# Browser based client certificate creation

This repository contains an implementation to create a client certificate key store in a modern Web browser.

The implementation uses the excellent [node-forge](https://github.com/digitalbazaar/forge) library.

[Bootstrap 5](https://getbootstrap.com/docs/5.2/) is used for styling the user interface.

This is meant as a replacement for the `<keygen>` tag that has been removed from browsers.

The following steps have been implemented:

- choose a common name for the subject of the certificate signing request
- generate an RSA key pair with a selectable size
- generate a certificate signing request (PKCS#10 CSR)
- paste the certificate signed by the certificate authority
- build a PKCS#12 (also known as .p12 or .pfx) key store file with a password chosen by the user. That file contains the
  generated key pair, the client certificate, and the CA certificate chain

The implementation contains the [CAcert CA certificates](https://secure.cacert.org/index.php?id=3) for CA chain
building.

## Running

1. Install dependencies

   ```shell
   sudo apt install git npm
   ```

2. Clone the repository

    ```shell
    git clone https://code.cacert.org/cacert/browser-csr-generation.git
    ```

3. Get dependencies and build assets

    ```shell
    cd browser-csr-generation
    npm install --no-save --user gulp-cli
    npm install
    npm run build
    ```

4. Open `public/index.html` in a Web browser
5. Run
    ```
    npm run watch
    ```
   to continuously update the `public/index.html` when changing `src/index.html`