On Nov 30, 8:41 am, ivanatora <ivanat...@gmail.com> wrote: > Hello, > My goal is to get user signed into my site with a client login > certificate. Some sites like OpenID or cacert.org do it, so it must be > possible :) > First I tried to generate the client certificate at the server side > (generate CSR, sign CSR, export into x509, pack keys and certificate > into PKCS12, send that file to the user) and it works. However I feel > this is not the right way to do it. The sites I've mentioned generate > the certificate on the client's machine with that JavaScript function: > generateCRMFRequest() then send the CSR to the server and the server > processess it in some way. > I've done a couple of Google searches but all results I get are about > "CRMF output from JS is not compatible with OpenSSL". > Can anyone tell me what is the correct way to generate client > certificate and process it (sign) server-side? > > Regards, > Ivan.
I believe you might be looking for the <keygen> tag - but I'd recommend doing it as you do currently - just generating the whole cert server-side. C. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
