The HTML <keygen> element is one of the features, which is used for generating the key material and the submission of the public key, as a part of an HTML form. It’s a mechanism which is designed to use with Web-based certificate management system. Likewise, this element is used within an HTML form with other needed information for constructing a certificate request, which results in a signed certificate.
So, with the Mozilla Firefox 69 release, this non-standard <keygen> HTML element along with HTMLKeygenElement DOM interface has been removed. Now, the alternative option is to make use of the web browsers, which supports this feature, i.e., Internet Explorer and Apple Safari, for picking up your Code Signing Certificate.
Furthermore, looking at the above chart, it’s clear that some web browsers do support this feature, but it’s not recommended anymore, and it’s used only for compatibility purposes.
Who will be Affected & What Action is Needed?
If you have purchased a Code Signing Certificate earlier then, you might be aware that Mozilla Firefox was recommended to complete the download process of the certificate, like for generating CSR on a Web Browser along with the private key. But, with the release of this Mozilla Firefox 69, it has been changed, and for generating the CSR (Certificate Signing Request) for a code signing certificate, it’s recommended to make use of the web browsers, which are compatible with that.
In case, any organization has locked the environment to use only Firefox then the one available option is of Firefox ESR (Firefox Extended Support Release), or another option is to use a Portable Firefox web browser, which requires only download and no installation.