5

For an administration interface we want to implement client authentication with SSL. The idea is that during the registration process every user generates a SSL certificate, which is registered in the browser and used for authenticating the client to the server. It is important that the private key never leaves the client. Hence it is no solution to generate the certificate on the server and send it to the client.

Is it possible to generate a SSL cert in the browser (e.g. IE 9+, Firefox 12+, Chrome) using JavaScript? Is it possible to register a certificate?

gregor
  • 4,733
  • 3
  • 28
  • 43
  • 1
    I'm pretty sure that you can *generate* a SSL certificate, but I doubt that you'll be able to register it. – Joachim Sauer May 22 '12 at 10:54
  • I've seen it done before with financial websites. But it was more install an ActiveX or run an application an it would generate the request, the certificate and install it in the personal certificate store. It also was able to prevent it from exporting between computers or profiles. How, I'm unsure. – inevio May 22 '12 at 10:55
  • Are you trying to generate it on the fly during sign-up? I don't think you can unless the user has something like OpenSSL installed. – Marcus_33 May 22 '12 at 18:34
  • On feasibility, there definitely are websites that generate client certificates via browser, but one implementation I've seen was in VBScript (oh god) and obviously only worked in IE. –  Jan 21 '19 at 07:46

1 Answers1

7

You can't really generate a certificate in the browser, but you can generate a certificate request (or equivalent) in the browser: the key-pair is generated within the browser and the private key never leaves it.

(Note that if you generated a certificate directly within the browser, it would at best be self-signed, since the CA wouldn't give you its private key. That's why you only get to have a certificate-request, since there's little demand for generating self-signed certificates. I think there's a Firefox extension that could do it, though.)

The certificate request is sent to the server, but the format depends on the browser and the method used. What you'll get on the server side is the public key, it's up to the service you implement to turn it into a certificate (unless you use an existing service of course). You can find more details about this in this answer.

Once the certificate is generated on the server, it can be re-imported back to be associated with the private key.

Community
  • 1
  • 1
Bruno
  • 119,590
  • 31
  • 270
  • 376
  • @brianary Can you provide evidence for this? StartSSL.com may well have provided free certs, but that doesn't mean that the certificate itself was generated within the browser. How would you know it didn't make a request to the server to give you back your certificate from within the browser? – Bruno Aug 26 '18 at 19:28
  • https://web.archive.org/web/20120305100612/http://www.startssl.com/?app=14 – brianary Aug 26 '18 at 19:31
  • This was the bug I reported in Firefox in 2014 https://bugzilla.mozilla.org/show_bug.cgi?id=1089474 – brianary Aug 26 '18 at 19:33
  • @brianary Not sure how that makes my answer wrong. I have generated certificates via the browser. It's just that the browser was generating the private key and certificate request, sent it transparently via JavaScript to the server, which then sent back the certificate, which was then in turn imported into the browser. AFAIK, there's no API within the browser to generate the full certificate itself, because that would generally be pointless. Nothing here to suggest that StartSSL would have had a different workflow. – Bruno Aug 26 '18 at 19:36
  • Verisign provided browser-generated client certs used for authentication for the financial institution I work at for years. – brianary Aug 26 '18 at 19:38
  • If StartSSL/Verisign issue you with a certificate, it would never have sent its private key to your browser, so the certificate would never have been generated within your browser... – Bruno Aug 26 '18 at 19:38
  • It seems that you don't fully understand the workflow. Yes, the browser creates the certificate request and gets the certificate almost transparently back into the browser straight away, and it can indeed appear to the user as if it was "generated" in the browser, but there's no way the CA would give its private key to your browser to let it sign your certificate from within the browser. – Bruno Aug 26 '18 at 19:40
  • @brianary I fully understand the process. I know a CSR doesn't include the cert: it is processed and signed by the CA (using its private key) to generate the cert. The **CA**'s private key is used to turn the CSR into a cert, and there's no way Verisign would its private key to your browser to turn your CSR into the cert (to make the whole process happen in the browser). – Bruno Aug 26 '18 at 19:44
  • You are playing semantics in a way that isn't relevant to the original question. – brianary Aug 26 '18 at 19:46
  • @brianary "*Hence it is no solution to generate the certificate on the server and send it to the client.*" ?? I answered the question exactly as it was asked at the time, and provided links/details on how to do it. I actually made a point to explain the differences in the answer... – Bruno Aug 26 '18 at 19:46
  • Even in the example in pkijs.org given by @zaitsman, the generated certificate is self-signed (or at least would need the private key to be in the browser itself), which is indeed feasible with the new API, but unfortunately makes little sense from a security point of view. – Bruno Aug 26 '18 at 19:55
  • Not sure what you're quoting above, but I took the question to be "can you create (initiate & install) a cert from the browser for client auth. Your interpretation, as I read it, was to put the authority in there too, which is indeed confusing. – brianary Aug 26 '18 at 20:03
  • @brianary I'm quoting the question, last sentence of the first paragraph. – Bruno Aug 26 '18 at 20:04
  • Oh, sure. But that's still fine. The CSR doesn't contain the key. – brianary Aug 26 '18 at 20:05
  • 1
    It looks like I misread the detail of your response. Sorry about that. – brianary Aug 26 '18 at 20:07
  • 1
    @brianary So yes, back in 2012, the web crypto API wasn't as developed as it is now, and you **couldn't** generate a certificate in the browser. You could only generate the CSR, send it to the server, and get the certificate back **from that server** which had generated the certificate by signing it with its private key. The new crypto API can indeed generate certs in the browser, by there's very little point in signing a cert using a private key sent to the browser (from a security point of view). – Bruno Aug 26 '18 at 20:08
  • @Bruno it makes plenty of sense. The client and server can now exchange CMS (pkcs7) messages right within the browser as a client. Whether the data you are working with needs this protection is up to your business case, but i’d add this on top of ssl for things like internet banking or payment gateways – zaitsman Aug 26 '18 at 21:13
  • @zaitsman I was only talking about generating the certificate. If it's in the browser, the CA/signer has to give its private key to the browser (hence, the cert is self-signed or equivalent... or the private key is leaked, which doesn't make sense.) Most of the other operations of this library make sense indeed. – Bruno Aug 26 '18 at 21:22