[Pki-devel] Generating CSR in the Browser
Adam Young
ayoung at redhat.com
Mon Sep 19 18:07:14 UTC 2011
On 09/19/2011 01:58 PM, Chandrasekar Kannan wrote:
> On 09/19/2011 10:54 AM, Adam Young wrote:
>> How are people using the Certificates that they generate from the
>> Browser? Say I use the code at
>>
>> /ca/ee/ca/profileSelect?profileId=caUserCert
>
> You have to use the "end entity secure/non-secure" ports to do this...
So does that mean that anyone can generate a signing request this way?
>
>
>>
>> To generate a new Cert Signing Request, the key pair for that CSR is
>> in my browsers NSS Database, but in order to even get to this point,
>> I need to have a Certificate allowing me to talk to the server, so I
>> am guessing I can't do this from the end users browser. I'm guessing
>> the workflow goes something like this:
>>
>> 1. A new member of an organization needs a certificate, so they go
>> to their supervisor
>> 2. Supervisor fills out the form above and submites the CSR.
>> 3. Someone in higher echelons approves the request and generates the
>> corresponding certificate
>> 4. The Supervisor then gets the certificate to the end user.
>>
>>
>> How does the private key get to the end users browser? Does it go by
>> way of the CRM subsystem, and, if so, isn't there a chicken/egg
>> problem in getting it?
>>
>>
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>
More information about the Pki-devel
mailing list