Electronic digital signature

EDS implementation in the browser on the client side. Really?

For internal purposes, the company needs the ability to sign records in the database using a client certificate.
As I see it, a record is created in the database, according to the set of fields we take md5 and sign it with a certificate on the client side in the browser.
In the browser, the client should be able to access the key store, select the required certificate, sign the record with it, and write the resulting hash to the database.
Further, any user viewing a record from the database should see whether the signature is correct and to whom it belongs.
Question 1 -
Get the ability on the client side to access the repository and use javascript to sign further.
The certificate can be either a file or a token.
Not all computers have admin rights to install extensions, ie. the solution should be without plug-ins for browsers and cross-platform.
I foresee a solution through a java applet, but I decided to deal with it - I didn’t find ready-made solutions (can you tell me where to look?), And to write my own, as I understand it, the question arises in the signature of the applet, because self-signed browsers are no longer accepted.
Question 2
How should the system look like in theory - the key is private for the client, the public key is entered by the user into the system and stored on the server for subsequent verification of existing signatures, right?