CA management made easy using GUIs

This list only includes free software as defined by the GNU foundation.
Please contribute a small description if you think your favorite tool should be included in the list.

GnoMint for Gnome desktop

GnoMint allows any person to run a Certification Authority, creating certificates for any purpose: e-mail signing and/or crypting; TLS authentication through web, VPNs or other protocols; secured web-servers... Its development was started due to the lack of a 'just-works' CA software: creating a CA from zero, through open-source command-line utilities, was possible, but was unconfortable to remember all the neccessary parameters. And you had to create a difficult configuration file. So here it is gnoMint, and it will help you all systems and network administrators to deploy a Certification Authority very easily. Currently, gnoMint allows:
  • Creating all the infrastructure to keep and run a Certification Authority, saved in only one file.
  • Create Certification Signing Requests, allowing to export them to PKCS#8 files, so they can be send to other CAs.
  • Create X.509 certificates, with a usual set of subject-parameters.
  • Export certificates and private keys to PEM files, so they can be used by external applications.
  • For each CA, establish a set of policies for certificate generation.
  • Import CSRs made by other applications
  • Export PKCS#12 structures, so the certificates can be imported easily by web and mail clients.
  • Revoke certificates, and generate the corresponding CRLs
  • Allow the possibility of keeping the CA private key, or other private keys, in external files or devices (as USB drives)
  • Allow the management of a whole hierarchy of CAs, with their respectives certificates.
  • Import pre-existing Certification Authorities, with all their data.
  • Allow an easy CA operation from command-line tools, for batch certificate creation, or integration with other utilities.\\

TinyCA for Gnome Desktop

TinyCA supports the following features:
  • Unlimited CAs possible
  • Support for creating and managing SubCAs
  • Creation and Revocation of x509 - S/MIME certificates
  • PKCS#10 Requests can be imported and signed
  • RSA and DSA keys can be generated and used
  • ServerCertificates
    • Certificates can be exported as: PEM, DER, TXT and PKCS#12
    • Certificates may be used with e.g. Apache, Postfix, OpenLDAP, Cyrus, FreeS/WAN, OpenVPN, OpenSWAN, FreeRadius
  • ClientCertificates
    • Certificates can be exported as: PEM, DER, TXT and PKCS#12
    • Certificates may be used with e.g. Netscape, Konqueror, Opera, Internet Explorer, Outlook (Express) and FreeS/WAN
  • Certificate Revocation List
  • CRLs can be exported as: PEM, DER and TXT

Xca for GNU/Linux, Mac OS X, Windows

Graphical certification authority is an interface for managing asymetric keys like RSA or DSA. It is intended as a small CA for creation and signing certificates. It uses the OpenSSL library for the cryptographic operations.