Generate your client certificate

Browser-based client certificate generation

Before you begin

To generate your client certificate, you need to use Microsoft Internet Explorer.

Chrome, Safari, Microsoft Edge and Firefox do not support client certificate generation.


In version 69, Firefox stopped supporting browser-related certificate generation. If you need to use Firefox to generate your client certificate, do one of the tasks below:

Microsoft Edge

By default, Microsoft Edge browser does not support key generation. You can configure it to use IE-mode though, which allows you to generate keys.

For more information on enabling IE-mode for Edge, see

Generate certificate

  1. Open a browser that supports client certificate generation:

    • Windows – Internet Explorer, Microsoft Edge with IE mode
    • macOS or Windows – Firefox 68 or older version, Firefox ESR, or a portable copy of Firefox
  2. In the email DigiCert sent you, click the link.

  3. On the page for generating your certificate, verify that the name, email address, and organization are correct.

  4. Click Generate Certificate.

What's next

If you are using the client certificate to sign and encrypt emails, export your certificate from the Windows or Firefox certificate store. Then, install it in your email client.

Internet Explorer installs client certificates in the Windows Certificate Store. Chrome, Microsoft Edge, and Internet Explorer can access and use these client certificates. To use a client certificate with Firefox, you need to export a copy from the Windows Store. Then, install it in Firefox.

Firefox installs client certificates in the Firefox certificate store. Only Firefox can access these certificates. To use the client certificate with Chrome, Safari, Microsoft Edge, or Internet Explorer, you need to export a copy from the Firefox certificate store. Then, install the client certificate in the operating system's certificate store.

For more information see Managing Your Client Certificate.