4

We are using Applet previously to get Key Store Certificates installed in client's machine. Now as chrome stops NPAPI, Applet is not working now, so finding some solution using Javascript / jQuery.

I am trying to get the total Certificate List for installs in KeyStore, but I can't find any solutions. Does any one know how to get the full Certificate List using JavaScript or jQuery?

Shashwat Kumar
  • 5,159
  • 2
  • 30
  • 66
Nishant Joshi
  • 223
  • 2
  • 10
  • I very much doubt there's a way to enumerate the trusted roots as this could be considered a privacy issue. However, you could conceivably test whether a particular root certificate is trusted if you controlled a web site signed by that root certificate and created an appropriate ajax request. – Phylogenesis Nov 04 '16 at 14:22
  • @VVikashRajpurohit & Nishant Joshi, Accounts other than the OP should not be used to add substantial information, which has not already been stated by the OP in a comment, to the Question. As it is, Vikash, the first impression is that you changed the Question to make it fit your answer. Doing that is not an acceptable thing to do. However, the text you added implies that you are working with Nishant Joshi (I consider it likely based on both of your profiles). Nishant Joshi, please confirm that the changes actually reflect your desire for the question, not just an auto-approval of the edit. – Makyen Nov 07 '16 at 16:31
  • @VVikashRajpurohit & Nishant Joshi, Why is this tagged [tag:firefox-addon] when the question text is very explicit, in multiple places, that the question is about Chrome? – Makyen Nov 07 '16 at 16:32
  • 1
    @Mayken Essentially, the last person to edit the question significantly altered the question to fit his (now deleted) answer. While according to profiles OP and Vikash work at the same company, so there may not be any malice, this edit also partially invalidated an existing answer. **As such, I'm rolling back the edit.** If Vikash wishes to add a Q&A style answer for a somewhat different question, it should be a new question. – Xan Nov 08 '16 at 10:39
  • @Makyen yes, we want to work it with firefox / chrome, both can be worked. – Vikash Rajpurohit Nov 08 '16 at 10:40
  • 1
    @Vikash See my comment above. I'm rolling back your edit, since you significantly changed the question after it has been answered and you're not the original author. I do not suspect malice, but that's bad for SO to significantly modify questions after they receive answers. I recommend asking another question - even if your plan is to immediately reply. – Xan Nov 08 '16 at 10:40
  • @Xan and Makyen Just give you the context, Nishant asks a question to specific to Chrome but it is for every browser so I have edited it, now mean time we found out something so I have replied it in answer, If you want I can remove my answer as well. Its only about problem-solving, I thouthgt let us post our own finding – Vikash Rajpurohit Nov 08 '16 at 14:28
  • @Vikash Your answer is most certainly Firefox-specific, and I doubt it actually answers the question: Nishant is asking for the (trust root) certificate store of the browser, and your solution as far as I can tell provides the certificate (not even a trust chain) for a specific loaded page. Your answer may be valuable, but _not for this question_. – Xan Nov 08 '16 at 14:31
  • @Xan Okay. I have removed my answer as well. If we find any solution, we will post the new question and provide the solution to that only. Thanks – Vikash Rajpurohit Nov 08 '16 at 14:35
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/127642/discussion-between-vikash-rajpurohit-and-xan). – Vikash Rajpurohit Nov 08 '16 at 14:41

2 Answers2

6

You cannot do that with JavaScript running in the client.

See the following entry of the WebCrypto mailing list:

On Wed, Jun 24, 2015 at 1:50 PM, Jeffrey Walton wrote:

I see the WebCrypto API will allow discovery of keys (http://www.w3.org/TR/WebCryptoAPI/):

In addition to operations such as signature generation and verification, hashing and verification, and encryption and decryption, the API provides interfaces for key generation, key derivation, key import and export, and key discovery.

Certificates have public keys, and they are not as sensitive as private keys.

Will the WebCrypto API allow discovery/enumeration of certificates?

Examples of what I would like to discover or enumerate (in addition to the private keys):

  • Trusted roots
  • Client certs

Trusted Roots are in the platform's trust store. Client certs may be in the trust store.

Thanks in advance, Jeff

There are no plans from Chrome to implement such, on the hopefully obvious and significant privacy grounds.

Client certs contain PII. Trusted certs contain PII and fingerprinting.

In modern, sandboxed operating systems, such as iOS and Android, applications cannot enumerate either, as those platform providers reached the same conclusion.

So no. Never.1

1 For some really long value of never

TimoStaudinger
  • 41,396
  • 16
  • 88
  • 94
0

Get clone of below link https://github.com/scketches/ffPrintCert

install the jpm

npm install jpm --global

Create build for mozilla

jpm xpi

Upload extension in mozilla locally and check Fire below url in mozilla

about:debugging

Load .xpi file from locally and check.

Vikash Rajpurohit
  • 1,525
  • 2
  • 13
  • 13
  • I am trying this code But one error occurred at this line var cert = get_valid_cert(mainWindow.gBrowser); **Cert is null** Please give me a solution for that...https://github.com/scketches/ffPrintCert/issues/1 – Nishant Joshi Nov 08 '16 at 11:16