Keygen tag in HTML5

by

SSL is about “server identification” or “server AND client authentication (mutual authentication)”.

In most cases only the server presents its server-certificate during the SSL handshake so that you could make sure that this really is the server you expect to connect to. In some cases the server also wants to verify that you really are the person you pretend to be. For this you need a client-certificate.

The <keygen> tag generates a public/private key pair and then creates a certificate request. This certificate request will be sent to a Certificate Authority (CA). The CA creates a certificate and sends it back to the browser. Now you are able to use this certificate for user authentication.

More Related Contents:

  1. SSL and man-in-the-middle misunderstanding
  2. With HTTPS, are the URL and the request headers protected as the request body is?
  3. Does HTML5 allow you to interact with local client files from within a browser
  4. SSL Error: unable to get local issuer certificate
  5. curl – Is data encrypted when using the –insecure option?
  6. Fundamental difference between Hashing and Encryption algorithms
  7. What is the best way to implement “remember me” for a website? [closed]
  8. How does Content Security Policy (CSP) work?
  9. How are ssl certificates verified?
  10. Detecting if a browser is using Private Browsing mode
  11. Best way to handle security and avoid XSS with user entered URLs
  12. How can I throttle user login attempts in PHP
  13. Why is using a Non-Random IV with CBC Mode a vulnerability?
  14. How to prevent a browser from storing passwords
  15. What should every programmer know about security? [closed]
  16. Is it safe to put a jwt into the url as a query parameter of a GET request?
  17. Stopping users voting multiple times on a website
  18. How do I store and retrieve credentials from the Windows Vault credential manager?
  19. MVC 6 Bind Attribute disappears?
  20. How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
  21. How will a server become vulnerable with chmod 777?
  22. IIS7, web.config to allow only static file handler in directory /uploads of website
  23. How to do stateless (session-less) & cookie-less authentication?
  24. WS on HTTP vs WSS on HTTPS
  25. Is there a way to force apache to return 404 instead of 403?
  26. SSLContext initialization
  27. Disable drop paste in HTML input fields? [duplicate]
  28. Google Play security alert for insecure TrustManager
  29. Remember me Cookie best practice?
  30. buffer overflow example from Art of Exploitation book

Leave a Comment