TinyCA: simple user interface to manage a small CA

April 8th, 2007 edited by Tincho

Entry submitted by Julien Valroff. DPOTD needs your help, please contribute !

TinyCA aims at helping you in the certification authority (CA) management task. Despite its easy-to-use and somewhat intuitive interface, it provides extended functions for advanced users who want to simplify their life.

Screenshot: CA & certificate list tabs

TinyCA - main window

TinyCA - certificate list

It works like a front-end for OpenSSL and offers (almost) the same features, amongst which:

  • Unlimited CAs: you can work with several CAs, choice is made when opening the main window or from an easily accessible button
  • Creation and revocation of x509 - S/MIME certificates
  • Import already existing CAs
  • Export client and server certificates in PEM, DER, TXT and PKCS#12 formats

Screenshot: create & import CA dialogs

TinyCA - creating a new CA

TinyCA - importing an already existing CA

Users already familiar with OpenSSL will be able to work immediately with TinyCA, while the more inexperienced will first have to look for documentation on certificate management elsewhere, as suggested by TinyCA documentation page:

TinyCA - help

TinyCA reveals particularly useful when you have to manage a bunch of certificates, eg. in the case of an OpenVPN tunnel. In this case, I do only regret TinyCA is not able to generate Diffie-Hellman keys, for which you still need to use OpenSSL from the command line.

TinyCA is available in Debian Sarge in the GTK version, whereas the latest version in Debian testing and unstable is based on the Perl-Gtk2 bindings (this lead upstream developer to call the new generation TinyCA2, whereas the Debian package kept the name tinyca). The package is also available for Ubuntu users in the universe component.

Once the package is installed, do not look for a TinyCA entry in your GNOME or KDE menu, none is provided. Instead, just look in the Debian menu, or simply launch the command in a terminal emulator: tinyca2.

If you end up using TinyCA, remember to keep your ~/.TinyCA directory private, as it contains the private keys for your CA and your certificates! Also do use a secure method for transferring your keys to the machine, eg. ssh.

Posted in Debian, Ubuntu |

2 Responses

  1. erich Says:

    TinyCA is amongst the best pieces of open source software. It’s the first (and so far the only one) actually usable tool for making and signing etc certificates. Superb stuff.

  2. Anubis24 Says:

    Is there anyway to import .pfx , .pem and etc pre-existing certificates into TinyCA?