SAML: Request a client certificate

Before you begin

  • Have the SAML certificate requests URL.
    If you don't have the URL or lost it, contact your administrator.
  • Know which client certificate you need to order (if more than one is available).
    If you aren't sure, contact your administrator.
  • Have a certificate signing request (CSR).
    A CSR is not required to get a client certificate. However, company policy may require you to submit one with your order. If you don't know, contact your administrator.
    To remain secure, the CSR must use 2048-bit keys. See Create a CSR.

Request a client certificate

  1. Go to the Client Certificates page

    Use your provided SAML certificate requests URL to sign in.

  1. Choose a client certificate.

    In the Certificate Type dropdown, choose the certificate you want to order.

  1. Verify the certificate details.

    In the Certificate Details section, verify that the information is correct (such as whether the email address is written correctly)..

If any of the information is incorrect, stop and contact your manager.

  1. Select a validity

    In the Validity dropdown, select how long you want the certificate to be valid for.

  1. Add a CSR (optional)

    1. Use a text editor to open your CSR file.
    2. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.
    3. In the CSR box, paste the text.
  1. Submit your request

    When you are done, click Request Certificate.

What's next

If you submitted your request without a CSR

If your email address domain is the same as the common name on your request (common name: example.com, email address: jane.doe@example.com), DigiCert will send you an email with a link for generating your client certificate (subject: Create Your DigiCert "Client Certificate").

If your email address domain doesn’t match the common name on your request (common name: example.com, email address: jane.doe@gmail.com), DigiCert will send a validation email with a link so you can prove you control that email address. Once you've validated the email address, DigiCert will send you an email with a link for generating your client certificate (subject: Create Your DigiCert "Client Certificate").

See SAML: Generate your client certificate.

If you submitted your request with a CSR

If you submitted your request with a CSR and your email address domain is the same as the common name on your request (common name: example.com, email address: jane.doe@example.com), DigiCert will send you an email with your client certificate attached.

If you submitted your request with a CSR and your email address domain doesn’t match the common name on your request (common name: example.com, email address: jane.doe@gmail.com), DigiCert will send you a validation email with a link so you can prove you control that email address. Once you've validated the email address, DigiCert will send you an email with the client certificate attached.