Externally generated certificate in RTCPeerConnection

[Ariel Tubaltsev]

In-browser, RTCPeerConnection provides an option to generate RTCCertificate or can generate it by itself.

But is there an option to use an externally generated key/certificate, for example, issued by CA?

 

The use case could be using the same certificate for signalling and WebRTC communication.

https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/RTCPeerConnection#Using_certificates

https://developer.mozilla.org/en-US/docs/Web/API/RTCPeerConnection/generateCertificate

[Lennart Grahl]

AFAIK there is no way to do that. But I would support such a proposal towards the WebRTC spec (and I have a use case for this, too). However, be aware there are people who state that handling private keys inside of the application's JS is a bad idea (I'm not one of them).

If you want an end-to-end encrypted solution for the signalling, I may be able to help you: https://saltyrtc.org/

Cheers
Lennart

[Ariel Tubaltsev]

Hi Lennart

Thank you for the quick response.

Right, in general, the browser/OS is responsible to handle certificates, not the in-browser code.

But here we already have a way to generate the certificate from in-browser code, so I'd argue that providing an option to use some existing certificate doesn't make it much worse.

Quickly looking at chromium implementation, looks like there is already a way to import PEM:

https://github.com/chromium/chromium/blob/0aee4434a4dba42a42abaea9bfbc0cd196a63bc1/content/renderer/media/webrtc/rtc_certificate_generator.h

So it's metter of being exposed through JS.

Do you happen to know how to submit the proposal?

Cheers

Ariel

[Lennart Grahl]

You can submit the issue towards the spec: https://github.com/w3c/webrtc-pc/issues or towards the mailing list (public...@w3.org).

Cheers
Lennart

[Ariel Tubaltsev]

https://github.com/w3c/webrtc-pc/issues/1853