In-Browser Installation of Client Certificates

Feb 17, 2023

In-Browser Installation of Client Certificates

GlobalSign offers different certificate delivery methods for PersonalSign products, one of which is installing directly through the browser. Enterprise PKI administrators can set the default delivery option in their ePKI profile. 

Individuals ordering from our retail site can choose this option by clicking Show Advanced Key Generation Options and choosing I will create the public/private keypair and CSR with Firefox or Microsoft Edge.

Browser Compatibility

  PKCS #12
(.pfx) Pickup
PKCS #10
(Provide CSR)
Google Chrome 1 - 48
Google Chrome 49+
Microsoft Edge
Mozilla Firefox

Google Chrome: As of Chrome 49, the <keygen> function has been disabled by default and digital certificate file types are downloaded instead of installed. While the keygen function can manually be enabled, the custom filetype handling is still removed, therefore installation through Google Chrome is not supported.

Microsoft Edge: Neither the <keygen> nor the CertEnroll/XEnroll ActiveX controls are present in Microsoft's new Edge browser.

Mozilla Firefox: This browser supports key generation and certificate installation by default through the <keygen> function and special certificate file type handling.



Note: The default Cryptographic Service Provider should be Microsoft Enhanced Cryptographic Provider v1.0. Other providers may appear in the dropdown if you use smartcards in your environment. Selecting your smart card's CSP, such as Microsoft Base Smart Card Crypto Provider will install the certificate onto the smart card.

  1. When a PersonalSign certificate is ready for pickup, an e-mail will be sent out. Open the link from the pickup e-mail in Microsoft Edge or Firefox to start the certificate pickup process.
  2. Enter the pickup password created during the ordering process:
  3. When prompted, click Yes to allow your browser to handle a digital certificate operation.
  4. Unless disabled at the profile level by your admin, check the box to mark your key as exportable. This will allow you to make backups of your certificate or move it to other computers and devices as needed.
  5. Agree to the subscriber agreement and press Next to continue.
  6. Wait for a while... message will display while the certificate is being generated.
  7. Once the certificate is generated, click Install Certificate
  8. You will get another prompt to allow your browser to handle a digital certificate operation. Click Yes.  
  9. An Install Success window will appear when the operation completes successfully. 

The certificate is now installed and ready for use.

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Atlas Discovery

Scan your endpoints to locate all of your Certificates.

Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.

Contact Support