Generate your client certificate

Set up your client certificate for two-factor authentication

After your CertCentral administrator implements two-factor authentication for your account or resets your client certificate, the next time you sign in, you must generate your client certificate.

Before you begin

To generate your client certificate, use Internet Explorer for Windows or Safari for macOS.

  • Internet Explorer installs the client certificate in Windows's Certificate Store. Microsoft Edge, Chrome, and Internet Explorer can use the certificate.
  • Safari installs the client certificate in macOS Certificate Store. Safari and Chrome can use the certificate.

For more information see Managing Your Client Certificate.

Chrome, Microsoft Edge, and Opera do not support browser-related certificate generation.


In Firefox 69, Firefox stopped supporting browser-related certificate generation. If Firefox is your preferred browser, do one of the tasks below to so you can use Firefox to sign in to CertCentral account:

Firefox keeps certificates in their Certificate Store. Only Firefox can use these certificates for Windows and macOS.

Generate client certificate

  1. Open Internet Explorer (Windows) or Safari (macOS).

  2. Go to the Sign in to your account page and sign in to your CertCentral account.

  3. On the Two-Factor Authentication Client Certificate Initialization page, click Generate Certificate.

  4. When the browser presents your client certificates, select your newly generated client certificate, and click OK.

  5. You should now be signed in to your account.

What's next

Your certificate is installed in the operating system's certificate store. Each time you sign in to CertCentral, use two-factor authentication to access your account.

Lost my client certificate

If you lose your client certificate, immediately contact your administrator to get your certificate reset. After they reset your client certificate, sign in to your CertCentral account and generate a new certificate.