How we built Origin CA: Web Crypto

Cloudflare introduced Origin CA, a service that allows users to get certificates directly from them without needing to go through third-party certificate authorities. The private key is generated client-side in the browser using W3C's Web Crypto API and only the public key is sent to Cloudflare servers for security purposes. This feature not only ensures privacy but also provides a simpler, more convenient way of getting certificates without requiring command-line operations. The Origin CA dashboard uses WebCrypto for generating keys and PKI.js for creating CSRs.