Personal Authentication Certificates can be generated using Microsoft Edge with Internet Explorer Mode enabled. Generating the certificate in this browser saves the private key in the system certificate store, which makes it easy to install the certificate. You will need to enable IE mode in the Edge browser settings before you generate your certificate to make this method work.
Get CertificateGeneration URL
First, you'll need the special CertificateGeneration URL for your personal authentication certificate order form. You can get this URL by clicking the Generate button on your order dashboard - it should take you right to the CertificateGeneration page. Copy the entire URL from the address bar including the random code at the end.
How to Enable Internet Explorer Mode in Microsoft Edge
Go to browser Settings by clicking the menu button on the top right and selecting Settings. Or, you can go directly to the URL at edge://settings/defaultBrowser
In the Default Browser menu you will enable a few settings required to use Internet Explorer compatibility mode:
1. Set Allow sites to be reloaded in Internet Explorer mode to "Allow"
2. Next to Internet Explorer mode pages, click the Add button.
After clicking Add, you will be prompted to enter the URL of the web page that should be loaded in Internet Explorer mode. Here you will enter the CertificateGeneration order form URL and click Add.
Now the CertificateGeneration URL will appear on the list of IE mode pages.
After adding the URL you can go to the CertificateGeneration page (or refresh the page if you're already there).
You can be sure Internet Explorer mode is working when you see the Internet Explorer mode banner under the URL bar. Do not click the "Open in Microsoft Edge" button.
As soon as you go to the CertificateGeneration page in Edge with IE mode enabled on the site, you should see a Web Access Confirmation Pop-up. You must click YES on this pop-up to allow the certificate key generation process.
If you click NO, or the pop-up does not appear, the certificate cannot be generated. Please double-check your Internet Explorer mode settings to make sure it is correctly enabled.
After allowing the certificate operation in the Web Access Confirmation pop-up, you can fill out the order form.
For the CSR option, select Use My Browser to generate the CSR. You won't need to make any changes to the Advanced Private Key Options settings, but make sure that Exportable? is checked.
Once you submit the order form you will receive your vendor order ID number.
For CPAC Basic and Pro certificates, you should immediately receive an approval email from Sectigo Certificate Authority <[email protected]>. The certificate will be available to download from your order dashboard as soon as you complete this email. Please note that you may not receive a confirmation email once the certificate is active.
CPAC Enterprise certificates require organization validation, so you may be required to submit documentation and communicate further with the validation team before the certificate can be issued.
Once you have downloaded your certificate, you are ready to move on to the installation step.