As we removed the certificate creation within the browser with SPKAC
(https://gerrit.wpia.club/#/c/756/) there is no need to install a
certificate into the browser truststore through the website as private
key is missing.
Change-Id: Icd62b26d607257a445e012081e1a9f86da479d81
<?=_PEM encoded Certificate Chain (Excluding Anchor)?> (<a href='<?=$serial?>.crt?chain&noAnchor' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noAnchor' download>PEM</a>)<br/>
<?=_PEM encoded Certificate Chain (Excluding Leaf)?> (<a href='<?=$serial?>.crt?chain&noLeaf' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noLeaf' download>PEM</a>)<br/>
<?=_DER encoded Certificate?> (<a href='<?=$serial?>.cer' download>CER</a>)<br/>
<?=_PEM encoded Certificate Chain (Excluding Anchor)?> (<a href='<?=$serial?>.crt?chain&noAnchor' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noAnchor' download>PEM</a>)<br/>
<?=_PEM encoded Certificate Chain (Excluding Leaf)?> (<a href='<?=$serial?>.crt?chain&noLeaf' download>CRT</a>/<a href='<?=$serial?>.pem?chain&noLeaf' download>PEM</a>)<br/>
<?=_DER encoded Certificate?> (<a href='<?=$serial?>.cer' download>CER</a>)<br/>
- <a href='<?=$serial?>.cer?install&chain'><?=_Install into browser.?></a><br/>
- <a href='<?=$serial?>.cer?install'><?=_Install into browser (Chrome)?></a>. <?=_Please ensure that the intermediate certificates listed above are installed prior to installing the certificate.?><br/><br/>
- * <?=_For information on how to install the root certificates into the truststore of your browser take a look at the !(/kb/rootcert)root certificate page in the FAQ!'</a>'!?>.</br>
- <?=_For the different variants of the certificate and chain take a look at the !(/kb/certs)certificate page in the FAQ!'</a>'!?>.
+ <b>*<?=_Note?></b>: <?=_Remember, in order to use the certificate correctly, you additionally need the corresponding private key. How it is needed depends on the software solution you are using. This private key is usually generated together with the certificate signing request (CSR).?></br>
+ <?=_For information on how to install the root certificates into the truststore of your browser take a look at the !(/kb/rootcert)root certificate page in the FAQ!'</a>'!?></br>
+ <?=_For the different variants of the certificate and chain take a look at the !(/kb/certs)certificate page in the FAQ!'</a>'!?>
boolean crt = false;
boolean cer = false;
resp.setContentType("application/pkix-cert");
boolean crt = false;
boolean cer = false;
resp.setContentType("application/pkix-cert");
- if (req.getParameter("install") != null) {
- resp.setContentType("application/x-x509-user-cert");
- }
if (pi.endsWith(".crt") || pi.endsWith(".pem")) {
crt = true;
pi = pi.substring(0, pi.length() - 4);
if (pi.endsWith(".crt") || pi.endsWith(".pem")) {
crt = true;
pi = pi.substring(0, pi.length() - 4);
byte[] cer = IOUtils.readURL(uc.getInputStream());
assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt));
byte[] cer = IOUtils.readURL(uc.getInputStream());
assertArrayEquals(cer, PEM.decode("CERTIFICATE", crt));
- uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?install&chain"));
+ uc = authenticate(new URL(huc.getHeaderField("Location") + ".cer?chain"));
byte[] pkcs7 = IOUtils.readURL(uc.getInputStream());
PKCS7 p7 = new PKCS7(pkcs7);
byte[] sub = verifyChain(p7.getCertificates());
assertArrayEquals(cer, sub);
byte[] pkcs7 = IOUtils.readURL(uc.getInputStream());
PKCS7 p7 = new PKCS7(pkcs7);
byte[] sub = verifyChain(p7.getCertificates());
assertArrayEquals(cer, sub);
- assertEquals("application/x-x509-user-cert", uc.getHeaderField("Content-type"));
+ assertEquals("application/pkix-cert", uc.getHeaderField("Content-type"));
uc = authenticate(new URL(huc.getHeaderField("Location")));
String gui = IOUtils.readURL(uc);
uc = authenticate(new URL(huc.getHeaderField("Location")));
String gui = IOUtils.readURL(uc);