Menu
▾
▴
Re: [Ejbca-develop] How to Create Browser Certificate with 4096-bit key
|
From: Tomas G. <to...@pr...> - 2017-11-15 10:09:07
|
On 2017-11-14 18:52, Jaime Hablutzel Egoavil wrote: > > > On Wed, Nov 8, 2017 at 3:03 AM, Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > That depends highly on what your use case is. If you are enrolling a > large number of users there are many options used today: > - Microsoft autoenrollment for pure MS environments > > > Is this MS autoenrollment protocol open?, is there any chance that EJBCA > would implement it so it could interact with Windows users?. We have implemented MS Autoenrollment as an enrollment gateway for EJBCA. It's an EJBCA Enterprise components though, so not provided for free. https://www.primekey.com/wp-content/uploads/2017/06/product_sheet_certificate_autoenrollment.pdf Regards, Tomas > > > - A token management system for smart cards/USB tokens > - A token management systems for Virtual smart cards > > Another common approach, since browser enrollment is also not very user > friendly across different browsers (when most browsers had it) is to > issue server side generated keystores (PKCS#12) that are imported. > > Browser enrollment is typically only used in very low volume > environments and to scale additional systems are often used. > > Said that, there are also Javascript based alternatives being developed, > using WebCrypto to enroll to both smart cards and keystores. > > See for example: > https://pkijs.org/ > https://github.com/PeculiarVentures/graphene > <https://github.com/PeculiarVentures/graphene> > > Cheers, > Tomas > > On 2017-11-08 08:32, Ralf Hornik wrote: > > Hello, > > > > how will client side key enrollment work without browser in future? > > Kind regards > > > > Ralf > > ________________________________________ > > Von: Tomas Gustavsson <to...@pr... <mailto:to...@pr...>> > > Gesendet: Dienstag, 7. November 2017 17:25 > > An: ejb...@li... > <mailto:ejb...@li...> > > Betreff: Re: [Ejbca-develop] How to Create Browser Certificate > with 4096-bit key > > > > This is likely not possible as this is controlled by the web browser. > > You have to talk to Mozilla . > > As a side note, browser enrollment will dissapear on the near future > > completely, FireFox is the only browser that still has it for a little > > while longer. > > > > Cheers, > > Tomas > > > > On 2017-11-07 17:16, Cyril wrote: > >> Hello, > >> I have created a certificate profile for end users and allowed key > >> lengths of 4096 bits and above in that profile. However, when one > goes > >> to Create Browser Certificate with that profile, the only possible > >> choices of key length on the web page are 1024 (medium grade) and > 2048. > >> How can we enable 4096 bit length there? > >> > >> Regards, > >> Cyril > >> > >> > >> > > > ------------------------------------------------------------------------------ > >> Check out the vibrant tech community on one of the world's most > >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot > >> > >> > >> > >> _______________________________________________ > >> Ejbca-develop mailing list > >> Ejb...@li... > <mailto:Ejb...@li...> > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > <https://lists.sourceforge.net/lists/listinfo/ejbca-develop> > >> > > > > > > > > > ------------------------------------------------------------------------------ > > Check out the vibrant tech community on one of the world's most > > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > <https://lists.sourceforge.net/lists/listinfo/ejbca-develop> > > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > <https://lists.sourceforge.net/lists/listinfo/ejbca-develop> > > > > > -- > Jaime Hablutzel - RPC 994690880 > > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
