK private
Private key in Microsoft PVK format not encrypted
PKCS #8 encrypted
Encrypted private key in PKCS#8 text format
PKCS #8
Unencrypted private key in PKCS#8 text format
JSON Web Key private
Unencrypted private key in JSON Web Key format
JSON Web Key public
Public key in JSON Web Key format
Binary DER format of the certificate request
Binary DER format of the revocation list
vCalendar reminder for the CRL expiry date
XCA template in PEM-like format. Templates include the internal name and comment
All selected XCA templates in PEM-like format. Templates include the internal name and comment
pki_key
Public key
Successfully imported the %1 public key '%2'
%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is the internal name of the key
Delete the %n %1 public key(s) '%2'?
%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is/are the internal name(s) of the key(s)
Successfully imported the %1 private key '%2'
%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is the internal name of the key
Delete the %n %1 private key(s) '%2'?
%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is/are the internal name(s) of the key(s)
Successfully created the %1 private key '%2'
%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is the internal name of the key
Common
Private
Bogus
PIN
No password
Unexpected SSH2 content: '%1'
Invalid SSH2 public key
Failed writing to %1
pki_multi
No known PEM encoded items found
pki_pkcs12
Please enter the password to decrypt the PKCS#12 file:
%1
Unable to load the PKCS#12 (pfx) file %1.
The supplied password was wrong (%1)
Please enter the password to encrypt the key of certificate '%1' in the PKCS#12 file:
%2
No key or no Cert and no pkcs12
pki_pkcs7
Unable to load the PKCS#7 file %1. Tried PEM and DER format.
pki_scard
Successfully imported the token key '%1'
Successfully created the token key '%1'
Delete the %n token key(s): '%1'?
Delete the private key '%1' from the token '%2 (#%3)' ?
This Key is already on the token
PIN input aborted
Unable to find copied key on the token
Please insert card: %1 %2 [%3] with Serial: %4
Select Slot of %1
Unable to find generated key on card
Token %1
Failed to find the key on the token
Invalid Pin for the token
Failed to initialize the key on the token
pki_temp
Successfully imported the XCA template '%1'
Successfully created the XCA template '%1'
Delete the %n XCA template(s): '%1'?
Wrong Size %1
Template file content error (too small)
Not a PEM encoded XCA Template
Not an XCA Template, but '%1'
pki_x509
Successfully imported the certificate '%1'
Successfully created the certificate '%1'
Delete the %n certificate(s): '%1'?
Unable to load the certificate in file %1. Tried PEM and DER certificate.
Invalid OpenVPN tls-auth key
Failed to import tls-auth key
Same tls-auth key already stored for this CA
New tls-auth key successfully imported
Existing tls-auth key successfully replaced
This certificate is already on the security token
Delete the certificate '%1' from the token '%2 (#%3)'?
There is no key for signing !
No
Yes
Renew certificate: %1
The XCA certificate '%1', issued on %2 will expire on %3.
It is stored in the XCA database '%4'
pki_x509req
Signing key not valid (public key)
Successfully imported the PKCS#10 certificate request '%1'
Delete the %n PKCS#10 certificate request(s): '%1'?
Successfully created the PKCS#10 certificate request '%1'
Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.
Signed
Unhandled
v3ext
Copy Common Name
Add
Delete
Apply
Validate
Cancel
An email address or 'copy'
An email address
A registered ID: OBJECT IDENTIFIER
A uniform resource indicator
A DNS domain name or 'copycn'
A DNS domain name
An IP address
Syntax: <OID>;TYPE:text like '1.2.3.4:UTF8:name'
No editing. Only 'copy' allowed here
Validation failed:
'%1'
%2
Validation successful:
'%1'
xcaWarningGui
Copy to Clipboard