Deprecation of KEYGEN Functionality in Google Chrome v49
Introduction
This article describes the decision by Google to deprecate support for Key Generation <keygen> element in Chrome v49.
Applies to
SecureAuth IdP used with a Google Chrome v49+ browser and affects
SecureAuth IdP Version | OS Version |
|---|---|
7.x+ |
|
Issue
How does the deprecation of <keygen> impact SecureAuth IdP users that use Chrome?
In SecureAuth IdP, <keygen> is used to deliver X.509 v3 digital certificates to users. Beginning with Chrome 49, Key Generation element <keygen> has been deprecated from the software. This means that users with Chrome 49 or greater are unable to enroll for certificates on SecureAuth IdP realms configured to use keygen.
Users receive the following error during certificate enrollment:
 |
Resolution
Notice
SecureAuth Response
SecureAuth recommends using one of the workarounds detailed below
Workaround 1: Use IE or Safari browser for certificate enrollment
Use one of the following browsers to enroll for certificates:
Platform | Browser |
|---|---|
Windows | Internet Explorer |
OS X | Safari |
Notice
Firefox cannot be used for certificate enrollment since it utilizes a private certificate store hidden from the operating system
Workaround 2: Configure a PFX realm for delivering certificates
Configure a realm to use PFX as an alternative delivery method for Chrome
Note
For more information about creating a PFX realm, see the document Standard / Basic PFX Realm Configuration for SecureAuth IdP Appliance.