Order your client certificate

Before you begin

If organization policy requires you to include a certificate signing request (CSR) with your client certificate order, create your CSR. Learn how to Create a CSR (Certificate Signing Request).

Order client certificate

  1. In the sidebar menu, hover over Request a Certificate. Then, under Client Certificates, select the client certificate you want to order.

  1. On the Request a Client Certificate page, under Certificate Settings, provide the certificate details:

    1. Organization
      In the dropdown, select the organization you are requesting the Client certificate for. Only prevalidated organizations appear in the dropdown. If you can't find the organization you are looking for, contact your manager.
      Note: The organization name appears on your client certificate.
    2. Organization Unit
      Adding an organization unit is not required; you can leave this box blank.
      If you want to designate the organization unit the certificate will be used for, in the box, enter the organization unit name.
    3. Signature Hash
      In the dropdown, select a signature hash.
    4. Validity Period
      Select a validity period for the certificate: 1 Year, 2 Years, 3 Years, Custom expiration date, or Custom length.

  1. Under Order Options, in the Automatic Renewal dropdown, select how often you want the certificate to be automatically renewed.

  1. Under Certificate(s) to Request, enter the Recipient Details:

    1. Recipient Name (Common Name)
      Recipient’s name as you want it to appear on the client certificate.
      If you are using a CSR to order your certificate, enter the fully qualified domain name (for example, www.example.com).
    2. Recipient Email
      Email address that you want to appear on the certificate. Separate multiple email addresses with commas. The first email address listed is used to send the recipient an email so they can generate their client certificate.

  1. If you are using a CSR to order your certificate, upload or paste your CSR in the Recipient CSR box.

    We use the Public Key embedded in the CSR to create your client certificate. All other fields in the CSR are ignored.

Your CSR must include the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

  1. To add additional client certificate recipients, click the Add Another Certificate link and enter the recipient’s Recipient Details.

  1. Select Payment Method

    Under Payment Information, select a payment method to pay for the certificate:

    1. Pay with Credit Card
      Don’t have a contract or don’t want to use the contract to pay for this certificate? Use a credit card to pay for the certificate.
      Note: We authorize the card when the request is made. However, we only complete the transaction once we issue your certificate.
    2. Pay with Contract Terms
      Have a contract and want to use it to pay for the certificate? Use the contract to pay.
      Note: When you have a contract, it is the default payment method.
    3. Pay with Account Balance
      Don’t have a contract or don’t want to use the contract to pay for this certificate? Bill the cost to your account balance.
      To deposit funds, click the Deposit link.

The Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved.

  1. Certificate Services Agreement

    Read through the agreement and check I agree to the Certificate Services Agreement above.

  1. Click Submit Certificate Request.

What's next

You'll be taken to the certificate’s Order # details page where you can see the status of the email address verifications.

Each email address listed in the certificate request is sent an email containing a link so the recipient can validate that they own that email address. If the certificate recipient loses a validation email, you can resend it. See How to Resend an Email Validation for DigiCert "Client Certificate" Email.

After all email addresses are validated, a link will be sent to the first email address on the list so the recipient can create their client certificate.

If you submitted a CSR, the client certificate will be attached to the client certificate issued email.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.