Implement full command-line support for XCA

[SagnikGanguly96]

Implementing full command-line support for XCA will allow the users to develop APIs to automate the processes of XCA.

[itsKV]

Afaik, XCA itself is a GUI wrapper for command line utility openssl. Command line procedure is itself implemented on openssl.

[SagnikGanguly96]

Afaik, XCA itself is a GUI wrapper for command line utility openssl. Command line procedure is itself implemented on openssl.

I want to use the same database as XCA use

[chris2511]

XCA uses OpenSSL library calls for the crypto stuff and does not execute the openssl binary.

https://www.hohnstaedt.de/xca/index.php/documentation/manual
explains how to directly extract items from the database.

full command-line support

Sounds like a lot of work for me.
Is there something special you need the most? Then maybe I can add the important things first.
Script controlled CRL generation as a recurring task is implemented.

Providing (as well as parsing) all the details about a new certificate for example can be very cumbersome on the commandline.

What is your use-case

[SagnikGanguly96]

I want to create A PHP script to issue/renew/auto-renew CRTs and export them to the server.

[Wernfried]

Basically everything is available.

• Get a list of items in xca database:

xca.exe --list-items --database="CertDB.xdb"

• Get a certificate request and redirect into file:

xca.exe --no-gui --database="CertDB.xdb" --pem  --select=311 > request.csr

Or get the item with sqlite directly, see https://github.com/chris2511/xca/blob/main/doc/rst/database.rst

• Sing the request with openssl:

req -x509 -days 365 -CA ... -CAkey ... -sha256 -noenc -in request.csr -out certificate.crt

• Import the signed certificate into xca

cat certificate.crt | xca.exe --no-gui --database="CertDB.xdb" --import --name="My new cert"

I did not test it, but I guess it will work.