SPKAC HTTP provisioning.

2 files changed, 4 insertions, 2 deletions

diff --git a/mailcert.sh b/mailcert.sh
index 13c30f6..2e68bfd 100755
--- a/mailcert.sh
+++ b/mailcert.sh
@@ -88,7 +88,7 @@ $USERCERTNAME is your user certificate.
 
 $CACERTNAME is the certificate authority certificate.
 --$BOUNDARY
-Content-Type: application/x-x509-ca-cert
+Content-Type: application/x-x509-user-cert
 Content-Disposition: attachment; filename="$USERCERTNAME"
 
 $(cat "$USERCERT")
diff --git a/signcsr.sh b/signcsr.sh
index ca50b22..b48ad45 100755
--- a/signcsr.sh
+++ b/signcsr.sh
@@ -38,5 +38,7 @@ fi
 if [ -e "$CA"/certs/"$SERIAL".pem ]; then # openssl lacks useful exit status codes, so we check to see if it actually did anything instead.
   mv -i "$1" "$CA"/signed/$NAME.csr
   ln "$CA"/certs/"$SERIAL".pem "$CA"/signed/"$NAME".crt # so we can find the certificate by name as well as serial
-  echo "Use ./mailcert.sh $NAME [emailaddress] to use sendmail to deliver the CA and user certificate."
+  openssl x509 -in "$CA"/certs/"$SERIAL".pem -outform DER -out "$CA"/signed/"$NAME".der # Chrome compatible
+  echo "* Web: $CA/signed/$NAME.der with Content-type: application/x-x509-user-cert is suggested."
+  echo "* Email: use ./mailcert.sh $NAME [emailaddress] to use sendmail to deliver the CA and user certificate as PEM MIME attachments."
 fi