
little helper to parse xca templates

Primary LanguagePythonGNU General Public License v3.0GPL-3.0


xca_template_helper.py can be used to decode certificate templates used by XCA which is a great tool for managing certificates for home- and small enterprise networks.

XCA templates are stored in a proprietary format. I tried to reverse-engineer the format as my request for documentation has unfortunately not been answered.

Special thanks to @mpeylo for the initial analysis.


Before running the tool you need to export the template into a file.


After export you can run the parse to get the details.

grindsa@ub18-04:~$ py ./xca_template_parser.py example/example.xca

The script will print two dictionaries on std-out:

  • a list of dn attributes taken from the template
  • a list of certificate attributes and extensions
# DN attributes
{'commonName': 'cn',
 'countryName': 'co',
 'localityName': 'locality',
 'organizationName': 'organization',
 'organizationalUnitName': 'ou',
 'stateOrProvinceName': 'state'}

# certificate extensions and attributes
{'adv_ext': None,
 'authInfAcc': None,
 'authKey': '1',
 'basicPath': None,
 'bcCritical': '1',
 'ca': '2',
 'crlDist': 'URI:http://foo.bar',
 'eKeyUse': 'serverAuth, clientAuth, ipsecEndSystem, ipsecTunnel, ipsecUser',
 'ekuCritical': '1',
 'issAltName': None,
 'keyUse': '3',
 'kuCritical': '1',
 'noWellDefinedExpDate': '0',
 'nsBaseUrl': None,
 'nsCARevocationUrl': None,
 'nsCaPolicyUrl': None,
 'nsCertType': '5',
 'nsComment': 'xca certificate',
 'nsRenewalUrl': None,
 'nsRevocationUrl': None,
 'nsSslServerName': None,
 'subAltName': None,
 'subKey': '1',
 'validM': '1',
 'validMidn': '0',
 'validN': '1'}


Please read CONTRIBUTING.md for details on my code of conduct, and the process for submitting pull requests. Please note that I have a life besides programming. Thus, expect a delay in answering.


I use SemVer for versioning. For the versions available, see the tags on this repository.


This project is licensed under the GPLv3 - see the LICENSE file for details