[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Generating Key Pair
chandrasekaran natarajan wrote:
>
> hello,
>
> How do CA's request the browser to generate the keypair.
Netscape has built-in support for generating a keypair, and the
ubiquitous 'xenroll.cab' and some supporting VBScript (ack!)
enable IE to do the same. In the case of Netscape, an HTML
form which includes a <KEYGEN ...> tag will cause the browser
to display a pull-down box to choose RSA modulus length.
In both cases, you'll need to bake the Certificate Request
from the form elements. IE will post what looks like a PKCS#10
cert req, but is somewhat degenerate, and Netscape will post
a SPKAC (signed public key and challenge) as the keygen value.
This has nothing to do with the CA, really -- it's all web
stuff up to the point where a cert req is presented to a CA.
The web-based enrollment could be a function of a local RA...
====================Netscape Version==========================
<FORM METHOD=POST ACTION="/enroll2">
<hr><em><b>Please enter the following data to get your personal
certificate:</b></em>
<TABLE>
<TR>
<TD> Your name </TD>
<TD><INPUT TYPE=text SIZE=40 NAME="name" VALUE="Joan Q. Public"></TD>
</TR>
<INPUT TYPE=hidden SIZE=30 NAME="unit" VALUE="JWS">
<INPUT TYPE=hidden SIZE=30 NAME="org" VALUE="Java Land">
<INPUT TYPE=hidden SIZE=30 NAME="unit" VALUE="BOZO">
<TR>
<TD> City or Locality name </TD>
<TD><INPUT TYPE=text SIZE=30 NAME="locality" VALUE="San Mateo"></TD>
</TR>
<TR>
<TD> State or Province name </TD>
<TD><INPUT TYPE=text SIZE=30 NAME="state" VALUE="California"></TD>
</TR>
<TR>
<TD> Two-letter country code (e.g. <em>US</em>).</TD>
<TD><INPUT TYPE=text SIZE=2 NAME="country" VALUE="US"></TD>
</TR>
<TR>
<TD> Your preferred key size </TD>
<TD><KEYGEN name="keygen" challenge=fixed-for-now></TD>
</TR>
</TABLE>
<INPUT TYPE="hidden" NAME="opname" VALUE="genCert">
<P>
<CENTER>
<INPUT TYPE="submit" VALUE="Request Certificate">
<INPUT TYPE="reset" VALUE="Clear Form">
</CENTER>
</FORM>