[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Pki-devel] Generating CSR in the Browser



On 09/19/2011 01:58 PM, Chandrasekar Kannan wrote:
On 09/19/2011 10:54 AM, Adam Young wrote:
How are people using the Certificates that they generate from the Browser? Say I use the code at

/ca/ee/ca/profileSelect?profileId=caUserCert

You have to use the "end entity secure/non-secure" ports to do this...

So does that mean that anyone can generate a signing request this way?




To generate a new Cert Signing Request, the key pair for that CSR is in my browsers NSS Database, but in order to even get to this point, I need to have a Certificate allowing me to talk to the server, so I am guessing I can't do this from the end users browser. I'm guessing the workflow goes something like this:

1. A new member of an organization needs a certificate, so they go to their supervisor
2.  Supervisor fills out the form above and submites the CSR.
3. Someone in higher echelons approves the request and generates the corresponding certificate
4.  The Supervisor then gets the certificate to the end user.


How does the private key get to the end users browser? Does it go by way of the CRM subsystem, and, if so, isn't there a chicken/egg problem in getting it?



_______________________________________________
Pki-devel mailing list
Pki-devel redhat com
https://www.redhat.com/mailman/listinfo/pki-devel



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]