community-website/README.md
Jan Dittberner 2887f6d378 Implement a client only solution
This commit contains a client only (aka semi-manual) solution for creating
client certificate key stores with a modern web browser.
2023-05-19 19:30:30 +02:00

1.5 KiB

Browser based client certificate creation

This repository contains an implementation to create a client certificate key store in a modern Web browser.

The implementation uses the excellent node-forge library.

Bootstrap 5 is used for styling the user interface.

This is meant as a replacement for the <keygen> tag that has been removed from browsers.

The following steps have been implemented:

  • choose a common name for the subject of the certificate signing request
  • generate an RSA key pair with a selectable size
  • generate a certificate signing request (PKCS#10 CSR)
  • paste the certificate signed by the certificate authority
  • build a PKCS#12 (also known as .p12 or .pfx) key store file with a password chosen by the user. That file contains the generated key pair, the client certificate, and the CA certificate chain

The implementation contains the CAcert CA certificates for CA chain building.

Running

  1. Install dependencies

    sudo apt install git npm
    
  2. Clone the repository

    git clone https://code.cacert.org/cacert/browser-csr-generation.git
    
  3. Get dependencies and build assets

    cd browser-csr-generation
    npm install --no-save --user gulp-cli
    npm install
    npm run build
    
  4. Open public/index.html in a Web browser

  5. Run

    npm run watch
    

    to continuously update the public/index.html when changing src/index.html