Generate your client certificate

Browser-based client certificate generation

On June 15, 2022, DigiCert will end support for client certificate key generation in Internet Explorer (IE) 11 and IE mode on Microsoft Edge. To continue to use browser-based key generation, use our new key generation service—supported by all major browsers.

Before you begin

Microsoft Edge IE-mode

By default, Microsoft Edge does not support key generation. However, you can enable IE mode for Edge. IE mode allows you to generate the keys for your client certificate in Microsoft Edge. For more information on enabling IE mode for Edge, see Microsoft's article, What is Internet Explorer (IE) mode.

Generate client certificate: Microsoft Edge, Safari, Google Chrome, and Firefox

Use DigiCert's new KeyGen tool to perform browser-based certificate key generation. KeyGen generates a keypair and then uses the public key to create a certificate signing request (CSR). KeyGen sends the CSR to DigiCert, and we send the certificate back. Then KeyGen downloads a PKCS12 (.p12) file that contains the certificate and the private key. The password you create during the certificate generation process below protects the PKCS12 file.

  1. Open a browser that supports DigiCert KeyGen client certificate generation:

    • Windows: Microsoft Edge, Google Chrome, or Firefox
    • macOS: Safari, Google Chrome, Firefox, or Microsoft Edge
  2. In the email that DigiCert sent you, select the link.

  3. On the Generate your DigiCert Certificate page, verify that the name, email address, and organization are correct.

  4. Create and confirm your certificate password.

    You will use this password each time you install your certificate. If you forget your password, you won't be able to install the certificate. So, make sure to store it safely, such as in a password manager.

If you lose your password, contact your CertCentral account administrator. They will need to reissue your certificate.

  1. Review the Master Service Agreement and then check I agree to the terms of the subscriber agreement.

  2. When ready, select Generate Certificate.

  3. Verify your .p12 certificate file was successfully generated and downloaded.

  4. Use your password to open the .p12 file and install your client certificate in your personal certificate store.

  5. When the browser presents your client certificates, select your newly generated client certificate and select OK.

Generate client certificate: Internet Explorer (IE) or Microsoft Edge – IE mode

  1. Open a browser that supports client certificate generation:

    • Windows: IE 11 or Microsoft Edge – IE mode
  2. In the email that DigiCert sent you, select the link.

  3. On the Generate your DigiCert Certificate page, verify that the name, email address, and organization are correct.

  4. Review the Master Service Agreement and then check I agree to the terms of the subscriber agreement.

  5. When ready, select Generate Certificate.

What's next

If you are using the client certificate to sign and encrypt emails, export your certificate from the Windows certificate store, Keychain Access, or Firefox certificate store. Then, install it in your email client.

  • Internet Explorer, Microsoft Edge, and Google Chrome install client certificates in the Windows Certificate Store. Chrome, Microsoft Edge, and Internet Explorer can access and use these client certificates. To use a client certificate with Firefox, you need to export a copy from the Windows Store. Then, install it in Firefox.
  • Safari, Google Chrome, and Microsoft Edge install client certificates in the Keychain Access. Safari, Chrome ,and Microsoft Edge can access and use these client certificates. To use a client certificate with Firefox, export a copy from Keychain Access and install it in Firefox.
  • Firefox installs client certificates in the Firefox certificate store. Only Firefox can access these certificates. To use the client certificate with Chrome, Safari, Microsoft Edge, or Internet Explorer, you need to export a copy from the Firefox certificate store. Then, install the client certificate in the operating system's certificate store.

For more information, see Managing Your Client Certificate.