Skip to main content

Generate your client certificate

Browser-based client certificate generation

Before you begin

Your browser determines what you must do to generate your client certificate.

Microsoft Edge

By default, Microsoft Edge does not support key generation. However, you can enable IE mode for Edge. IE mode allows you to generate the keys for your client certificate in Microsoft Edge. For more information on enabling IE mode for Edge, see Microsoft's article, What is Internet Explorer (IE) mode.

Generate client certificate: Microsoft Edge, Safari, Google Chrome, and Firefox

Use DigiCert's new KeyGen tool to perform browser-based certificate key generation. KeyGen generates a keypair and then uses the public key to create a certificate signing request (CSR). KeyGen sends the CSR to DigiCert, and we send the certificate back. Then KeyGen downloads a PKCS12 (.p12) file that contains the certificate and the private key. The password you create during the certificate generation process below protects the PKCS12 file.

  1. Open a browser that supports DigiCert KeyGen client certificate generation:

    • Windows: Microsoft Edge, Google Chrome, or Firefox

    • macOS:  Safari, Google Chrome, Firefox, or Microsoft Edge

  2. In the email that DigiCert sent you, select the link.

  3. On the Generate your DigiCert certificate page, verify that the name, email address, and organization are correct.

  4. Create and confirm your certificate password.

    You will use this password each time you install your certificate. If you forget your password, you won't be able to install the certificate. So, make sure to store it safely, such as in a password manager.

    Password troubleshooting tip

    If you receive the "Password you entered is incorrect" error message, verify that the characters used in your password are supported by the browser's Import Wizard. For example, the symbol is not supported in the Microsoft Edge Import Wizard.

    Warning

    If you lose your password, contact your CertCentral account administrator. They will need to reissue your certificate.

  5. Review the Master Service Agreement and check I agree to the terms of the subscriber agreement.

  6. When ready, select Generate certificate.

  7. Verify that your .p12 certificate file was successfully generated and downloaded.

  8. Use your password to open the .p12 file and install your client certificate in your personal certificate store.

  9. When the browser presents your client certificates, select your newly generated client certificate and select OK.

Generate client certificate: Microsoft Edge – IE mode

  1. Open a browser that supports client certificate generation:

    • Windows – Microsoft Edge - IE mode

  2. In the email DigiCert sent you, select the link.

  3. On the Generate your DigiCert certificate page, verify that the name, email address, and organization are correct.

  4. Review the Master Service Agreement and then check I agree to the terms of the subscriber agreement.

  5. When ready, select Generate certificate.

What's next

Notice

If you are using the client certificate to sign and encrypt emails, export your certificate from the Windows certificate store, Keychain Access, or Firefox certificate store. Then, install it in your email client.

Microsoft Edge and Google Chrome install client certificates in the Windows Certificate Store. Chrome and Microsoft Edge can access and use these client certificates. To use a client certificate with Firefox, you need to export a copy from the Windows Store. Then, install it in Firefox.

Safari, Google Chrome, and Microsoft Edge install client certificates in the Keychain Access. Safari, Chrome ,and Microsoft Edge can access and use these client certificates. To use a client certificate with Firefox, export a copy from Keychain Access and install it in Firefox.

Firefox installs client certificates in the Firefox certificate store. Only Firefox can access these certificates. To use the client certificate with Chrome, Safari, or Microsoft Edge, you need to export a copy from the Firefox certificate store. Then, install the client certificate in the operating system's certificate store.

For more information see Managing your client certificate.