Nothing much to be said for this week. I attempted to implement based on what Dr Shawn suggested to me last week, i.e storing the public and private key pairs in the database, so that the private key could be reused for subsequent certificate renewals. This relies on the user having to present the old certificate, which contains the public key that would be used to find the matching private key in the database. If no certificate is given, then it is assumed that the user is under a new subscription, and the application generates a new public and private key pair, save them to the database, then send the PKCS#12 for the user to manually import.

However, I had a small issue. In the general case, the user would only renew their subscription once the payment date is due, but at that point of time, their current certificate would already be expired. For the case of Chrome, the expired certificate would not be shown when the user gets prompted for a certificate, while Firefox, on the other hand, would still show the expired certificate, but sending it to the server, would cause the Wt application to immediately closed the connection. I thought about it for awhile, but could not find any solution for it. I had to ask Dr Shawn again once more.

The solution was actually so simple that it is embarrassing. All that’s needed to be done is to give a renewal grace period, e.g: 1 week after the payment due date, in which the user should renew their subscription at that time period, or they would have to go buy a new subscription product again. That way, when its time to renew, the user could still present the old certificate to the server application.

Alright, so with that out of the way, I proceeded with the implementation. If it wasn’t for my mishap earlier, I should have done everything by now. At the moment, I did some implementation already, but it is not working as expected yet. The public key extracted from the ‘old’ certificate, did not match any public key in the database, even though it already should have been at the time of its creation. The week ended without me figuring out why, as time ran out on me. Its probably just another one of my careless mistakes again. Til next time then.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.