Hello, My goal is to get user signed into my site with a client login certificate. Some sites like OpenID or cacert.org do it, so it must be possible :) First I tried to generate the client certificate at the server side (generate CSR, sign CSR, export into x509, pack keys and certificate into PKCS12, send that file to the user) and it works. However I feel this is not the right way to do it. The sites I've mentioned generate the certificate on the client's machine with that JavaScript function: generateCRMFRequest() then send the CSR to the server and the server processess it in some way. I've done a couple of Google searches but all results I get are about "CRMF output from JS is not compatible with OpenSSL". Can anyone tell me what is the correct way to generate client certificate and process it (sign) server-side?
Regards, Ivan. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto