Re: [Pki-devel] Generating CSR in the Browser

On 09/19/2011 10:54 AM, Adam Young wrote: > How are people using the Certificates that they generate from the > Browser? Say I use the code at > > /ca/ee/ca/profileSelect?profileId=caUserCert You have to use the "end entity secure/non-secure" ports to do this...

> > To generate a new Cert Signing Request, the key pair for that CSR is > in my browsers NSS Database, but in order to even get to this point, > I need to have a Certificate allowing me to talk to the server, so I > am guessing I can't do this from the end users browser. I'm guessing > the workflow goes something like this: > > 1. A new member of an organization needs a certificate, so they go > to their supervisor > 2. Supervisor fills out the form above and submites the CSR. > 3. Someone in higher echelons approves the request and generates the > corresponding certificate > 4. The Supervisor then gets the certificate to the end user. > > > How does the private key get to the end users browser? Does it go by > way of the CRM subsystem, and, if so, isn't there a chicken/egg > problem in getting it? > > > > _______________________________________________ > Pki-devel mailing list > Pki-devel(a)redhat.com > https://www.redhat.com/mailman/listinfo/pki-devel