Skip to main content

Generate your client certificate for two-factor authentication

Create your client certificate for CertCentral two-factor authentication

After your CertCentral administrator adds you to CertCentral or resets your client certificate, you’ll need to generate your client certificate when you sign in.

Before you begin

Your browser determines what you must do to generate your client certificate.

Microsoft Edge IE-mode

By default, Microsoft Edge does not support key generation. However, you can enable IE mode for Edge. IE mode allows you to generate the keys for your client certificate in Microsoft Edge. For more information on enabling IE mode for Edge, see Microsoft's article, What is Internet Explorer (IE) mode.

Generate a client certificate: Microsoft Edge, Safari, Google Chrome, and Firefox

Use DigiCert's new KeyGen tool to perform browser-based certificate key generation. KeyGen generates a keypair and then uses the public key to create a certificate signing request (CSR). KeyGen sends the CSR to DigiCert, and we send the certificate back. Then KeyGen downloads a PKCS12 (.p12) file that contains the certificate and the private key. The password you create during the certificate generation process below protects the PKCS12 file.

Use DigiCert's new KeyGen tool to perform browser-based certificate key generation.

KeyGen:

  • Generates a keypair and uses the public key to create a certificate signing request (CSR).

  • Sends the CSR to DigiCert, and we send the certificate back.

  • Downloads a PKCS12 (.p12) file that contains the certificate and the private key.

    The password created during the certificate generation process below protects the PKCS12 file.

Generate client certificate
  1. Open a browser that supports DigiCert KeyGen client certificate generation:

    • Windows: Microsoft Edge, Chrome, or Firefox

    • macOS: Safari, Chrome, Firefox, or Microsoft Edge

  2. Go to the CertCentral Sign in to your account page, enter your username and password, and select Sign in.

    If this is your first time signing in to your new account, you must enter and confirm a new password and set up and answer a security question.

  3. On the Two-Factor Authentication Client Certificate Initialization page, verify that the name, email address, and organization are correct.

  4. Create and confirm your certificate password.

    You will use this password each time you install your certificate. If you forget your password, you won't be able to install the certificate. Make sure to store it in a secure location.

    Warning

    If you lose your password, contact your CertCentral account administrator. They will need to reset your client certificate. See Reset your OTP app or verification email or your client certificate.

  5. Review the Master Service Agreement and then check I agree to the terms of the subscriber agreement.

  6. When ready, select Generate Certificate.

  7. Verify your .p12 certificate file was successfully generated and downloaded.

  8. Use your password to open the .p12 file and install your client certificate in your personal certificate store.

  9. When the browser presents your client certificates, select your newly generated client certificate and select OK.

  10. Use two-factor authentication to sign in to your CertCentral account.

Generate client certificate: Internet Explorer (IE) or Microsoft Edge – IE mode

  1. Open Microsoft Edge in IE mode.

  2. Go to the CertCentral Sign in to your account page, enter your username and password, and select Sign in.

  3. On the Two-Factor Authentication Client Certificate Initialization page, select Generate Certificate.

  4. When the browser presents your client certificates, select your newly generated client certificate. Select OK.

  5. You should now be signed in to your CertCentral account.

What's next

To access your CertCentral account, use your client certificate to complete the two-factor authentication process.

Where's my client certificate?

  • Microsoft Edge and Google Chrome install client certificates in the Windows Certificate Store. Microsoft Edge and Chrome can access and use these client certificates.

    To use a client certificate with Firefox, export a copy from the Windows Store. Then install it in Firefox.

  • Safari, Google Chrome, and Microsoft Edge install client certificates in the Keychain Access. Safari, Chrome, and Microsoft Edge can access and use these client certificates.

    To use a client certificate with Firefox, export a copy from Keychain Access and install it in Firefox.

  • Firefox installs client certificates in the Firefox certificate store. Only Firefox can access these certificates.

    To use the client certificate with Chrome, Safari, or Microsoft Edge, export a copy from the Firefox certificate store and install the client certificate in the operating system's certificate store.

For more information, see Managing Your Client Certificate.

What should I do if I lose my client certificate?

Immediately contact your CertCentral account administrator so they can reset your client certificate. After they reset it, sign in to your CertCentral account and generate a new client certificate. See How do I regenerate my client certificate?.