Recently I’ve been researching what other Certificate Authorities do within the domain of online generation of certificate requests (and related private keys).
It is tricky territory: JavaScript and Crypto. Or more generic, webapplications and crypto. But with the advance of the WebCryptoAPI some issues that were raised (e.g. insufficient random number generation) by security experts have been addressed, but still: the WebCryptoAPI entry on MDN starts with a fair warning: “If you're not sure you know what you are doing, you probably shouldn't be using this API.”
Why think about a web implementation at all to create a certificate request? Typically tools to generate certificates are hard to use. Just look at the list of options a user has to generate certificates, which are typically all of…
- delicious 21 Nov ´16 Generate Mozilla Security Recommended Web Server Configuration Files
- delicious 19 May ´14 Certificate Patrol :: Add-ons for Firefox
- delicious 02 May ´11 jQuery, GitHub, SSL / Repo issues / Discussion Area - GitHub Support
- delicious 02 May ´11 jQuery, GitHub, SSL / Repo issues / Discussion Area - GitHub Support
- delicious 06 Jan ´11 Van's Apache SSL/TLS mini-HOWTO
- delicious 06 Jan ´11 Van's Apache SSL/TLS mini-HOWTO
- delicious 06 Jan ´11 Removing a passphrase from an SSL Key
- delicious 06 Jan ´11 Removing a passphrase from an SSL Key
Dit artikel van murblog van Maarten Brouwers (murb) is in licentie gegeven volgens een Creative Commons Naamsvermelding 3.0 Nederland licentie .