Recently I am dealing with X.509 related stuff. The browser I am using is Firefox 3.5.3.
Generation and Import
The steps of generating and importing private key and certificate consist of:
- Public/private key pair generation
You can use standalone utility (e.g. openssl) to generate them. - Then you generate a self-signed certificate for the public key generated in the first step.
Also, you can generate a Certificate Request message and send it to an external CA to apply for a certificate. - Now you have both private key and the associated certificate.
- You need to put both of them into a single pkcs12 file which can be recognized by Firefox.
- Then you can import the pkcs12 file into Firefox by clicking
Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Import…
If you use javascript, you can use crypto object to generate them.
- Use crypto.generateCRMFRequest to
generate a key pair and create a Certificate Request message - Send the generated Certificate Request message to remote server
“The string found by accessing crmfObject.request is the base-64 encoded CRMF message to be sent to the CA/RA” - After your certificate request is approved, you will get a public key certificate
- You can import the certificate into your browser.
Note: In this case, you don’t need to import the private key because it is imported automatically when function crypto.generateCRMFRequest is called.
Export
Export your private key and certificate from Firefox:
Tools –> Options –> Advanced –> Encryption –> View Certificates –> Your Certificates –> Backup…
Note: the keystore format supported is pkcs12.
Export trusted certificates from Firefox:
Tools –> Options –> Advanced –> Encryption –> View Certificates –> {corresponding tab} –>Export
Note: Firefox supports couple of different formats including PEM, PKCS#7, etc.
Posts
