If you have been following my blogs for awhile, it is very clear from the last few blog posts or so, that my progress on my current project has been quite slow. The main reason would be that I stucked myself trying to figure out how I could get the automatic certificate installation working in the browser. The process has been quite miserable, to say the least. The roadblocks just kept coming, one after another. It is no wonder now, why hardly anybody else in the web development world would want to do this.
Even Dr Shawn has picked up on my lack of progress in the project. I had informed him the problems I am facing, and he understands that this is more of a headache than it should be. But then, he told me that I shouldn’t let this affect my progress on the project. There are still other parts of the project that I could have implemented with the time I have lost spending on this predicament. In the worst case scenario, if the automatic installation of the client certificate could not work, the users would just have to go through the trouble of manually importing the certificate themselves. Of course, we would still provide helpful instructions on how they could do this.
We do not have to entirely disregard the automatic installation as well. If the WebCrypto API can’t be used, then <keygen> could be used as a fallback. Some browsers, especially the older ones, still support the <keygen> HTML element to generate the key pairs in the browser, hence it could still be used for this purpose although it should already be deprecated by now. If none of the above works, i.e generating the key pairs in browser, then the server would auto generate a key itself and return a PKCS#12 to the browser for download. At that point, the user would have to do a manual import. These are some of the things that Dr Shawn suggest to me in person.
For now, I decided to heed Dr Shawn’s advice, and to move on to other parts of the project. I also realize the importance of continuous progress despite all the obstacles that I could face. There’s always a solution to a problem, its just a matter of how and when it could be done. Even if the end result is not the best that we hoped for, ultimately the functionalities, i.e what the application should do, is what matters the most. Hopefully in the future, browsers would make it more easier for developers to automatically install client certificates.