Certificate Sign Request Demo/Interop

Interoperate with the Redwax Certificate Sign Request module.

We have implemented a RFC2986 PKCS10 / Certificate Sign Request endpoint that allows you to test your client implementation against a Redwax Server.

This module allows you to work with a Microsoft CertEnroll certificate request as implemented by Internet Explorer 11.

The code being run is the most up to date build from trunk/main in source control, and is built and deployed automatically. The Redwax Interop server is for testing purposes only.

Certificate Sign Request Demo/Interop Server

When testing your Certificate Sign Request client implementation, use the following details.

Summary

Server URL https://interop.redwax.eu/test/csr
Time Source System Clock
Serial Numbers Random

Redwax Module Configuration

The following configuration is used to implement this CSR endpoint. The configuration below is added to a standard secure virtualhost Apache configuration, as described here.

Configuration

Here we set the csr handler, and set the certificates and keys to be used for signing the certificate. 


  LoadModule ca_module /usr/lib64/httpd/modules/mod_ca.so


  LoadModule ca_simple_module /usr/lib64/httpd/modules/mod_ca_simple.so


  LoadModule csr_module /usr/lib64/httpd/modules/mod_csr.so



  Require all granted
  SetHandler csr
  CsrParamChallenge challenge
  CsrSubjectRequest CN
  CsrSubjectRequest O
  CsrSubjectRequest C
  CsrSubjectAltNameRequest rfc822Name

]]>

CertEnroll with Microsoft Internet Explorer 11

The following example form shows how to generate a request based on the CertEnroll functionality in Internet Explorer 11.

Html Form

To request a certificate be generated, submit the form below.

Object Tag

The following object tag must be present in the page to embed the objCertEnrollClassFactory and make this accessible from the javascript. 


]]>

Javascript

The javascript used to trigger the CertEnroll functionality can be downloaded here, and is included for reference below.