Fortify Provides a More Secure Web Experience for Certificates and Smart Cards

Tuesday June 19, 2018

San Francisco – June 19, 2018 – The Certificate Authority Security Council (CASC), an advocacy group committed to the advancement of web security, today announced that Fortify, an open source application sponsored by the Council, is now available for Windows and Mac.  Fortify, a free app, connects a user’s web browsers to smart cards, security tokens, and certificates on a user’s local machine.  This allows users to generate X.509 certificates in their browser, replacing the loss of key generation functionality.

“Fortify is a great open source project, made possible through collaboration among leading CAs, to replace and improve upon the <keygen> functionality that was deprecated by browser vendors,” said Tim Hollebeek, Industry and Standards Technical Strategist at DigiCert, and a member of the CA Security Council. “Fortify is free to the public and makes certificate use easy without pushing the operational requirements to the browsers.”

Fortify provides a user-friendly way to locally generate certificates via the browser, which is needed for the enrollment of consumer Code Signing and S/MIME certificates.

Fortify is a flexible application that provides a link between the web browser (or other user agent) and certificates or smart cards on the user’s local machine.  It fills the gap that key generation <keygen> deprecation created and provides additional functionality, including extension of the Web Crypto API.

Websites and web applications that support the Web Crypto API can easily start supporting Fortify to access these local devices and certificates.  Fortify provides a permission model that keeps users in control, allowing them to approve and manage which origins (sites) can utilize its powerful capabilities.

For CAs, Fortify can replace the need for <keygen> by allowing browser-based enrollment forms to connect to the user’s local certificate store for certificate and key generation.

Web applications that supported Web Crypto can also use Fortify for enrollment of other types of X.509 certificates, as a way to sign/encrypt documents with client certificates and user authentication.

Fortify is open source, compatible with Windows 7+ and OSX 10.12+, and works with all major browsers.  For more information about how to use Fortify to generate certificates, contact your Certificate Authority.

** **Connect with CASC

About the CASC

The Certificate Authority Security Council is comprised of leading global Certificate Authorities that are committed to the exploration and promotion of best practices that advance trusted SSL deployment and CA operations as well as the security of the internet in general. While not a standards-setting organization, the CASC works collaboratively to improve understanding of critical policies and their potential impact on the internet infrastructure. More information is available at

This article was originally published by the "CA Security Council". In 2021 the CASC was restructred and renamed to the "Public Key Infrastructure Consortium" shortly "PKI Consortium".

Learn more about the PKI Consortium
Participate in our community discussions and/or join the consortium