PKI Registration Authority

This module allows your site to act as registration authority (RA) as part of a public key infrastructure (PKI).

Once registered, users will be able to generate certificates they can use as credentials. For example, such certificates can be used to log into sites running Certificate Login without usernames or passwords.

Requirements

1. The enrollment-js JavaScript library.
2. A certification authority (CA), which can accept certificate signing requests (CSRs) and return certificates. A default one will be available shortly.
3. Drupal must be able to send mail in order to validate e-mail addresses. See How to have my PHP Send mail? for details.
4. Some type of CAPTCHA (e.g. Honeypot, reCAPTCHA) on the registration form to prevent confirmation e-mails from being sent to spam bots.
5. Mandatory HTTPS as Web browsers are now blocking insecure Web service calls. (See note in the documentation.) This is fairly easy to set up nowadays given that Let's Encrypt is up and running, or trivial with the Caddy Web server.

Using Generated Certificates

Certificate login will be made available for Drupal 8 to work in combination with this module to allow users to create accounts and log in with the certificates provided here.

These other modules provide the same functionality as that one, but at the time of this writing there are no Drupal 8 plans, and there is no coordination with them.

• PKI Authentication
• Certificate Auto Login

Similar Modules

• Clientcert (SSL/TLS) for login: Requires Rules for more complicated scenarios, and is only available for Drupal 7.

Release Plans

The module should be usable in its current state. We'll release a beta as soon as #2855767: Add tests is done. Help with that (writing tests) would be greatly appreciated!

Additional Information

See the README for set-up instructions, the registration process, the certificate generation process, features and additional notes.