How to import personal certificate in windows os certificate store from Chrome/Mozilla by client side

Question

I have generated key pair and created self signed certificate using JavaScript library WebCrypto API and 3rd party web service using a CSR request. Now i want to store the certificate with the private key in windows personal certificate store of the client pc. I have found here that by JavaScript it is not possible. Using java it is easily possible. But as jApplet is being discouraged now, so is there any other way from client side. By creating chrome/mozilla extensions, will it be possible either ?

Note that, i understand if i export the certificate as file along with the private key, i can import it manually in windows certificate store as personal certificate. But i want to automate the process like - the user just fill-up the form from browser and by server communication, the certificate will be created and will be store in windows store of client along with the private key.

Answer 1

I do not think you have too many options

• You can not access from javascript to keystore used by browser due to security restrictions

• You can not create a chrome extension to access to keystore used by browser because chrome API does not publish it (I am not sure with firefox)

• You can not use an applet because Java is not supported by Chrome and Edge. Firefox will drop support to NPAPI plugins in March 2017 (java uses npapi), and next Java versions do not include the browser plugin

Alternatives:

• Generate a .p12 file with the private key and certificate (in client side), download and open it. The operative system will launch the import certificate tool

• Use WebCryptographyApi, if you only need the certificate to perform cryptographic operations on the browser (digital signature, encryption,...). You could generate the .p12 later