When using an HTML5 keygen element, the form posts (among others) a certificate signing request (in SPKAC format) to the server. The server then sends the corresponding certificate with mime-type application/x-x509-user-cert. I implemented this without problems.
My problem now is how I can continue the flow, deliver the certificate and redirect to another page. I tried two things and both failed: (this is flask code)
r = Response(userCert, status=302, mimetype='application/x-x509-user-cert')
r.headers['Location'] = url_for('index')
r = Response(userCert, mimetype='application/x-x509-user-cert')
r.headers['Refresh'] = "1; url=%s" % url_for('index')
In the former case, the browser fails to install the certificate, but redirects correctly; In the latter case, the browser (FF) installs the certificate, but fails to go to the new page.
After A LOT of banging my head against the wall, I finally found a way that is half way usable:
I launch the page with the form that contains the keygen element from another html page. The keygen page submits on load; and the parent page closes the keygen page after a timeout.
Not certain what happens if the timeout is too short though. But I didn't find any event that indicates that a certificate has been loaded...