CaPropertiesFormDays until next CRL issuingDefault templateCertDetailDetails of the CertificateSerialThe serial number of the certificateThe internal name of the certificate in the databaseStatusInternal nameSignatureKeyFingerprintsMD5An md5 hashsum of the certificateSHA1A SHA-1 hashsum of the certificateSHA256A SHA-256 hashsum of the certificateValidityThe time since the certificate is validThe time until the certificate is validSubjectIssuerExtensionsValidationPurposesStrict RFC 5280 validationCommentAttributesShow configShow extensionsShow public keyThis key is not in the database.Not availableNo verification errors found.Signer unknownSelf signedRevoked at %1Not validValidDetails of the certificate signing requestCertExtendCertificate renewalThis will create a new certificate as a copy of the old one with a new serial number and adjusted validity values.ValidityNot beforeNot afterTime rangeLocal timeDaysMonthsYearsNo well-defined expirationMidnightApplyRevoke old certificateReplace old certificateKeep serial numberThe certificate will be earlier valid than the signer. This is probably not what you want.Edit datesAbort rolloutContinue rolloutAdjust date and continueThe certificate will be longer valid than the signer. This is probably not what you want.CertTreeViewHide unusable certificatesImport PKCS#12Import from PKCS#7RequestSecurity tokenOther tokenSimilar CertificateDelete from Security tokenCAPropertiesGenerate CRLManage revocationsImport OpenVPN tls-auth keyRenewalRevokeUnrevokePlain ViewTree ViewdaysNo templateCA PropertiesCertificate exportX509 Certificates ( *.pem *.cer *.crt *.p12 *.pfx *.p7b )vCalendar entry ( *.ics )OpenVPN file ( *.ovpn )OpenVPN tls-auth key ( *.key )ClickLabelDouble click for detailsCrlDetailDetails of the Revocation list&StatusVersionSignatureSigned byNameThe internal name of the CRL in the databaseissuing datesNext updateLast update&Issuer&Extensions&Revocation listCommentFailedUnknown signerVerification not possibleCrlTreeViewThere are no CA certificates for CRL generationSelect CA certificateRevocation list exportCRL ( *.pem *.der *.crl )vCalendar entry ( *.ics )ExportDialogNameThe internal name of the CRL in the database...FilenameEach Item in a separate fileSame encryption password for all itemsExport comment into PEM fileExport Format%n selected item(s)All files ( * )The file: '%1' already exists!OverwriteDo not overwriteThe path: '%1' exist, but is not a fileThe path: '%1' exist, but is not a directoryThe directory: '%1' does not exist. Should it be created?CreateFailed to create directory '%1'DirectoryFormlast updatenext updateDaysMonthsYearsApplyMidnightLocal timeNo well-defined expirationHelp<<>>&DoneImportMultiImport PKI ItemsImport &All&Import&Done&Remove from listDetailsDelete from tokenRename on token
Name: %1
Model: %2
Serial: %3Manage security tokenThe type of the item '%1' is not recognizedCould not open the default databaseThe file '%1' did not contain PKI dataThe %1 files: '%2' did not contain PKI dataItemPropertiesNameSourceInsertion dateCommentKeyDetailNameThe internal name of the key used by xcaSecurity tokenManufacturerSerialKeyPublic ExponentKeysizePrivate ExponentSecurity TokenLabelPKCS#11 IDToken informationModelFingerprintCommentDetails of the %1 keyNot availableAvailableSub primePublic keyPrivate keyCurve nameUnknown keyKeyTreeViewChange passwordReset passwordChange PINInit PIN with SO PIN (PUK)Change SO PIN (PUK)Security tokenThis is not a tokenShall the original key '%1' be replaced by the key on the token?
This will delete the key '%1' and make it unexportableKey exportPrivate Keys ( *.pem *.der *.pk8 );; SSH Public Keys ( *.pub )SSH Private Keys ( *.priv )Microsoft PVK Keys ( *.pvk )MainWindowPrivate Keys&New Key&Export&ImportImport PFX (PKCS#12)&Show Details&DeleteCertificate signing requests&New RequestCertificates&New CertificateImport &PKCS#12Import P&KCS#7Plain ViewTemplates&New Template&New CRLCh&ange TemplateRevocation listsUsing or exporting private keys will not be possible without providing the correct passwordThe currently used default hash '%1' is insecure. Please select at least 'SHA 224' for security reasons.Recent DataBasesSystemCroatianEnglishFrenchGermanJapaneseKoreanRussianSlovakSpanishPersianBulgarianPolishItalianChineseDutchPortuguese in BrazilIndonesianTurkishLanguage&FileOpen Remote DataBaseSet as default DataBaseNew DataBaseOpen DataBaseClose DataBaseOptionsExitI&mportKeysRequestsPKCS#12PKCS#7TemplateRevocation listPEM filePaste PEM fileTokenExport Certificate &Index hierarchyContent&Manage Security token&Init Security token&Change PINChange &SO PINInit PINExtra&Dump DataBase&Export Certificate IndexC&hange DataBase password&Undelete itemsGenerate DH parameterOID Resolver&HelpAboutImport PEM dataPlease enter the original SO PIN (PUK) of the token '%1'SearchPlease enter the new SO PIN (PUK) for the token '%1'The new label of the token '%1'The token '%1' did not contain any keys or certificatesRetry with PINRetry with SO PINCurrent PasswordPlease enter the current database passwordThe entered password is wrongNew PasswordPlease enter the new password to encrypt your private keys in the database-fileTransaction start failedDatabase: %1The currently used PFX / PKCS#12 algorithm '%1' is insecure.ChangeCertificate Index ( index.txt )All files ( * )Diffie-Hellman parameters saved as: %1Diffie-Hellman parameters are needed for different applications, but not handled by XCA.
Please enter the DH parameter bitsNewCrlLast updateNext updateDaysMonthsYearsMidnightLocal timeApplyOptionsCRL numberSubject alternative nameRevocation reasonsAuthority key identifierHash algorithmCreate CRLNewKeyPlease give a name to the new key and select the desired keysizeKey propertiesNameThe internal name of the new keyCurve nameUsually at least 2048 bit keys are recommendedNew KeyKeysizeKeytypeRemember as defaultCreateNewX509SourceSigning requestShow requestSign this Certificate signing &requestCopy extensions from the requestModify subject of the requestSigningCreate a &self signed certificateUse &this Certificate for signingAll certificates in your database that can create valid signaturesSignature algorithmTemplate for the new certificateAll available templatesApply extensionsApply subjectApply allSubjectInternal NameDistinguished nameAddDeletePrivate keyThis list only contains unused keysUsed keys too&Generate a new keyExtensionsTypeIf this will become a CA certificate or notNot definedCertification AuthorityEnd EntityPath lengthHow much CAs may be below this.The basic constraints should always be criticalKey identifierCreates a hash of the key following the PKIX guidelinesCopy the Subject Key Identifier from the issuerValidityNot beforeNot afterTime rangeDaysMonthsYearsApplySet the time to 00:00:00 and 23:59:59 respectivelyMidnightLocal timeNo well-defined expirationDNS: IP: URI: email: RID:EditURI:Key usageNetscapeAdvancedValidateCommentThis name is only used internally and does not appear in the resulting certificateCriticalCreate Certificate signing requestminimum size: %1maximum size: %1only a-z A-Z 0-9 '()+,-./:=?only 7-bit clean charactersEdit XCA templateCreate x509 CertificateTemplate '%1' appliedSubject applied from template '%1'Extensions applied from template '%1'New key '%1' createdOther TabsAdvanced TabErrorsFrom PKCS#10 requestErrorduplicate extensionsThe Name Constraints are invalidThe Subject Alternative Name is invalidThe Issuer Alternative Name is invalidThe CRL Distribution Point is invalidThe Authority Information Access is invalidAbort rolloutThe following length restrictions of RFC3280 are violated:Edit subjectContinue rolloutThe verification of the Certificate request failed.
The rollout should be aborted.Continue anywayThe internal name and the common name are empty.
Please set at least the internal name.Edit nameThere is no Key selected for signing.Select keyThe following distinguished name entries are empty:
%1
though you have declared them as mandatory in the options menu.The key you selected for signing is not a private one.Select other signerSelect other keyThe currently selected hash algorithm '%1' is insecure and should not be used.Select other algorithmUse algorithm anywayThe certificate will be earlier valid than the signer. This is probably not what you want.Edit datesAdjust date and continueThe certificate will be longer valid than the signer. This is probably not what you want.The certificate will be out of date before it becomes valid. You most probably mixed up both dates.The certificate contains invalid or duplicate extensions. Check the validation on the advanced tab.The certificate contains no extensions. You may apply the extensions of one of the templates to define the purpose of the certificate.The certificate contains invalid extensions.Edit extensionsThe subject alternative name shall contain a copy of the common name. However, the common name is empty.A name constraint of the issuer '%1' is violated: %2Configfile error on line %1
OidResolverOID ResolverEnter the OID, the Nid, or one of the textual representationsSearchOIDLong nameOpenSSL internal IDNidShort nameOpenDbOpen remote databaseDatabase typeHostnameUsernamePasswordDatabase nameTable prefixNo SqLite3 driver available. Please install the qt-sqlite package of your distributionOptionsXCA OptionsSettingsDefault hash algorithmString typesSuppress success messagesDon't colorize expired certificatesTranslate established x509 terms (%1 -> %2)The hashing functionality of the token is not used by XCA.
It may however honor a restricted hash-set propagated by the token.
Especially EC and DSA are only defined with SHA1 in the PKCS#11 specification.Only use hashes supported by the token when signing with a token keyDisable legacy Netscape extensionsPKCS12 encryption algorithmCertificate expiry warning thresholdSend vCalendar expiry reminderSerial number length bitDistinguished nameMandatory subject entriesAddDeleteExplicit subject entriesDynamically arrange explicit subject entriesDefaultPKCS#11 providerRemoveSearchPrintable string or UTF8 (default)PKIX recommendation in RFC2459No BMP strings, only printable and T61UTF8 strings only (RFC2459)All stringsDaysWeeksPwDialogThe password is parsed as 2-digit hex code. It must have an even number of digits (0-9 and a-f)Take as HEX stringRepeat %1%1 mismatchHex password must only contain the characters '0' - '9' and 'a' - 'f' and it must consist of an even number of charactersExitQObjectUndefinedBroken / Invalidin %1 seconds%1 seconds agoin %1 minutes%1 minutes agoYesterdayTomorrowin %1 hours%1 hours agoOut of dataError finding endmarker of stringAll files ( * )PKI Keys ( *.pem *.der *.key );; PKCS#8 Keys ( *.p8 *.pk8 );; Microsoft PVK Keys ( *.pvk );; SSH Public Keys ( *.pub );;Import RSA keyPKCS#10 CSR ( *.pem *.der *.csr );; Import RequestCertificates ( *.pem *.der *.crt *.cer );;Import X.509 CertificatePKCS#7 data ( *.p7s *.p7m *.p7b );;Import PKCS#7 CertificatesPKCS#12 Certificates ( *.p12 *.pfx );;Import PKCS#12 Private CertificateXCA templates ( *.xca );;Import XCA TemplatesRevocation lists ( *.pem *.der *.crl );;Import Certificate Revocation ListXCA Databases ( *.xdb );;Open XCA DatabaseOpenVPN tls-auth key ( *.key );;Import OpenVPN tls-auth keyPKCS#11 library ( *.dll );;PKCS#11 library ( *.dylib *.so );;PKCS#11 library ( *.so );;Open PKCS#11 shared libraryPEM files ( *.pem );;Load PEM encoded filePlease enter the PIN on the PinPadPlease enter the SO PIN (PUK) of the token %1Please enter the PIN of the token %1No Security token foundSelectPlease enter the new SO PIN (PUK) for the token: '%1'Please enter the new PIN for the token: '%1'Required PIN size: %1 - %2DisabledLibrary loading failedPKCS#11 function '%1' failed: %2PKCS#11 function '%1' failed: %2
In library %3
%4Invalid%1 is shorter than %2 bytes: '%3'%1 is longer than %2 bytes: '%3'String '%1' for '%2' contains invalid charactersError reading config file %1 at line %2The Object '%1' from file %2 line %3 is already known as '%4:%5:%6' and should be removed.The identifier '%1' for OID %2 from file %3 line %4 is already used for a different OID as '%5:%6:%7' and should be changed to avoid conflicts.Unknown object '%1' in file %2 line %3Failed to start a database transactionCountry codeState or ProvinceLocalityOrganisationOrganisational unitCommon nameE-Mail addressSerial numberGiven nameSurnameTitleInitialsDescriptionRolePseudonymGeneration Qualifierx500 Unique IdentifierNameDN QualifierUnstructured nameChallenge passwordBasic ConstraintsName ConstraintsSubject alternative nameissuer alternative nameSubject key identifierAuthority key identifierKey usageExtended key usageCRL distribution pointsAuthority information accessCertificate typeBase URLRevocation URLCA Revocation URLCertificate renewal URLCA policy URLSSL server nameCommentIndex file written to '%1'Index hierarchy written to '%1'Unknown key type %1Failed to write PEM data to '%1'Password verify error, please try againThe following error occurred:Failed to update the database schema to the current versionPasswordinsecureReqTreeViewSignUnmark signedMark signedSimilar RequestCertificate request exportCertificate request ( *.pem *.der *.csr )RevocationListManage revocationsAddDeleteEditNo.SerialRevocationReasonInvalidationGenerate CRLRevokeCertificate revocationRevocation detailsRevocation reasonLocal timeInvalid sinceSerialSearchPkcs11Directory...Include subdirectoriesSearchThe following files are possible PKCS#11 librariesSelectTokenSecurity tokenPlease select the security tokenTempTreeViewDuplicateCreate certificateCreate requestcopyPreset Template valuesTemplate exportXCA Templates ( *.xca )Validityyyyy-MM-dd hh:mmX509SuperTreeViewTransformTemplatePublic keyXFileError opening file: '%1': %2Error rewinding file: '%1': %2XcaDetailImportXcaTreeViewItem propertiesSubject entriesX509v3 ExtensionsNetscape extensionsKey propertiesResetHide ColumnDetailsColumnsExport PasswordPlease enter the password to encrypt all %n exported private key(s) in:
%1Singular form for 0 or 1 item can be ignored. Will always be called with n >= 2NewImportPaste PEM dataRenamePropertiesDeleteExportClipboardFileClipboard formatdatabase_modelPlease enter the password to access the database server %2 as user '%1'.Unable to create '%1': %2The file '%1' is not an XCA databaseNo SqLite3 driver available. Please install the qt-sqlite package of your distributionNew PasswordPlease enter a password, that will be used to encrypt your private keys in the database:
%1PasswordPlease enter the password for unlocking the database:
%1db_baseInternal nameNo.Primary keyDatabase unique numberDateDate of creation or insertionSourceGenerated, Imported, TransformedCommentFirst line of the comment fieldImport from: %1Could not create directory %1db_crlSignerInternal name of the signerNo. revokedNumber of revoked certificatesLast updateNext updateCRL numberThe revocation list already exists in the database as:
'%1'
and so it was not importedFailed to initiate DB transactionDatabase error: %1db_keyTypeSizeEC GroupUsePasswordThe key is already in the database as:
'%1'
and is not going to be importedThe database already contains the public part of the imported key as
'%1
and will be completed by the new, private part of the keyExtending public key from %1 by imported key '%2'Key size too small !You are sure to create a key of the size: %1 ?Internal key update: The keys: %1 must be updated once by resetting and setting its private passwordTried to change password of a tokendb_tempBad template: %1Empty templatedb_x509CAreflects the basic Constraints extensionSerialStart dateExpiry dateMD5 fingerprintSHA1 fingerprintSHA256 fingerprintNot beforeNot afterRevocationCRL ExpirationFailed to retrieve unique random serialThe certificate already exists in the database as:
'%1'
and so it was not importedSigned on %1 by '%2'UnknownInvalid public keyThe key you selected for signing is not a private one.Failed to create directory '%1'Store the certificate to the key on the token '%1 (#%2)' ?There was no key found for the Certificate: '%1'Not possible for a token key: '%1'Not possible for the token-key Certificate '%1'db_x509nameSubjectComplete distinguished nameSubject hashHash to lookup certs in directoriesdb_x509reqSignedwhether the request is already signed or notUnstructured nameChallenge passwordCertificate countNumber of certificates in the database with the same public keyThe certificate signing request already exists in the database as
'%1'
and thus was not storeddb_x509superKey nameInternal name of the keySignature algorithmKey typeKey sizeEC GroupExtracted from %1 '%2'CertificateCertificate requestThe following extensions were not ported into the templateTransformed from %1 '%2'kvViewTypeContentpass_infoPasswordPINpkcs11_libFailed to open PKCS11 library: %1: %2This does not look like a PKCS#11 library. Symbol 'C_GetFunctionList' not found.pki_baseUnknownImportedGeneratedTransformedTokenLegacy DatabaseRenewedProperty '%1' not listed in 'pki_base::print'Internal error: Unexpected message: %1 %2pki_crlSuccessfully imported the revocation list '%1'Successfully created the revocation list '%1'Delete the %n revocation list(s): '%1'?Unable to load the revocation list in file %1. Tried PEM and DER formatted CRL.No issuer givenCRL Renewal of CA '%1' dueThe latest CRL issued by the CA '%1' will expire on %2.
It is stored in the XCA database '%3'Renew CRL: %1The XCA CRL '%1', issued on %3 will expire on %4.
It is stored in the XCA database '%5'pki_evpPlease enter the password to decrypt the private key %1.The key from file '%1' is incomplete or inconsistent.Please enter the password to decrypt the private key from file:
%1Unable to load the private key in file %1. Tried PEM and DER private, public, PKCS#8 key types and SSH2 format.Please enter the password to decrypt the private key: '%1'Password input abortedPlease enter the database password for decrypting the key '%1'Decryption of private key '%1' failedPlease enter the password to protect the private key: '%1'Please enter the database password for encrypting the keyPlease enter the password to protect the PKCS#8 key '%1' in file:
%2Please enter the password to protect the private key '%1' in file:
%2pki_exportPEM Text format with headersPEM selectedConcatenated list of all selected certificates in one PEM text filePEM chainConcatenated text format of the complete certificate chain in one PEM fileThe complete certificate chain and the private key of the selected certificate with tags usable in OpenVPN configuration filesPEM + keyConcatenation of the certificate and the unencrypted private key in one PEM fileConcatenation of the certificate and the encrypted private key in PKCS#8 format in one fileAll unusableConcatenation of all expired or revoked certificates in one PEM filePKCS#7 encoded single certificateAll selected certificates encoded in one PKCS#7 filePKCS #7 chainPKCS#7 encoded complete certificate chainPKCS #7 unusablePKCS#7 encoded collection of all expired or revoked certificatesBinary DER encoded certificatePKCS #12 chainThe complete certificate chain and the private key as encrypted PKCS#12 filePKCS #12The certificate and the private key as encrypted PKCS#12 fileCertificate Index fileOpenSSL specific Certificate Index file as created by the 'ca' command and required by the OCSP toolvCalendarvCalendar expiry reminder for the selected itemsCA vCalendarvCalendar expiry reminder containing all issued, valid certificates, the CA itself and the latest CRLOpenSSL configOpenSSL configuration file to create a certificate or request with the openssl commandline toolOpenVPN tls-auth keyThe OpenVPN tls-auth key is a secret key shared between endpointsJSON Web KitThe public key of the certificate in JSON Web Kit format with X.509 Certificate Thumbprint (x5t)JSON Web Kit chainThe public key of the certificate in JSON Web Kit format with X.509 Certificate Thumbprint (x5t) and certificate chain (x5c)PEM publicText format of the public key in one PEM filePEM privateUnencrypted private key in text formatPEM encryptedOpenSSL specific encrypted private key in text formatSSH2 privateSSH2 publicThe public key encoded in SSH2 formatDER publicBinary DER format of the public keyDER privateUnencrypted private key in binary DER formatPVK privatePrivate key in Microsoft PVK format not encryptedPKCS #8 encryptedEncrypted private key in PKCS#8 text formatPKCS #8Unencrypted private key in PKCS#8 text formatJSON Web Key privateUnencrypted private key in JSON Web Key formatJSON Web Key publicPublic key in JSON Web Key formatBinary DER format of the certificate requestBinary DER format of the revocation listvCalendar reminder for the CRL expiry dateXCA template in PEM-like format. Templates include the internal name and commentAll selected XCA templates in PEM-like format. Templates include the internal name and commentpki_keyPublic keySuccessfully imported the %1 public key '%2'%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is the internal name of the keyDelete the %n %1 public key(s) '%2'?%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is/are the internal name(s) of the key(s)Successfully imported the %1 private key '%2'%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is the internal name of the keyDelete the %n %1 private key(s) '%2'?%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is/are the internal name(s) of the key(s)Successfully created the %1 private key '%2'%1 will be replaced by 'RSA', 'DSA', 'EC'. %2 is the internal name of the keyCommonPrivateBogusPINNo passwordUnexpected SSH2 content: '%1'Invalid SSH2 public keyFailed writing to %1pki_multiNo known PEM encoded items foundpki_pkcs12Please enter the password to decrypt the PKCS#12 file:
%1Unable to load the PKCS#12 (pfx) file %1.The supplied password was wrong (%1)Please enter the password to encrypt the key of certificate '%1' in the PKCS#12 file:
%2No key or no Cert and no pkcs12pki_pkcs7Unable to load the PKCS#7 file %1. Tried PEM and DER format.pki_scardSuccessfully imported the token key '%1'Successfully created the token key '%1'Delete the %n token key(s): '%1'?Delete the private key '%1' from the token '%2 (#%3)' ?This Key is already on the tokenPIN input abortedUnable to find copied key on the tokenPlease insert card: %1 %2 [%3] with Serial: %4Select Slot of %1Unable to find generated key on cardToken %1Failed to find the key on the tokenInvalid Pin for the tokenFailed to initialize the key on the tokenpki_tempSuccessfully imported the XCA template '%1'Successfully created the XCA template '%1'Delete the %n XCA template(s): '%1'?Wrong Size %1Template file content error (too small)Not a PEM encoded XCA TemplateNot an XCA Template, but '%1'pki_x509Successfully imported the certificate '%1'Successfully created the certificate '%1'Delete the %n certificate(s): '%1'?Unable to load the certificate in file %1. Tried PEM and DER certificate.Invalid OpenVPN tls-auth keyFailed to import tls-auth keySame tls-auth key already stored for this CANew tls-auth key successfully importedExisting tls-auth key successfully replacedThis certificate is already on the security tokenDelete the certificate '%1' from the token '%2 (#%3)'?There is no key for signing !NoYesRenew certificate: %1The XCA certificate '%1', issued on %2 will expire on %3.
It is stored in the XCA database '%4'pki_x509reqSigning key not valid (public key)Successfully imported the PKCS#10 certificate request '%1'Delete the %n PKCS#10 certificate request(s): '%1'?Successfully created the PKCS#10 certificate request '%1'Unable to load the certificate request in file %1. Tried PEM, DER and SPKAC format.SignedUnhandledv3extCopy Common NameAddDeleteApplyValidateCancelAn email address or 'copy'An email addressA registered ID: OBJECT IDENTIFIERA uniform resource indicatorA DNS domain name or 'copycn'A DNS domain nameAn IP addressSyntax: <OID>;TYPE:text like '1.2.3.4:UTF8:name'No editing. Only 'copy' allowed hereValidation failed:
'%1'
%2Validation successful:
'%1'xcaWarningGuiCopy to Clipboard