I always wondered how some Certificate Authorities (CA) got their certificates installed in browsers directly, without the user having to import it manually. It took a bit of extra google-fu. So, I thought it pertinent to note things down here.

The key to doing it seems to be to use the appropriate mime type when downloading the certificate file. There are several that are supported by the Mozilla browser:

  • application/x-x509-ca-cert
  • application/x-x509-user-cert
  • applicaiton/x-x509-email-cert

As each name implies, it is used to download the appropriate certificate. When this is done on a Mozilla browser, it triggers a dialogue which will automatically import the certificate into its internal database, without having to go through multiple menus.

While researching this, I also learned about the keygen HTML attribute. This looks like something decidedly useful for a new project that we’re working on.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.