> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jason Goldberg > Sent: July-29-12 9:43 AM > To: <openssl-users@openssl.org> > Subject: Re: client server management of client SSL certificates > Thanks Jason,
> There are Javascript libraries which range from generating key pairs to creating x509 certificates. So you could generate > a keypair in the browser, then generate a certificate signing request, send the CSR to a remote API along with a challenge > response, and then get back a signed x509 certificate from your RA -- all in the browser using XHR. > Can you point me to some of these? Or at least give me the names of these libraries so I can Google for them? My efforts using Google have generated much more noise than signal. :-( Perhaps the names of the libraries will change that. > However, you can't get anything out of the browser without a local application. You'd need some combination of the HTML5 > FileWriter API and an application registered to a URL protocol which could be triggered by the browser to read your certificates > and install them. I make no comment on the security of that scheme, but it definitely seems possible. Something more to think about. Thanks again. Ted ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org