procedure to import CA cert into browsers

[chakl]

I have prepared the CA cert import into browser functionality.

• additionally copy generated ca.crt to $PKI_BASE/$THIS_CA/ca.cacert
• install a custom $JETTY_HOME/etc/webdefault.xml that assigns the correct mime type for files with .cacert externsion

Now if you provide a download link in the Web GUI to $PKI_BASE/$THIS_CA/ca.cacert, Jetty should return it as "application/x-x509-ca-cert", which should trigger a "CA import" dialog in the browser.

Need to test that with common browsers, but modern browsers should support that.

[JoernT]

we need to integrate the relevant entries in eXist's web.xml - shouldn't be a big deal and even be made possible by .xar mechanics (not sure how yet)

[chakl]

which entries? this should be enough <a href="ca.cacert">Klick here to import CA cert into browser</a>

[JoernT]

the mimetype mapping entries in web.xml

[chakl]

According to jetty docs, mime type are set in $JETTY_HOME/etc/webdefault.xml. I already patch that in reconfig-jetty.sh

Edit: maybe you confuse that with $EXIST_HOME/mime-types.xml, which defines how eXist stores file types into the DB (if I understand correctly) ?

[JoernT]

no, the mime-types.xml also determines how certain types are serailized (returned)

[chakl]

please add something like this to the GUI <a href="ca.cacert">Klick here to import CA cert into browser</a>

need this for some real-life testing for email crypto etc. currently show-stopper