2011-06-20 new version 1.7.4 in beta

New functionality:

2010-11-10 new version 1.7.3 released

New functionality:

Implementation of "Extended Key Usage" parameter to allow the creation of certificates that require it. I needed it to generate certificates for Microsoft Windows to enable the active directory LDAPS function by adding the "SSL/TLS Web Server Authentication" extended key usage. At this time, only the extension values below have been implemented:

I did not implement the OID's 1.3.6.1.5.5.7.3.5-7. They belong to id-kp-ipsecEndSystem, id-kp-ipsecTunnel and id-kp-ipsecUser and are reported to be obsolete as per RFC 4945 section 5.1.3.12, "ExtendedKeyUsage".

Regardless what the certificate request contains, the extended key usage must be always explicitly set at the request verification screen to be included in the certificate. Even if a externally generated request did not add this attribute, it can be set additionally with WebCert.

2008-03-20 new version 1.7.2 released

Bug Fix:

- The nasty P12 export function still created a empty zero byte p12 file in cases when no private key was paste'd at all. I also added an extra comment that the private key file is really needed for pkcs12 export.

2007-12-20 new version 1.7.1 released

Bug fix only:

- The P12 export function failed when a private key was paste'd with multiple trailing empty lines, creating a empty zero byte p12 file.

- A link to a S/Mime certificate creation How-To was added to help.

2007-12-15 new version 1.7.0 released

New functionality:

- Full support for generation of S/MIME certificates

- the new certexport.cgi convienently converts a existing PEM certificate into either DER or PKCS12 format. The files are copied into the export directory of the webcert web application. In the case of PKCS12, the private key must be supplied in PEM format (cut&paste), together with a passphrase for protection.

- the certsearch.cgi function has been expanded to filter certificates by their serial number

Bug fixes:

- The button in genrequest.cgi was pointing to certrequest.cgi instead of refering back to buildrequest.cgi.

- the latest CGI were missing in the top level Makefile

- the REQLEN parameter was to small for certificates with a 4096 bit key.

- getcert.cgi had a minor display bug in the HTML table

2007-10-15 new version 1.6.0 released

New functionality:

- to find particular certificates, the new certsearch CGI can filter the cert store per subject field, validation or expiration date. This helps to identify certificates that are about to expire, and renew them before they become invalid.

- set font to Arial in certverify.cgi and genrequest.cgi for consistent look and feel across CGI's.

2007-07-01 new version 1.5.0 released

New functionality:

- certstore.cgi gets a new column, displaying how long the certificate is still valid. It is shown in days remaining and as a pseudo-graphical bar representing the percentage of time left, compared to the certificate lifetime. The selection to display a certificate either in PEM or TXT format has been added to certstore.cgi for quicker access.

Bug fixes:

- certstore.cgi display fails to sort correctly if store has more then 255 certificate files because alphasort fails when the .pem filename gets the next 2 digits added after FF.pem is reached (255). I wrote hexsort to correct that.

- fixed a minor display bug on the control panel in certstore.cgi, which is visible in konqueror. Improved pixel count for displaying the bar.

- fixed wrong page count for certstore.cgi. When the number of certs is divisible through the max. entries per page without remainder, meaning that all pages are filled to the max, a extra empty page was generated.

- compiler warnings complain about pointer targets differ in signedness: new compilers are so picky and warn about implicit data type promotion. I added explicit casting to avoid these errors.

2006-02-10 new version 1.4.0 released

New functionality:

- certificate options can be set: Client, Server, Signing, E-Mail, Expiration ...

Expiration is a most convenient feature. Usually certificates are valid several years. IF you want to experiment with short validity, set days to 1. Further visions: Imagine you want to give access to a resource using a client certificate that should expire with the end of a contract at a certain date. How about being able to enter a start and end date similar to 'openssl ca -startdate -enddate'?

- Expired certificates are marked red in the list by comparing their expiration date to the date of the webcert host.

- webcert verified to work with openssl-0.9.8a

2005-06-25 new version 1.3.0 released

New functionality:

- Implementation of the serial number management is the base for further improvements:

* certificates are not just displayed but also saved in the /certs directory. The serial number serves as the file name in tradition with identical OpenSSL behaviour.

* new certificate requests are generated with buildrequest.cgi and genrequest.cgi, then forwarded for immediate signing.

* buildrequest.cgi is now the new entry page while certrequest.cgi which handles paste of existing PEM requests, got a new menu item on the top menu.

- certstore.cgi has been re-written to display the certificates sorted by creation time. Latest certs now appear first by default and it can be switched to show oldest first, also.

Bug Fixes:

- certstore.cgi fails when certs are available in the certs directory, but the webserver has no rights to read it. Fix: When a cert is not readable, it is marked as not readable in the list.

- Having a extra newline at the end of a cut-&-paste certificate request results in a BEGIN/END lines error. Now the additional newline will be stripped off in certverify.cgi and certsign.cgi.

Please send requests, bug reports and comments as usual to: support[at]frank4dd.com

Topics: