Version History

Version 3.1

Command line interface (see help pages for details)
Updated toolbar with new icons and search filter
Subject Alternative Name and Organisational Unit fields can now contain multiple values, separated by semi-colon
CA management dialog contains a new option to export CA identity to file
Certificate key length and algorithm settings are now an attribute of certificate type, not default settings
CA certificates no longer require cRLSign key usage to be set
Fixed bug where importing a PEM identity file for a user did not import the private key
Optimisations to support large numbers of users and certificates
Stability improvements and other minor bug fixes
Some features are restricted based on license type (for new licenses only, existing licenses are not limited)

Windows 7 and Mac OS-X 10.6 support
Support for using SubjectAltName certificate extension with DNS Name, IP Address or URI content
Uses Java 1.6 or later for improved performance
Updated third party library dependencies
Fixed bug where user details were written to disk too often in some circumstances

CA certificates can be re-signed using a third party CA, allowing better integration with an existing PKI
Certificate Signing Request file processing updated for increased flexibility in handling extension requests
New edit button for user details to prevent settings from accidentally being changed
Active users can be deleted without having to first make them inactive
New users that are accidentally created are automatically removed if no settings are updated
Importing a PKCS#12 identity file that contains multiple key/certificate pairs will import all pairs
Fixed problem on Vista where installer incorrectly reports that the program was not installed correctly
Minor UI improvements

Custom certificate types, both for user and CA certificates
Improved compatibility of PKCS#12 files
Support for PKCS#7 (.p7b or .p7c) certificate encoding format
Support for generating CRL files with PEM encoding
User notes field for recording comments against user entries
Compliance with rfc5280 (the successor to rfc3280)
Fixed bug where certificates that expire in less than 1 day were incorrectly sorted
Fixed bug where changing data directory and creating a new CA creates the CA in the old directory
Other minor improvements

Support for certificate revocation and Certificate Revocation List (CRL) issuing
Support for processing extension requests in Certificate Signing Request files
The CA certificate can be exported in PEM format or to a directory
PEM formatted identity files can optionally also include a copy of the certificate
Certificate validity can now include a fraction of a day
Improved performance for handling large numbers of users and certificates
Improved support for integration with an LDAP directory
Minor bug fixes and other improvements

Integration with third party calendar applications for managing certificate expiry dates
Improved support for working with multiple CAs, including easy switching between CAs
Certificate details dialog includes new "Advanced" tab with detailed certificate information
Support for Linux and similar platforms
Improved compatibility for Certificate Signing Request (CSR) file processing
Certificate validity can be set to 0 days (useful for generating test certificates)
Support for all ISO-3166-1 country names in certificates
Minor UI improvements and bug fixes

User details can be imported individually or in batch from LDIF and vCard files
User identity files (PKCS#12 and PEM) can be imported
Certificates can be dragged and dropped between the certificate table and file system
Certificate table allows multiple row selection for certificate viewing, export, deleting, etc.
New help information on using certificates in applications
Minor UI improvements
Fixed bug where non-numeric certificate validity causes freeze when issuing a new certificate
Fixed bug where directory publishing causes freeze if an active user exists with no certificates
Fixed toolbar UI bug on Windows with Java 1.6.0_02 or 1.6.0_03
Supports OS-X 10.5 (Leopard)

User identity files can be automatically and securely backed up, for future recovery
Certificates can be published to an LDAP directory, such as for use by mail clients
Certificate Signing Request (CSR) files from other applications can be processed
Server certificates can now identify an IP address as an alternative to domain name
Improved sorting behaviour when selecting Days to Expiry column in the users table
Many UI improvements
Minor bug fixes

CA certificate details can be viewed
Randomly generated passwords can be displayed in the confirmation dialog
A copy of subordinate CA identity files can be retained for working with CA hierarchies
Export format can be specified when exporting single certificate entries
Certificate details dialog now contains fingerprint field
Country setting is now an optional field, like email and organisation
The user name can now be left blank, in which case new certificates will not include a commonName
Publishing behaviour changed so that the most recently issued valid certificate from a user is the preferred certificate, instead of the last expiring certificate
Fixed bug where default country setting was not being applied properly
Fixed UI bug where the user table was not updated when the user's name is cleared
General code cleanup and improvements

General Purpose certificates (for secure email, document signing, VPN and/or client SSL use)
SSL server certificates
RSA 1024/2048/4096 key lengths, SHA-1/256/384/512 digest algorithms
PKCS#12/DER and PEM-encoding (with and without password) file formats
Supports random password generation for new identity files
Can be used to generate self-signed certificates, or multi-CA hierarchies
Includes detailed help pages