https://github.com/grindsa/xca_template_parser

little helper to parse xca templates
https://github.com/grindsa/xca_template_parser

certificate-authority xca xca-template

Last synced: 28 days ago
JSON representation

little helper to parse xca templates

• Host: GitHub
• URL: https://github.com/grindsa/xca_template_parser
• Owner: grindsa
• License: gpl-3.0
• Created: 2020-09-20T07:41:03.000Z (over 5 years ago)
• Default Branch: master
• Last Pushed: 2020-09-21T08:15:56.000Z (over 5 years ago)
• Last Synced: 2026-04-26T07:06:50.906Z (about 2 months ago)
• Topics: certificate-authority, xca, xca-template
• Language: Python
• Homepage:
• Size: 70.3 KB
• Stars: 1
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          

# xca_template_parser

`xca_template_helper.py` can be used to decode certificate templates used by [XCA](https://github.com/chris2511/xca) which is a great tool for managing certificates for home- and small enterprise networks.

[XCA templates](https://www.hohnstaedt.de/xca/index.php/documentation/manual) are stored in a proprietary format. I tried to reverse-engineer the format as my [request for documentation](https://github.com/chris2511/xca/issues/197) has unfortunately not been answered.

Special thanks to [@mpeylo](https://github.com/mpeylo) for the initial analysis.

## Usage

Before running the tool you need to export the template into a file.

![xca-ca-list](xca.png)

After export you can run the parse to get the details.

```bash

grindsa@ub18-04:~$ py ./xca_template_parser.py example/example.xca

```

The script will print two dictionaries on std-out:

- a list of dn attributes taken from the template

- a list of certificate attributes and extensions

```python

# DN attributes

{'commonName': 'cn',

 'countryName': 'co',

 'localityName': 'locality',

 'organizationName': 'organization',

 'organizationalUnitName': 'ou',

 'stateOrProvinceName': 'state'}

# certificate extensions and attributes

{'adv_ext': None,

 'authInfAcc': None,

 'authKey': '1',

 'basicPath': None,

 'bcCritical': '1',

 'ca': '2',

 'crlDist': 'URI:http://foo.bar',

 'eKeyUse': 'serverAuth, clientAuth, ipsecEndSystem, ipsecTunnel, ipsecUser',

 'ekuCritical': '1',

 'issAltName': None,

 'keyUse': '3',

 'kuCritical': '1',

 'noWellDefinedExpDate': '0',

 'nsBaseUrl': None,

 'nsCARevocationUrl': None,

 'nsCaPolicyUrl': None,

 'nsCertType': '5',

 'nsComment': 'xca certificate',

 'nsRenewalUrl': None,

 'nsRevocationUrl': None,

 'nsSslServerName': None,

 'subAltName': None,

 'subKey': '1',

 'validM': '1',

 'validMidn': '0',

 'validN': '1'}

```

## Contributing

Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on my code of

conduct, and the process for submitting pull requests.

Please note that I have a life besides programming. Thus, expect a delay

in answering.

## Versioning

I use [SemVer](http://semver.org/) for versioning. For the versions available,

see the [tags on this repository](https://github.com/grindsa/xca_template_parser/tags).

## License

This project is licensed under the GPLv3 - see the [LICENSE](LICENSE) file for details