GlobalSign offers different certificate delivery methods for PersonalSign products, one of which is installing directly through the browser. Enterprise PKI administrators can set the default delivery option in their ePKI profile.
Individuals ordering from our retail site can choose this option by clicking Show Advanced Key Generation Options and choosing I will create the public/private keypair and CSR with Firefox or Internet Explorer.
PKCS #12 (.pfx) Pickup |
Browser-Based Installation |
PKCS #10 (Provide CSR) |
|
---|---|---|---|
Google Chrome 1 - 48 | |||
Google Chrome 49+ | |||
Microsoft Internet Explorer | |||
Microsoft Edge | |||
Mozilla Firefox |
Google Chrome: As of Chrome 49, the <keygen> function has been disabled by default and digital certificate file types are downloaded instead of installed. While the keygen function can manually be enabled, the custom filetype handling is still removed, therefore installation through Google Chrome is not supported.
Microsoft Internet Explorer: IE uses the CertEnroll/XEnroll ActiveX control to generate and install certificates through the browser.
Microsoft Edge: Neither the <keygen> nor the CertEnroll/XEnroll ActiveX controls are present in Microsoft's new Edge browser.
Mozilla Firefox: This browser supports key generation and certificate installation by default through the <keygen> function and special certificate file type handling.
Note: While Firefox supports in-browser certificate installation, it uses its own keystore to store the certificate and is not shared with other applications. Installing through Internet Explorer will install the certificate to the Windows Certificate Store which is used by other applications such as Microsoft Office, Outlook, and Google Chrome. For this reason, Internet Explorer is recommended and is used in the example screenshots.
Note: The default Cryptographic Service Provider should be Microsoft Enhanced Cryptographic Provider v1.0. Other providers may appear in the dropdown if you use smartcards in your environment. Selecting your smart card's CSP, such as Microsoft Base Smart Card Crypto Provider will install the certificate onto the smart card.
The certificate is now installed and ready for use.
Check your certificate installation for SSL issues and vulnerabilities.