[Pki-devel] Generating CSR in the Browser
Chandrasekar Kannan
ckannan at redhat.com
Mon Sep 19 17:58:06 UTC 2011
On 09/19/2011 10:54 AM, Adam Young wrote:
> How are people using the Certificates that they generate from the
> Browser? Say I use the code at
>
> /ca/ee/ca/profileSelect?profileId=caUserCert
You have to use the "end entity secure/non-secure" ports to do this...
>
> To generate a new Cert Signing Request, the key pair for that CSR is
> in my browsers NSS Database, but in order to even get to this point, I
> need to have a Certificate allowing me to talk to the server, so I am
> guessing I can't do this from the end users browser. I'm guessing the
> workflow goes something like this:
>
> 1. A new member of an organization needs a certificate, so they go to
> their supervisor
> 2. Supervisor fills out the form above and submites the CSR.
> 3. Someone in higher echelons approves the request and generates the
> corresponding certificate
> 4. The Supervisor then gets the certificate to the end user.
>
>
> How does the private key get to the end users browser? Does it go by
> way of the CRM subsystem, and, if so, isn't there a chicken/egg
> problem in getting it?
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list