I was just mentioning this, because I had a personal email certificate back then (when this became an integrated option with the built-in Netscape Navigator email client and the like), and this was a rather convoluted process and it took about a week. And, as I remember it, there were just a few options and the process was different for each. Which may explain the "poor UI": this was something you really had to want and you had to jump through a few hoops to achieve this, the entire process wasn't exactly user friendly, and there wasn't even a standard process or standard requirements.
So how could you point someone at a link, “you have not registered yet, go here”? You'd probably include an entire paragraph explaining what was required and link to several CA sites in order to obtain a valid certificate.
> So how could you point someone at a link, “you have not registered yet, go here”? You'd probably include an entire paragraph explaining what was required and link to several CA sites in order to obtain a valid certificate.
Well as I said, it will be complex if it's some enterprise CA you want your users to use. It's very easy if just everyone in your country has a certificate already. It's fairly easy if you use your own CA and just give the users the .p12 to install.
E-mail certificates, S/MIME, is a bit more complex and not exactly the same - there you'd actually want some larger publicly trusted entity to be used. (Though some already-deployed multi-purpose certificates do exist in some EU countries.)
Mind that as of Netscape Communicator 4, we're speaking of August, 1997… (So a it was a somewhat different situation when this was conceived. As I recall it, a personal certificate bound to a single email address was the cheapest and easiest to obtain back then.)
So how could you point someone at a link, “you have not registered yet, go here”? You'd probably include an entire paragraph explaining what was required and link to several CA sites in order to obtain a valid certificate.