How to sign generateCRMFRequest() with PHP and/or OpenSSL?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

My goal is to get user signed into my site with a client login
certificate. Some sites like OpenID or do it, so it must be
possible :)
First I tried to generate the client certificate at the server side
(generate CSR, sign CSR, export into x509, pack keys and certificate
into PKCS12, send that file to the user) and it works. However I feel
this is not the right way to do it. The sites I've mentioned generate
the certificate on the client's machine with that JavaScript function:
generateCRMFRequest() then send the CSR to the server and the server
processess it in some way.
I've done a couple of Google searches but all results I get are about
"CRMF output from JS is not compatible with OpenSSL".
Can anyone tell me what is the correct way to generate client
certificate and process it (sign) server-side?


Re: How to sign generateCRMFRequest() with PHP and/or OpenSSL?

ivanatora wrote:
Quoted text here. Click to load it

This has nothing to do with PHP.  Among other things, PHP is server-side
only, and cannot generate client-side certificates.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline