@startuml
autonumber "<b>[000]"
actor User
boundary Browser
User -> Browser: visit CAcert.org profile page
Browser -> Webserver: request page
Webserver -> Browser: send page
User -> Browser: click on "Request client certificate"
Browser -> Webserver: request client certificate page
Webserver -> Browser: send page and JavaScript
User -> Browser: choose "Generate key and certificate"
Browser -> User: display form
User -> Browser: select email address, key parameters, password
User -> Browser: click "Generate certificate"
Browser -> Browser: generate key pair
Browser -> Browser: generate CSR
Browser -> "API endpoint": send CSR to endpoint
"API endpoint" -> Database: store CSR for user
"API endpoint" -> Browser: return certificate polling/Websocket address
    loop until timeout
        Browser -> "API endpoint": poll for certificate
        "API endpoint" -> Database: query for certificate
        alt certificate issued
            Database -> "API endpoint": return certificate
            "API endpoint" -> Browser: return certificate
        else certificate not issued yet
            Database -> "API endpoint": no result
            "API endpoint" -> Browser: come back later
        end
    end

alt certificate issued
    Browser -> Browser: generate PKCS#12 store
    Browser -> Browser: show PKCS#12 download button
    User -> Browser: download PKCS#12 store
    Browser -> User: give info what to do with the PKCS#12 store
else timeout
    Browser -> Browser: offer key pair download, display CSR
    User -> Browser: download key pair
end
@enduml