We are using Applet previously to get Key Store Certificates installed in client's machine. Now as chrome stops NPAPI, Applet is not working now, so finding some solution using Javascript / jQuery.
I am trying to get the total Certificate List for installs in KeyStore, but I can't find any solutions. Does any one know how to get the full Certificate List using JavaScript or jQuery?
We are using Applet previously to get Key Store Certificates installed in client's machine. Now as chrome stops NPAPI, Applet is not working now, so finding some solution using Javascript / jQuery.
I am trying to get the total Certificate List for installs in KeyStore, but I can't find any solutions. Does any one know how to get the full Certificate List using JavaScript or jQuery?
Share Improve this question edited Nov 8, 2016 at 14:43 Shashwat Kumar 5,3072 gold badges38 silver badges71 bronze badges asked Nov 4, 2016 at 14:16 Nishant JoshiNishant Joshi 2212 silver badges10 bronze badges 10- I very much doubt there's a way to enumerate the trusted roots as this could be considered a privacy issue. However, you could conceivably test whether a particular root certificate is trusted if you controlled a web site signed by that root certificate and created an appropriate ajax request. – Phylogenesis Commented Nov 4, 2016 at 14:22
- @VVikashRajpurohit & Nishant Joshi, Accounts other than the OP should not be used to add substantial information, which has not already been stated by the OP in a ment, to the Question. As it is, Vikash, the first impression is that you changed the Question to make it fit your answer. Doing that is not an acceptable thing to do. However, the text you added implies that you are working with Nishant Joshi (I consider it likely based on both of your profiles). Nishant Joshi, please confirm that the changes actually reflect your desire for the question, not just an auto-approval of the edit. – Makyen ♦ Commented Nov 7, 2016 at 16:31
- @VVikashRajpurohit & Nishant Joshi, Why is this tagged firefox-addon when the question text is very explicit, in multiple places, that the question is about Chrome? – Makyen ♦ Commented Nov 7, 2016 at 16:32
- 1 @Mayken Essentially, the last person to edit the question significantly altered the question to fit his (now deleted) answer. While according to profiles OP and Vikash work at the same pany, so there may not be any malice, this edit also partially invalidated an existing answer. As such, I'm rolling back the edit. If Vikash wishes to add a Q&A style answer for a somewhat different question, it should be a new question. – Xan Commented Nov 8, 2016 at 10:39
- 1 @Vikash See my ment above. I'm rolling back your edit, since you significantly changed the question after it has been answered and you're not the original author. I do not suspect malice, but that's bad for SO to significantly modify questions after they receive answers. I remend asking another question - even if your plan is to immediately reply. – Xan Commented Nov 8, 2016 at 10:40
2 Answers
Reset to default 6You cannot do that with JavaScript running in the client.
See the following entry of the WebCrypto mailing list:
On Wed, Jun 24, 2015 at 1:50 PM, Jeffrey Walton wrote:
I see the WebCrypto API will allow discovery of keys (http://www.w3/TR/WebCryptoAPI/):
In addition to operations such as signature generation and verification, hashing and verification, and encryption and decryption, the API provides interfaces for key generation, key derivation, key import and export, and key discovery.
Certificates have public keys, and they are not as sensitive as private keys.
Will the WebCrypto API allow discovery/enumeration of certificates?
Examples of what I would like to discover or enumerate (in addition to the private keys):
- Trusted roots
- Client certs
Trusted Roots are in the platform's trust store. Client certs may be in the trust store.
Thanks in advance, Jeff
There are no plans from Chrome to implement such, on the hopefully obvious and significant privacy grounds.
Client certs contain PII. Trusted certs contain PII and fingerprinting.
In modern, sandboxed operating systems, such as iOS and Android, applications cannot enumerate either, as those platform providers reached the same conclusion.
So no. Never.1
1 For some really long value of never
Get clone of below link https://github./scketches/ffPrintCert
install the jpm
npm install jpm --global
Create build for mozilla
jpm xpi
Upload extension in mozilla locally and check Fire below url in mozilla
about:debugging
Load .xpi file from locally and check.