[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: apply cert from browser
From: Michael Sierchio <kudzu () dnai ! com>
Date: 2000-04-30 21:33:52
[Download RAW message or body]
SCH wrote:
>
> My CA is to sign certificates for end-users,
> and I hope the user can generate rsa-key pair
> and submit cert-request in his browser.
> How can I (as a web server) tell the browser to generate a
> pair of key and then send me a cert request ?
In the case of Netscape browser, you send the browser a form
that contains the keygen tag (see below). This will send the
servlet or CGI script the form name/value pairs, including the
keygen tag:
keygen =
MIIBRzCBsTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA+WlVa1Ras/mi7JhA
F83YkDJTE3w92dsRy/SaMmhFNLY1QfoFkZcfUwyo+zhHTFayk/8ql0lrafTlxtYR
NJY2Qhq/F71PrzNYejf4ZSDlT/ZF4NqBf0aJsbc5XBPVBXUS3a81PLkrOUEMedPW
HpoOpuzXRIFvlWPPO1uHjlkT0f8CAwEAARYNZml4ZWQtZm9yLW5vdzANBgkqhkiG
9w0BAQQFAAOBgQDdesDAQoajpIB3Xv92xNljniDzkGWPVEkCvsFphgCFU/S5SL+H
Z7CLYamQhLmq1c2TnslDc1zd9i2/qlnpiQ3LI/MFgE0PXCDQA+0mpBPdqLwx30tS
pymScf7kqC0jIoNblG6s3YoeIUzRV6ewsx4rOYzJVeCTh7XqI5Du/zwqOg==
This is a SPKAC (signed public key and challenged) Base64 encoded,
which you can use for the signing request after cooking it with
the other form elements.
SignedPublicKeyAndChallenge ::= SEQUENCE {
publicKeyAndChallenge PublicKeyAndChallenge,
signatureAlgorithm AlgorithmIdentifier,
signature BIT STRING }
PublicKeyAndChallenge ::= SEQUENCE {
spki SubjectPublicKeyInfo,
challenge IA5STRING }
That should get you started... ;-)
The Internet Exploder version is much uglier, but I could
post that too, if you like. It requires using a CAB and
VBScript (shudder, ack, ptui!).
===================NETSCAPE VERSION=====================
<HTML>
<HEAD>
<TITLE>X.509 Personal CertGen (Alpha)</TITLE>
</HEAD>
<BODY BGCOLOR="#fee0c0"> <a name="top">
<H2>Personal Cert Generation</H2>
<hr>
<!-- Netscape Version -->
<FORM METHOD=POST ACTION="/enroll">
<hr><em><b>Please enter the following data to get your personal
certificate:</b></em>
<TABLE>
<TR>
<TD> Your name </TD>
<TD><INPUT TYPE=text SIZE=40 NAME="name" VALUE="Joan Q. Public"></TD>
</TR>
<INPUT TYPE=hidden SIZE=30 NAME="unit" VALUE="JWS">
<INPUT TYPE=hidden SIZE=30 NAME="org" VALUE="Java Land">
<INPUT TYPE=hidden SIZE=30 NAME="unit" VALUE="BOZO">
<TR>
<TD> City or Locality name </TD>
<TD><INPUT TYPE=text SIZE=30 NAME="locality" VALUE="San Jose"></TD>
</TR>
<TR>
<TD> State or Province name </TD>
<TD><INPUT TYPE=text SIZE=30 NAME="state" VALUE="California"></TD>
</TR>
<TR>
<TD> Two-letter country code (e.g. <em>US</em>).</TD>
<TD><INPUT TYPE=text SIZE=2 NAME="country" VALUE="US"></TD>
</TR>
<TR>
<TD> Your preferred key size </TD>
<TD><KEYGEN name="keygen" challenge=fixed-for-now></TD>
</TR>
</TABLE>
<INPUT TYPE="hidden" NAME="opname" VALUE="genCert">
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic