Skip to main content

SAML: Request a client certificate

Before you begin

  • Have the SAML certificate requests URL.

    If you don't have the URL or lost it, contact your administrator.

  • Know which client certificate you need to order (if more than one is available).

    If you aren't sure, contact your administrator.

  • Have a certificate signing request (CSR).

    A CSR is not required to get a client certificate. However, company policy may require you to submit a CSR with your order. If you aren't sure if you need a CSR, contact your administrator.

    To remain secure, the CSR must use 2048-bit keys. See Create a CSR..

Request a client certificate

  1. Go to the Client Certificates page

    Use your provided SAML certificate requests URL to sign in.

  2. Choose a client certificate

    In the Certificate Type dropdown, select the certificate you want to order.

  3. Verify the certificate details

    In the Certificate Details section, verify that the information is correct, such as whether the email address is written correctly.

    Important

    If any of the information is incorrect, stop and contact your adminstrator.

  4. Select a validity

    In the Validity dropdown, select how long you want the certificate to be valid for.

  5. Add a CSR (optional)

    1. Use a text editor to open your CSR file.

    2. Copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags.

    3. In the CSR box, paste the text

  6. Submit your request

    When you are done, click Request Certificate.

What's next

Did you submit your request without a CSR?

If your email address domain is the same as the common name on your request (common name: example.com, email address: jane.doe@example.com), DigiCert will send you an email with a link for generating your client certificate (subject: Create Your DigiCert "Client Certificate").

If your email address domain doesn’t match the common name on your request (common name: example.com, email address: jane.doe@gmail.com), DigiCert will send a validation email with a link so you can prove you control that email address. Once you've validated the email address, DigiCert will send you an email with a link for generating your client certificate (subject: Create Your DigiCert "Client Certificate").

See SAML: Generate your client certificate.

Did you include a CSR with your request?

If you submitted your request with a CSR and your email address domain is the same as the common name on your request (common name: example.com, email address: jane.doe@example.com), DigiCert will send you an email with your client certificate attached.

If you submitted your request with a CSR and your email address domain doesn’t match the common name on your request (common name: example.com, email address: jane.doe@gmail.com), DigiCert will send you a validation email with a link so you can prove you control that email address. Once you've validated the email address, DigiCert will send you an email with the client certificate attached.