20191025 - Firefox remove Keygen support
The version 69 of Firefox released on the 3 September 2019 removed support for <keygen> tag.
It allows a browser to generate a private key and a CSR from a form. The key is then stored in the browser keystore to facilitate the resulting certificate installation.
Our forms use the <keygen> tag during the order of certain client and code signing certificates.
What consequences?
- You'll have to use a browser capable to generate a private key and a CSR to use our client and code signing certificates order forms (if you don't generate them on your own).
- You'll then have to use the same browser to download your certificate
- Finally, if needed you'll have to export your certificate and import it on the wanted tool
Which products are impacted?
Client and code signing certificates requiring a CSR:
- Thawte Code Signing
- DigiCert Code Signing
- TBS X509 Email Novice
- TBS X509 Sign & Login
- TBS X509 Email Professional
Which browsers are compatible?
INTERNET EXPLORER
(via the use of CertEnroll and XEnroll ActiveX control |
SAFARI |
SEAMONKEY |
FIREFOX 69+ |
MICROSOFT EDGE |
GOOGLE CHROME 57+ |
OPERA |
What impact for the currently valid certificates?
None. Once the certificate is issued, it is installed with its private key in your browser keystore. They won't be impacted.