The form performed by the Certisign Login button is very limited, only JAVA and .NET are supported. Websites that use this technology are bound to have many problems, as it depends on client configuration, which is the advantage of having web systems.
Serasa for example, in the method that tests the digital certificate, in its code it declares a "javascript" pointing to this PHP, which generates a code dynamically, which does nothing more than declare a variable like this, allowing reading via javascript:
var requestOk = {
'data':'04/04/2017 Ã s 10:58',
'titular':'[email protected]',
'tipo':'0',
'validade':'09/09/2016 até 09/12/2019',
'renovar':'0',
'dias':'979',
'serasa':'0',
'empresa':'StartCom Class 1 Client CA'
};
Their page that does this work is this: link
Note : Only if you have a valid certificate on the machine can you view this answer. You can download and install this LacunaSoftware test certificates: link . This company has a solution that says it is a cross-browser, but I never tested it because the cost (R $ 0.50 / requisition) makes it impossible for certain projects.
So, the only way to do this validation is in the backend. But it is not so simple, you can not do this with PHP, because the certificate negotiation still happens at the network layer, when you are opening a connection on the web server, before PHP is even processed.
What is done is as follows:
- A configuration is enabled on the Web server that checks the client's certificate.
- The Browser understands this and opens this dialog box for the client to allow access and select the certificate, as shown:
- Aftertheclientselectstheconnectiontotheserverfollowsnormally,andthevariablesareexportedasenvironmentvariablesthatcanbeeasilyreadin $ SERVER , in the keys starting with" SSL "
Each web server has a way to accomplish this. Here's how it's set up in Lighttpd: link . And here is an article that shows how PHP is done using Apache link
So the answer "Not possible with Chrome and other browsers" is not true, the difficulty is great but it is not impossible.
Using Certisign Login is just a simpler palliative, but works only for national sites and depends on JAVA installed on clients and / or active ex for .NET. However you are limited to language and a complex installation on the clients. Chrome itself deleted the possibility of JAVA Applets with only Firefox and IE (with activex) which makes this method very restrictive.
About getting the CPF / CNPJ from the certificate, the ones I have for testing are from "SOLUTI", they contain in CN after the name of the character: separates the sequence number of the CPF or CNPJ can be extracted in this way.
If you work with other certifiers, please leave a comment on this answer if it also expresses the CPF or CNPJ number.
There is still this difficulty of native support in browsers, but I believe that in the future the tendency is that it will be simpler and safer to obtain certificate of the certificate without any obvious alternative programming resources, empowering purely web applications to obtain this information with the permission of the user.