Authority Assistant¶

The certification authority creation assistant is the part of kCA responsible for creation of new certification authorities. It's main purpose is to simplify CA generation as much as possible while keeping all options available.

The assistant will thus be created from multiple pages with the first deciding which route is to be taken. There are three options planned so far:

• Creation from a given certificate
  This will reduce option to selection which certificate to use, where to store/find private key and which friendly name is to be used for the authority.
  The certificate must be usable for certificate signing of course, this is checked by
  the assistant. Unusable certificates will be rejected.
  Also the private key to the desired certificate must be accessible.
• Creation with a self-signed certificate (Root CA)
  This will yield most options as an entire certificate is needed to be created in the process, including extensions defining future usage and - if needed - public storage areas. Other needed information is the same as below.
  It will also require definition of the authority's subject and key length.
• Creation with a new certificate, signed by a kCA-managed authority (Intermediate CA)
  This option is almost the same as above, it will just skip the certificate's extensions step, as those are predefined by the signing authority.
  The selected authority must be capable of producing a certificate which is in turn allowed to sign certification requests.