Generate your client certificate

Set up your client certificate for CertCentral two-factor authentication

After your CertCentral administrator implements two-factor authentication or resets your client certificate, you must generate a client certificate the next time you sign in to your account.

Before you begin

To generate your client certificate, use Internet Explorer (IE).

Chrome, Safari, Microsoft Edge, and Firefox do not support client certificate generation.


In version 69, Firefox stopped supporting browser-related certificate generation. If you need to use Firefox to generate your client certificate, do one of the tasks below to use Firefox for signing in to CertCentral:

Generate certificate

  1. Open a browser that supports client certificate generation:

    • Windows – Internet Explorer
    • macOS or Windows – Firefox 68 or older version, Firefox ESR, or a portable copy of Firefox
  2. Go to the Sign in to your account page and sign in to CertCentral.

  3. On the Two-Factor Authentication Client Certificate Initialization page, click Generate Certificate.

  4. When the browser presents your client certificates, select your newly generated client certificate. Click OK.

  5. You should now be signed in to your CertCentral account.

What's next

Each time you sign in to CertCentral, use your client certificate to complete the two-factor authentication to sign in process.

Where's my client certificate?

Internet Explorer installs client certificates in the Windows Certificate Store. Chrome, Microsoft Edge, and Internet Explorer can access and use these client certificates. To use a client certificate with Firefox, you need to export a copy from the Windows Store. Then install it in Firefox.

Firefox installs client certificates in the Firefox certificate store. Only Firefox can access these certificates. To use the client certificate with Chrome, Safari, Microsoft Edge, or Internet Explorer, you need to export a copy from the Firefox certificate store. Then install the client certificate in the operating system's certificate store.

For more information see Managing Your Client Certificate.

What should I do if I lose my client certificate?

Immediately contact your CertCentral account administrator so they can reset your client certificate. Then sign in to your CertCentral account and generate a new client certificate.