The HTML <keygen> element exists to facilitate generation of key material, and submission of the public key as part of an HTML form.
This mechanism is designed for use with Web-based certificate management systems.
It is expected that the <keygen> element will be used in an HTML form along with other information needed to construct a certificate request, and that the result of the process will be a signed certificate.
The support for the non-standard <keygen> HTML element and HTMLKeygenElement DOM interface has been removed with Firefox 69.
Once a user has been authenticated, we will be generating the key pair / CSR in memory and submit it for signing. Once we receive the cert, we will package it up with the matching private key as a password protected PKCS12 file and show it in a webpage for the user to download and install.
Once the p12 file is available on the page, we would destroy all key material and cert so, the user only has 1 shot at downloading the cert. if they do not, they will have to re-enroll for the cert.
Note: There is no action required on your current certificate. You can use it until expiry.
Firefox 69 and above for both Windows and MacOS will work fine for certificate issuance. It will deliver a password-protected certificate in PKCS12 format that can be downloaded and manually installed on Firefox, or any browser/platform that has browser caching enabled.
Certificate issuance via Cloud Self-service portal, Enterprise Gateway use cases and normal user flows are supported.
When picking up a certificate:
When downloading the certificate:
Before you start to issue a certificate, please confirm the use of “Web (Session) Storage” in Firefox. To verify this, follow these instructions:
1. Type ‘about:config’ in the address bar
2. You may need to click ‘Accept the risk and continue’ button
3. Type ‘dom.storage.enabled’ and set ‘true’
For example, a normal user client authentication certificate issuance from Firefox 72 browser: