Bob Relyea <[EMAIL PROTECTED]> writes: > You can do the one shot by having mozilla generate the key with the > java-script crmf interface. > (http://developer.mozilla.org/en/docs/JavaScript_crypto#Generating_Keys_and_issuing_User_Certificates)
The example on this page is badly broken. I fixed it. Do you happen to know who I can send patches to? > The interface allows you to optionally back up the user's private key as > well. That's very interesting. Unfortunately, it generates CRMF and that seems pretty difficult to handle on the backend. openssl hasn't got any support for it. Neither does gnutls. So that means I'm stuck with NSS if I want to do one-shot registration? There is also the <keygen/> element which I note still works. However, when I've generated a certificate with keygen how do I get it into firefox? Can I use importUserCertificates() with something that comes out of openssl or gnutls? >> I'm sending the PKCS12 from the webserver with the mime type: >> >> application/x-x509-user-cert >> > This is certainly the wrong mime-type for a PKCS #12 file. > Unfortunately, looking at the code, there doesn't seem to be a content > handler for pkcs12 in firefox (or any of xulrunner). sounds like a > reasonable RFE. Assign the component to the bug to 'PSM'. Yes. I did try the pkcs12 mime type as well but with the result that it asked me if I wanted to save the file. If there was a handler in FF for pkcs12 is that what it should do: auto-import the certificate? -- Nic Ferrier http://www.tapsellferrier.co.uk for all your tapsell ferrier needs _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
