The following guide will help you complete the generation, validation, collection, and installation processes for the Comodo Personal Authentication Certificate (CPAC).

Please be advised that the collection step for this certificate requires the use of the Internet Explorer 11 browser. Most common browsers do not have the certificate generation functionality required to successfully collect the CPAC. At this time, Internet Explorer 11 is the only browser that can collect a CPAC correctly. 

Generation

You may use any browser to submit the initial request for the CPAC. 

  1. On your account dashboard, click the GENERATE CERT NOW button to begin the process.
  2. Fill out the order form with all required Organization details.
    1. For the Basic and Pro level CPAC products, the organization details will not be verified or published on the certificate.
    2. For the Enterprise level CPAC product, please submit your organization details exactly as they appear on your business registration and third-party phone directory listing for quicker validation.
  3. IMPORTANT: The Admin Contact details should be the details of the certificate user. The certificate will be issued to the admin email address and will only be usable by that user.
  4. Check I ACCEPT the terms of this Subscriber Agreement.
  5. Click Submit.
  6. You now have your order number for the certificate.

Validation

Each level of CPAC has different requirements for validation.

  • The Basic CPAC does not require any validation. You should receive the collection email from [email protected] shortly after submitting the generation form.
  • The Pro CPAC requires identity verification. 
  • The Enterprise CPAC requires both identity verification as well as business verification.
    • For identity verification, submit a copy of your government-issued photo ID to Sectigo. Click here to access the Sectigo Ticket Portal.
    • For business verification, Sectigo will check various government and third-party resources online to verify your business registration status, address, and telephone number. Please read our article on Organization Validation for more information about the requirements and how to complete them.
    • A telephone call will be made to the certificate admin on the verified business phone number to authorize the certificate request.

Collection

After validation is completed, you should receive the certificate collection email from [email protected]. You must open the collection link in Internet Explorer 11 to run the collection process successfully.

Once the collection is finished, you can Export your certificate in the PKCS#12/PFX format from Internet Explorer's certificate store. Please read our instructions on How to Download & Export from Internet Explorer for guidance on the export process.

Installation

Upon saving the PKCS#12 file to your desktop, follow the instructions below to import the CPAC into Outlook to start signing & encrypting your digital messages.

  1. Open Microsoft Outlook
  2. Click the File tab
  3. Select Options
  4. Click Trust Center and then Trust Center Settings
  5. Select Email Security
  6. Click Import/Export under Digital IDs (Certificates)
  7. Click Browse... and locate the PKCS#12 file
  8. Enter your PKCS#12 Password and click OK
  9. Select Encrypt contents and attachments for outgoing messages and Add digital
  10. signature to outgoing messages under the Encrypted email section.
  11. Click OK and close the dialog.

Now, to test your newly installed certificate, open a new email and message a colleague who also has the CPAC/IDC installed. Before clicking the send button, select the "Options" tab and choose to "Sign" the email under the Permissions section. This will allow your recipient to view, trust, and add your digital signature to their Contact folder. Afterwards, they can reply to your messages using the "Encrypt" Permission and start securing all data and attachments in transit.