Jan Dittberner
2ad9cbaabe
git-subtree-dir: clientcert git-subtree-mainline:4c398fcdb9
git-subtree-split:3cbf4b5b01
51 lines
1.5 KiB
Markdown
51 lines
1.5 KiB
Markdown
# Browser based client certificate creation
|
|
|
|
This repository contains an implementation to create a client certificate key store in a modern Web browser.
|
|
|
|
The implementation uses the excellent [node-forge](https://github.com/digitalbazaar/forge) library.
|
|
|
|
[Bootstrap 5](https://getbootstrap.com/docs/5.2/) is used for styling the user interface.
|
|
|
|
This is meant as a replacement for the `<keygen>` tag that has been removed from browsers.
|
|
|
|
The following steps have been implemented:
|
|
|
|
- choose a common name for the subject of the certificate signing request
|
|
- generate an RSA key pair with a selectable size
|
|
- generate a certificate signing request (PKCS#10 CSR)
|
|
- paste the certificate signed by the certificate authority
|
|
- build a PKCS#12 (also known as .p12 or .pfx) key store file with a password chosen by the user. That file contains the
|
|
generated key pair, the client certificate, and the CA certificate chain
|
|
|
|
The implementation contains the [CAcert CA certificates](https://secure.cacert.org/index.php?id=3) for CA chain
|
|
building.
|
|
|
|
## Running
|
|
|
|
1. Install dependencies
|
|
|
|
```shell
|
|
sudo apt install git npm
|
|
```
|
|
|
|
2. Clone the repository
|
|
|
|
```shell
|
|
git clone https://code.cacert.org/cacert/browser-csr-generation.git
|
|
```
|
|
|
|
3. Get dependencies and build assets
|
|
|
|
```shell
|
|
cd browser-csr-generation
|
|
npm install --no-save --user gulp-cli
|
|
npm install
|
|
npm run build
|
|
```
|
|
|
|
4. Open `public/index.html` in a Web browser
|
|
5. Run
|
|
```
|
|
npm run watch
|
|
```
|
|
to continuously update the `public/index.html` when changing `src/index.html`
|