Articles in Root

Why does Trust/Link block browser-based key generation on Google Chrome?


Google Chrome utilizes the <keygen> tag to generate certificate keys within the operating system it is installed on.


As of Google Chrome 49, the <keygen> function has been disabled by default.  The custom filetype handling has also been removed.  This breaks the functionality of the <keygen> tag within Chrome.


As a workaround, you should install your browser-based key generated certificate using Microsoft Internet Explorer (which still uses the CertEnroll.dll), Mozilla Firefox (which still supports the <keygen> function) or Safari on Mac (which also uses the <keygen> function).


Microsoft Edge does not support the <keygen> tag or the CertEnroll.dll ActiveX controls. At this time, Microsoft Edge should not be used for certificate creation.