Hi Wai Choi,
I do not need a solution, I'm doing this work for people in general, once I've finished, I'll move on to a different project.
You might want to update the documentation, and perhaps remove the browser certificates from the list of certificate options.
I guess that as no one has spotted this problem, not many people are using this function (from Linux), so it may not be an urgent problem ( grin)
Colin
------------------------------
Colin Paice
------------------------------
Original Message:
Sent: Thu December 02, 2021 05:47 PM
From: Wai Choi
Subject: Are there fixes for PKI HTTPD generate certificate?
Colin,
Then the only choices are letting PKI generate the key pair, or supplying a CSR. I hope these two choices are acceptable alternatives for you.
------------------------------
Wai Choi
Original Message:
Sent: Thu December 02, 2021 04:17 PM
From: Colin Paice
Subject: Are there fixes for PKI HTTPD generate certificate?
Hi Wai Choi,
On Ubuntu, with both Chromium and Firefox
<keygen name="name" challenge="challenge string" keytype="type" keyparams="pqg-params">
does not display anything.
I copied that example from the official documentation - which says it was deprecated ( in 2017?)
I cannot run internet explorer because I am on Linux
regards
Colin
------------------------------
Colin Paice
Original Message:
Sent: Thu December 02, 2021 10:08 AM
From: Wai Choi
Subject: Are there fixes for PKI HTTPD generate certificate?
Colin,
As indicated in the PKI publication, we only claim we support IE and Mozilla browsers, although you may find there are other browsers that will work too.
I believe Chrome and Mozilla share some common source code.
------------------------------
Wai Choi
Original Message:
Sent: Wed December 01, 2021 07:06 AM
From: Colin Paice
Subject: Are there fixes for PKI HTTPD generate certificate?
I found OA62152: PKI SERVICES BOOK UPDATES FOR MOZILLA <KEYGEN> TAG REMOVAL
This applies to Chromium as well.
using 1-Year PKI Generated Key Certificate
seems to work
------------------------------
Colin Paice
Original Message:
Sent: Wed December 01, 2021 06:16 AM
From: Colin Paice
Subject: Are there fixes for PKI HTTPD generate certificate?
I notice that <KEYGEN.. > is used which is a deprecated tag. On Chromium it does not do anything.
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/keygen
says
Deprecated: This feature is no longer recommended. Though some browsers might still support it, it may have already been removed from the relevant web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page to guide your decision. Be aware that this feature may cease to work at any time.
and I found
Deprecation of Keygen Tag in Chrome/Chromium Browsers
Solution
Beginning with version 49 of Chromium the keygen tag has been disabled by default, preventing generation of keypairs in the browser.
I also get
catmpl.rexx?Template=1-Year+PKI+SSL+Browser+Certificate:33 Uncaught ReferenceError: LoadCSPs is not defined
at init (catmpl.rexx?Template=1-Year+PKI+SSL+Browser+Certificate:33)
------------------------------
Colin Paice
Original Message:
Sent: Sat November 27, 2021 12:12 PM
From: Colin Paice
Subject: Are there fixes for PKI HTTPD generate certificate?
If I use the HTTPD service to try to generate a certificate I get
With no opportunity to select a key size
If I click on Submit certificate request, I get
IKYI003I PKI Services CGI error in careq.rexx: PublicKey is a required field.
Please use back button to try again or report the problem to admin person.
There was no field displayed to enter a public key.
I am on Ubuntu with Chromium, with z/OS 2.4
------------------------------
Colin Paice
------------------------------