[Pki-devel] Generating CSR in the Browser

Chandrasekar Kannan ckannan at redhat.com
Mon Sep 19 17:58:06 UTC 2011


On 09/19/2011 10:54 AM, Adam Young wrote:
> How are people using the Certificates that they generate from the 
> Browser?  Say I use the code at
>
> /ca/ee/ca/profileSelect?profileId=caUserCert

You have to use the "end entity secure/non-secure" ports to do this...


>
> To generate a new Cert Signing Request, the key pair for that CSR is 
> in my browsers NSS Database, but in order to even get to this point, I 
> need to have a Certificate allowing me to talk to the server, so I am 
> guessing I can't do this from the end users browser.  I'm guessing the 
> workflow goes something like this:
>
> 1.  A new member of an organization needs a certificate, so they go to 
> their supervisor
> 2.  Supervisor fills out the form above and submites the CSR.
> 3.  Someone in higher echelons approves the request and generates the 
> corresponding certificate
> 4.  The Supervisor then gets the certificate to the end user.
>
>
> How does the private key get to the end users browser?  Does it go by 
> way of the CRM subsystem, and, if so, isn't there a chicken/egg 
> problem in getting it?
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel




More information about the Pki-devel mailing list