How to automatically install a client certificate in a web browser?

Question

How to automatically install a client certificate in a web browser?

I want to authenticate users with X.509 certificates on my website.

I can create an RSA key pair with an keygenHTML element and then send the structure SignedPublicKeyAndChallengeto the server. The server can then verify and sign the public key and generate an X.509 certificate for that key for the client.

Now that I have registered in StartSSL, a certificate has been installed on the HTML pages in the browser repository, and I did nothing but click the button, and I want to do the same. How should I do it? Send a certificate with a specific type of content? Do this with client scripts? How does the browser know that it needs to install a client certificate?

I know that I can tell the user to install it manually, but if it can be automated, then I want to do it.

+3

html5 ssl client-certificates html5-keygen

Yumiko Feb 25 '14 at 7:27

source share

1 answer

Frank · Accepted Answer · 2014-03-01T17:00:42+0000

You want to return a signed certificate file with the application mime type / x -x509-user-cert. Then the browser should offer to download or set client credentials.

For further reading see https://pki-tutorial.readthedocs.org/en/latest/mime.html .

I am working on a very similar application for my own sites.

How to automatically install a client certificate in a web browser?

More articles: