Back to Projects
Project Details

ZLGetCert

Modern Windows app for certificate requests from on-premises CA without PowerShell

View on GitHub

License .NET Framework Release

Overview

ZLGetCert is a modern Windows WPF application that simplifies certificate requests from on-premises Certificate Authority (CA) without requiring PowerShell or command-line expertise. Features a clean, card-based UI with comprehensive configuration management.

Status: Stable release v1.8.2 β€” digitally signed installer. See the latest release on GitHub.

Key Features

  • 🎨 Modern UI: Clean, card-based interface with improved UX and visual hierarchy
  • πŸ“œ Multiple Certificate Types: Standard, Wildcard, and CSR-based certificates
  • βš™οΈ Configurable Options: Dynamic hash algorithms and log levels from configuration
  • πŸ“ Centralized Logging: Comprehensive logging system
  • πŸ”§ Environment Configuration: Flexible appsettings.json configuration
  • πŸ” Pure .NET PEM/KEY Export: No external dependencies required
  • πŸ”’ Secure Password Handling: User-configurable PFX passwords with secure storage
  • ⛓️ Certificate Chain Support: Automatic root/intermediate compilation
  • ⚑ Real-time Validation: JSON validator with instant feedback

Quick Start

Prerequisites

  • Windows Server 2016 or later
  • .NET Framework 4.8
  • No OpenSSL required (built-in PEM/KEY export)
  • Administrator privileges (for certificate store operations)

Getting Started

  1. Download: Get the latest release from GitHub
  2. Configure: Set up your CA settings via Edit β†’ Settings
  3. Generate: Create certificates using the intuitive interface

Certificate Types

Standard Certificate

Create regular hostname certificates with multiple Subject Alternative Names (SANs):

  1. Select β€œStandard Certificate” radio button
  2. Enter hostname in the Domain field
  3. Add SANs if needed
  4. Configure organization information
  5. Set PFX password
  6. Click β€œGenerate Certificate”

Wildcard Certificate

Generate wildcard domain certificates:

  1. Select β€œWildcard Certificate” radio button
  2. Enter wildcard domain (e.g., *.domain.com)
  3. Configure location and company details
  4. Set PFX password
  5. Generate certificate

CSR-Based Request

Submit existing Certificate Signing Requests:

  1. Select β€œFrom CSR” radio button
  2. Browse to existing CSR file
  3. Set PFX password
  4. Submit to CA

Configuration

appsettings.json Structure

{
  "CertificateAuthority": {
    "Server": "your-ca-server.domain.com",
    "Template": "WebServerV2",
    "DefaultCompany": "your-domain.com",
    "DefaultOU": "IT"
  },
  "FilePaths": {
    "CertificateFolder": "C:\\ssl",
    "LogPath": "C:\\ProgramData\\ZentrixLabs\\ZLGetCert"
  },
  "DefaultSettings": {
    "KeyLength": 2048,
    "HashAlgorithm": "sha256",
    "RequirePasswordConfirmation": true,
    "AutoCleanup": true,
    "RememberPassword": false,
    "AvailableHashAlgorithms": ["sha256", "sha384", "sha512"]
  },
  "Logging": {
    "LogLevel": "Information",
    "LogToFile": true,
    "MaxLogFileSize": "10MB",
    "MaxLogFiles": 5
  }
}

Configuration Features

  • Dynamic Options: All UI options loaded from configuration
  • No Hardcoded Values: Easy customization through JSON
  • Environment-Specific: Different settings for different deployments
  • JSON Validator: Real-time validation with color-coded feedback
  • Configuration Editor: Direct JSON editing with syntax validation

Advanced Features

Settings Panel

Access comprehensive configuration:

  • Click the βš™οΈ Settings button
  • Modify CA server settings, file paths, and defaults
  • Configure logging options and hash algorithms
  • Changes applied immediately

Configuration Editor

Direct JSON editing capabilities:

  • Go to Edit β†’ Configuration Editor
  • Real-time JSON validation:
    • βœ… Green: Valid JSON - Ready to save
    • ⚠️ Yellow: Configuration issues
    • ❌ Red: Invalid JSON - Syntax errors
  • Detailed error messages
  • Safety checks prevent invalid configurations

PEM/KEY Export (Pure .NET)

The application includes built-in PEM/KEY export with zero external dependencies:

  • Extracts PEM and PKCS#1 RSA private keys directly in .NET
  • Generates certificate chains for root and intermediate certificates
  • Works out of the box on any Windows system with .NET Framework 4.8

Security Features

  • SecureString: Passwords handled securely in memory
  • Password Masking: UI and log password protection
  • Automatic Cleanup: Memory cleared after operations
  • Secure Storage: Encrypted password storage in configuration

Logging & Auditing

All operations logged to C:\ProgramData\ZentrixLabs\ZLGetCert:

  • Detailed Operations: Complete audit trail
  • Error Tracking: Comprehensive error logging
  • Configurable Levels: From Trace to Fatal
  • Rolling Files: Automatic log rotation
  • Size Management: Configurable max file size

Architecture

Project Structure

ZLGetCert/
β”œβ”€β”€ Models/           # Data models (AppConfiguration, etc.)
β”œβ”€β”€ ViewModels/       # MVVM ViewModels
β”œβ”€β”€ Views/            # WPF XAML views
β”œβ”€β”€ Services/         # Business logic services
β”œβ”€β”€ Utilities/        # Helper classes
β”œβ”€β”€ Enums/            # Enumerations
β”œβ”€β”€ Styles/           # XAML styles and templates
β”œβ”€β”€ Converters/       # Value converters for data binding
└── appsettings.json  # Application configuration

Technologies

  • .NET Framework 4.8: Target framework
  • WPF: Windows Presentation Foundation
  • MVVM Pattern: Model-View-ViewModel architecture
  • Newtonsoft.Json: Configuration serialization
  • NLog: Logging framework

Development

Building from Source

  • Use Visual Studio 2022 to build (ZLGetCert.sln).
  • Set Configuration to Release and build the solution.
  • Note: Command-line builds (msbuild/dotnet) are not supported for this .NET Framework 4.8 WPF project.

Development Guidelines

  • Follow existing code style and patterns
  • Add appropriate error handling and logging
  • Update documentation for new features
  • Test changes thoroughly
  • Ensure all existing tests pass

Roadmap

Future enhancements planned:

  • πŸ”„ Certificate Renewal: Automated renewal workflows
  • 🌐 Multi-language Support: Internationalization
  • πŸ”Œ Plugin Architecture: Custom validators
  • πŸ“Š Enhanced Reporting: Certificate inventory and expiry tracking
  • 🎯 Additional Certificate Types: Extended format support

Troubleshooting

Common Issues

CA Connection Fails

  • Verify CA server name in settings
  • Check network connectivity
  • Ensure proper permissions

OpenSSL Not Detected

  • Install OpenSSL for Windows
  • Check configured paths in settings
  • Verify executable permissions

Certificate Generation Errors

  • Review logs in C:\ProgramData\ZentrixLabs\ZLGetCert
  • Verify CA template permissions
  • Check domain validation

Configuration Issues

  • Use Configuration Editor for validation
  • Check JSON syntax
  • Verify all required fields

Support Resources

  • Check logs in C:\ProgramData\ZentrixLabs\ZLGetCert
  • Review configuration in appsettings.json
  • Create issues on GitHub
  • Verify OpenSSL installation if using PEM/KEY extraction

Recent Updates

  • βœ… Modern card-based UI layout
  • βœ… Configuration-driven options
  • βœ… Real-time JSON validation
  • βœ… Enhanced logging and auditing
  • βœ… Improved security features
  • βœ… Comprehensive documentation

Contributing

We welcome contributions! Please:

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes with tests
  4. Submit a pull request

See CONTRIBUTING.md for details.

License

Licensed under the GNU LGPL v3.0.

πŸ”— Project Repository | πŸ“¦ Latest Release

Support This Project

If you find this project helpful, consider buying me a coffee! β˜•

Buy Me A Coffee