[Pki-devel] Generating CSR in the Browser
Adam Young
ayoung at redhat.com
Mon Sep 19 17:54:11 UTC 2011
How are people using the Certificates that they generate from the
Browser? Say I use the code at
/ca/ee/ca/profileSelect?profileId=caUserCert
To generate a new Cert Signing Request, the key pair for that CSR is in
my browsers NSS Database, but in order to even get to this point, I need
to have a Certificate allowing me to talk to the server, so I am
guessing I can't do this from the end users browser. I'm guessing the
workflow goes something like this:
1. A new member of an organization needs a certificate, so they go to
their supervisor
2. Supervisor fills out the form above and submites the CSR.
3. Someone in higher echelons approves the request and generates the
corresponding certificate
4. The Supervisor then gets the certificate to the end user.
How does the private key get to the end users browser? Does it go by
way of the CRM subsystem, and, if so, isn't there a chicken/egg problem
in getting it?
More information about the Pki-devel
mailing list