Home / Support / Knowledge Base / How to create a CA-Signed certificate using XCA application

How to create a CA-Signed certificate using XCA application

This article explains how to create a CA-Signed certificate using XCA application.

First, we need to create Certification authority (CA) certificate.

 

  1. Click the Certificates tab
  2. Click the New Certificate button
  3. Under Signing settings select “Create a self-signed certificate”
  4. Under  “Template for the new certificate”, select [default] CA and click Apply all

 

 

 

      5.Click the Subject tab and fill in all the information then click the Generate a new key button.

      6. Click the the Extensions tab and chose the Certification Authority Type under X509v3 Basic Constraints and click OK

 

 

 

Next, we need to create a device certificate.

 

  1. Click the Certificates tab
  2. Click the New  Certificate button
  3. Under Signing, make sure to select “Use this Certificate for signing” and chose the previously created CA.
  4. Under “Template for the new certificate”, select default HTTPS_server and click Apply all

 

 

        5. Go to the Subject tab, fill in all the information then click the Generate a new key button and click OK

 

 

 

 

 

 

Parameter

Setting

Internal name

This is for display purposes in the tool, only

Country Name

The two-letter ISO 3166 abbreviation for your country.

In this example:DE

State or Province Name

The state or province where your organization is legally located. Do not abbreviate.

In this example: BY

Locality Name

The city where your organization is legally located. Do not abbreviate.

In this example: Ismaning

Organization Name

The exact legal name of your organization. Do not abbreviate your organization name.

In this example: Digi

Organizational Unit Name

Section of the organization.

Examples of sections are Marketing, Research and Development, Human Resources or Sales.

In this example:Support

Common Name

In this example, EZ4 will be used.

Email Address

Enter your organization general email address.

In this example support@digi.com
 
 
 

 

          6. The certificate should now appear in the window under the CA certificate.

 

     Export the certificates and keys in .PEM format

  1. Select the Certificates Tab.
  2. Highlight the CA certificate and click the Export button
  3. Highlight the EZ4 certificate and click the Export button
  4. In the Certificate export window, select PEM as the export format and click OK

 

 

  1. Select the Private Keys tab.
  2. Highlight the host certificate and click the Export button
  3. In the Key export window, select PEM as the export format and click OK

 

 

 

Last updated: Sep 30, 2025

Recently Viewed

No recently viewed articles

Did you find this article helpful?