I used Peculiar Ventures ASN1.js to build an in-browser PKI platform years ago. It can sit on top of webcrypto and do everything you need in terms of managing TLS certs.

https://asn1js.org/

https://www.npmjs.com/package/asn1js