3

We are using html5 tag to generate keypair in google chrome. We get the P10 which we pass to the CA and get the signed cert back . Then we import the certificate to the CAPI store . After importing the certificate ,we noticed that the certificate is not bound to the private key which was generated using the tag which makes it unusable.

We used the exact same procedure for firefox and safari and they work .The difference is that both firefox and safari use their own keystore where as Chrome makes use of the Windows CAPI store.

Does anybody have any idea about any additional steps that might be required to bound the certificate to the private key ?

We have investigated the issue quite a bit ,but there is not a whole lot of information about this issue.

Any help would be appreciated.

Somnath
  • 83
  • 6
  • After much research ,this is one of the workaround we found- Execute this command which will bind the private key to the certificate certutil –user –repairstore MY “SERIAL_NUMBER” After this the encryption test passes and presumably the certificate is functional. So when keygen is used with chrome something is broken in the way the certificate request is generated and the resulting certificate imported such that the association doesn’t get created. – Somnath Oct 22 '12 at 22:40
  • Could you find any official information about this? Is this a known bug, or something planned to be fixed? Thanks! – Paolo Tedesco Feb 27 '13 at 16:07

0 Answers0