Back to Software Homepage - To Software Assessment Homepage

To Software Development Documentation Area


CSR Generator

Motivation and Overview

Since CSR creation was deprecated and phased out from current browser versions, creating a certificate signing request (CSR) has become quite complicated. There are several descriptions on how to create a CSR in the CSR article mentioned before, at least for Windows, all of them require to download and install some kind of software.

While users of Unix variants and Mac OS usually have OpenSSL as part of the operating system, this project focuses on the need to provide an easy to use tool for windows users to create a public/private key pair, a CSR including the created public key and finally to package the public/private keypair with the CAcert created certificate into a key storage which can then be imported into the Windows key storage1 or the key databases of Firefox and Thunderbird.

Requirements

Note that in a second step this tool might be extended to use the ACME protocol to create the certificate on the CAcert website with much less user interaction!

Ideas

There are many possible approaches to this problems, to list a few of them:

The JavaScript approach has been followed on https://secure.convey.de/publish/ted/TestPKI.html. The remaining problem is the final step to create a PKCS#12 file. Though such a file can be created, the available algorythms are not compatible to Mozilla's import process. The implementation is based on an adapted PKI.js library3

Footnotes

  1. The chromium based browsers like Chrome, Edge and Opera all use the Windows key storage, as well as Microsoft's Internet Information Server (1)

  2. Apache requires that the private key is stored unencrypted in the PEM file! Such a file must not be created accidentially! (2)

  3. PKI.js is intended to be used in a Node.js environment and can not easily be used in a browser. (3)


Software/Projects/CSR Generator (last edited 2021-06-22 17:43:53 by BernhardFröhlich)