如何在Web浏览器中自动安装客户端证书?
[英]How to automatically install a client certificate in a web browser?
问题描述
I want to authenticate users with X.509 certificates to my web site. 
我想通过X.509证书向我的网站验证用户身份。
I can generate an RSA key pair with keygen element of HTML, and then send the SignedPublicKeyAndChallenge structure to the server. 我可以使用HTML的keygen元素生成RSA密钥对,然后将SignedPublicKeyAndChallenge结构发送到服务器。 The server can then check and sign the public key and generate a X.509 certificate for that key, for the client. 然后,服务器可以检查并签署公钥,并为该客户端生成该密钥的X.509证书。
Now, when I signed up at StartSSL, the HTML pages there installed the certificate into my browser's store without me doing more than clicking a button and I want to do the same. 现在,当我在StartSSL注册时,HTML页面将证书安装到我的浏览器商店中,而不是单击一个按钮,我想做同样的事情。 How do I go about that? 我该怎么做? Send the certificate with a certain Content-Type? 发送带有特定内容类型的证书? Do it with client-side scripting? 使用客户端脚本执行此操作? How do the browser know it's supposed to install a client certificate? 浏览器如何知道它应该安装客户端证书?
I know I can tell the user to install it manually, but if it can be automated, then I want to make it so. 我知道我可以告诉用户手动安装它,但如果它可以自动化,那么我想这样做。
1 个解决方案
解决方案1
1 已采纳 2014-03-01 17:00:42
You want return the signed certificate file with the application/x-x509-user-cert mime type. 您希望使用application / x-x509-user-cert mime类型返回已签名的证书文件。 The browser should then offer to download or install that client credential. 然后,浏览器应提供下载或安装该客户端凭据。
For further reading, see https://pki-tutorial.readthedocs.org/en/latest/mime.html . 如需进一步阅读,请参阅https://pki-tutorial.readthedocs.org/en/latest/mime.html 。
I am working on a very similar application for my own websites. 我正在为自己的网站开发一个非常类似的应用程序。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.