[英]How to automatically install a client certificate in a web browser?
I want to authenticate users with X.509 certificates to my web site. 我想通过X.509证书向我的网站验证用户身份。
I can generate an RSA key pair with keygen
element of HTML, and then send the SignedPublicKeyAndChallenge
structure to the server. 我可以使用HTML的
keygen
元素生成RSA密钥对,然后将SignedPublicKeyAndChallenge
结构发送到服务器。 The server can then check and sign the public key and generate a X.509 certificate for that key, for the client. 然后,服务器可以检查并签署公钥,并为该客户端生成该密钥的X.509证书。
Now, when I signed up at StartSSL, the HTML pages there installed the certificate into my browser's store without me doing more than clicking a button and I want to do the same. 现在,当我在StartSSL注册时,HTML页面将证书安装到我的浏览器商店中,而不是单击一个按钮,我想做同样的事情。 How do I go about that?
我该怎么做? Send the certificate with a certain Content-Type?
发送带有特定内容类型的证书? Do it with client-side scripting?
使用客户端脚本执行此操作? How do the browser know it's supposed to install a client certificate?
浏览器如何知道它应该安装客户端证书?
I know I can tell the user to install it manually, but if it can be automated, then I want to make it so. 我知道我可以告诉用户手动安装它,但如果它可以自动化,那么我想这样做。
You want return the signed certificate file with the application/x-x509-user-cert mime type. 您希望使用application / x-x509-user-cert mime类型返回已签名的证书文件。 The browser should then offer to download or install that client credential.
然后,浏览器应提供下载或安装该客户端凭据。
For further reading, see https://pki-tutorial.readthedocs.org/en/latest/mime.html . 如需进一步阅读,请参阅https://pki-tutorial.readthedocs.org/en/latest/mime.html 。
I am working on a very similar application for my own websites. 我正在为自己的网站开发一个非常类似的应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.