Managing Your Client Certificates

After you generate your Client Certificate, we recommend that you open up your keychain or browser(s) that you intend to use and verify that the Certificate is installed in the appropriate keychain or Certificate Store.

• If you have not yet generated your Client Certificate, see
  Generating Your Client Certificate.

• If you discover that your Client Certificate is not installed, see
  (Mac) Backing Up (Exporting) Your Client Certificate or
  (Mac) Importing Your Client Certificate

How to Verify that Your Client Certificate Is Installed

Safari
Chrome
Firefox

Safari: Verifying that Your Client Certificate Is Installed

1. Open Keychain Access.

   In the Finder window, under Favorites, click Applications, click Utilities, and then click Keychain Access.

   

2. In the Keychain Access window, under Keychains, click login, under Category, click Certificates, and you should see your Client Certificate, if your certificate was installed in your keychain.

   

   If the certificate is in the Keychain, you should be able to use Safari or Chrome to log into your DigiCert account.

3. If you receive the “This certificate was signed by an unknown authority” warning message, do one of following things:

   

   • Ignore the message.

     The reason that you are receiving this message is because the Intermediate Certificate was not included in the Certificate Chain.

     The certificate was signed by DigiCert, and this message will not prevent you from logging into your DigiCert account.

   • Remove the message.

     If you want to remove the warning message, all you need to do is install the Intermediate Certificate, as follows:

     How to Install the DigiCert Intermediate Certificate

     1. Open your Client Certificate.

        Right-click your certificate and in the list of options, click Get Info.

     2. In your “Client Certificate” window, expand Details.

        

     3. In the Extension Certificate Authority Information Access section, under Method #2 CA Issuers, to the right of URI, click the Intermediate Certificate link.

        

     4. After Safari downloads the Intermediate Certificate, double-click the certificate to open it and install it in your login keychain.

        

     5. Close the Intermediate Certificate.

     6. In your login keychain, where the warning message was located, you should now see the “This certificate is valid” message.

        

Chrome: Verifying that Your Client Certificate Is Installed

1. In Chrome, go to Settings.

   

2. On the Settings page, below Default browser, click Show advanced settings.

   

3. Under HTTPS/SSL, click Manage certificates.

   

4. In the Keychain Access window, under Keychains, click login, under Category, click Certificates, and you should see your Client Certificate, if your certificate was installed in your keychain.

   

   If the certificate is the Keychain, you should be able to use Chrome or Safari to log into your DigiCert account.

5. If you receive the “This certificate was signed by an unknown authority” warning message, do one of following things:

   

   • Ignore the message.

     The reason that you are receiving this message is because the Intermediate Certificate was not included in the Certificate Chain.

     The certificate was signed by DigiCert, and this message will not prevent you from logging into your DigiCert account.

   • Remove the message.

     If you want to remove the warning message, all you need to do is install the Intermediate Certificate, as follows:

     How to Install the DigiCert Intermediate Certificate

     1. Open your Client Certificate.

        Right-click your certificate and in the list of options, click Get Info.

     2. In your “Client Certificate” window, expand Details.

        

     3. In the Extension Certificate Authority Information Access section, under Method #2 CA Issuers, to the right of URI, click the Intermediate Certificate link.

        

     4. After Safari downloads the Intermediate Certificate, double-click the certificate to open it and install it in your login keychain.

        

     5. Close the Intermediate Certificate.

     6. In your login keychain, where the warning message was located, you should now see the “This certificate is valid” message.

        

Firefox: Verifying that Your Client Certificate Is Installed

1. In Firefox, go to Preferences.

   

2. In the Preferences window, click Advanced, click the Certificates, and then click View Certificates.

   

3. In the Certificate Manager window, click Your Certificates, and you should see your Client Certificate if your certificate is installed in the Firefox Certificate Store.

   

After you generate and install your Client Certificate, we recommend that you back it up. The backup copy saves you from needing to generate a new certificate should you transfer to a new computer.

The backup copy also allows you to import your certificate into a Keychain or Certificate Store should you want to use a different browser to log into your DigiCert account. Client Certificates may be limited to a specific browser(s).

• Mac installs the Client Certificate in its own Certificate Store and can be shared by the keychain for Safari and Chrome.
• Firefox installs the Client Certificate in its own Certificate Store and can only be accessed by Firefox (Windows or Mac).
• Windows installs the Client Certificate in its own Certificate Store and can be shared by Chrome and Internet Explorer.

After you have exported your Client Certificate w/private key, you can import the certificate into a Keychain or other Certificate Stores so that you can log into your DigiCert account using another browsers. See (Mac) Importing Your Client Certificate.

How to Back Up (Export) Your Client Certificate

Safari
Chrome
Firefox

Safari: Backing Up (Exporting) Your Client Certificate

1. Open Keychain Access.

   In the Finder window, under Favorites, click Applications, click Utilities, and then click Keychain Access.

   

2. In the Keychain Access window, under Keychains, click login, under Category, click Certificates, and then, select your Client Certificate.

   

3. In the Keychain Access toolbar, click File > Export Items.

   

4. In the “Export” window, do the following:

   1. In the File Format drop-down list select Personal information Exchange (.p12).

      Note: A .p12 file uses the same format as a .pfx file.

   2. In the Save As box, go to where you want to save the Client Certificate (w/private key) .p12 file.

      Make sure to save the .p12 file in a location that you will remember.

   3. Name the certificate .p12 file (i.e. myClientCertificate) and click Save.

   

5. In the “Password” window, in the Password and Verify boxes, create and verify your password and then, click OK.

   

6. Your Client Certificate w/private key has now been backed up (exported) as a .p12 file.

Chrome: Backing Up (Exporting) Your Client Certificate

1. In Chrome, go to Settings.

   

2. On the Settings page, below Default browser, click Show advanced settings.

   

3. Under HTTPS/SSL, click Manage certificates.

   

4. In the Keychain Access window, under Keychains, click login, under Category, click Certificates, and then, select your Client Certificate.

   

5. In the Keychain Access toolbar, click File > Export Items.

   

6. In the “Export” window, do the following:

   1. In the File Format drop-down list select Personal information Exchange (.p12).

      Note: A .p12 file uses the same format as a .pfx file.

   2. In the Save As box, go to where you want to save the Client Certificate (w/private key) .p12 file.

      Make sure to save the .p12 file in a location that you will remember.

   3. Name the certificate .p12 file (i.e. myClientCertificate) and click Save.

   

7. In the “Password” window, in the Password and Verify boxes, create and verify your password and then, click OK.

   

8. Your Client Certificate w/private key has now been backed up (exported) as a .p12 file.

Firefox: Backing Up (Exporting) Your Client Certificate

1. In Firefox, go to Preferences.

   

2. In the Preferences window, click Advanced, click the Certificates, and then click View Certificates.

   

3. In the Certificate Manage window, click Your Certificates, select your Client Certificate, and then, click Backup.

   

4. In the File Name to Backup window, do the following:

   1. In the Format drop-down list select PKCS12 Files.

      Note: A .p12 file uses the same format as a .pfx file.

   2. In the Save As box, go to where you want to save the Client Certificate (w/private key) .p12 file.

      Make sure to save the .p12 file in a location that you will remember.

   3. Name the certificate .p12 file (i.e. myClientCertificate) and click Save.

   

5. In the Certificate Manager window, create a Certificate backup password and then, click OK.

   

6. When you receive the “Successfully backed up your security certificate(s) and private key(s)” message, click OK.

   Your Client Certificate w/private key has now been backed up as a .p12 file.

If you transferred to a new computer, or you want to use a different browser to log into your DigiCert account, you need to import your Client Certificate into the appropriate Keychain or Certificate Store.

If you have not yet exported your Client Certificate, see (Mac) Backing Up (Exporting) Your Client Certificate.

After you have exported your Client Certificate w/private key, you can import the certificate into the appropriate Keychain or Certificate Stores so that you can log into your DigiCert account from your new computer or using another browser.

How to Import Your Client Certificate

Safari
Chrome
Firefox

Safari: Importing Your Client Certificate

1. Open Keychain Access.

   In the Finder window, under Favorites, click Applications, click Utilities, and then click Keychain Access.

   

2. In the Keychain Access toolbar, click File > Import Items.

   

3. In the Keychain Access window, in the Destination Keychain drop-down list, select login.

   

4. Locate and select your Client Certificate .p12 file and then, click Open.

5. In the Password box, type the password that you created when you exported your Client Certificate w/private key and then click OK.

   

6. Your Client Certificate w/private key is now imported into your login keychain, and you can use Safari and Chrome to log into your DigiCert account.

Chrome: Importing Your Client Certificate

1. In Chrome, go to Settings.

   

2. On the Settings page, below Default browser, click Show advanced settings.

   

3. Under HTTPS/SSL, click Manage certificates.

   

4. In the Keychain Access toolbar, click File > Import Items.

   

5. In the Keychain Access window, in the Destination Keychain drop-down list, select login.

   

6. Locate and select your Client Certificate .p12 file and then, click Open.

7. In the Password box, type the password that you created when you exported your Client Certificate w/private key and then click OK.

   

8. Your Client Certificate w/private key is now imported into your login keychain, and you can use Chrome and Safari to log into your DigiCert account.

Firefox: Importing Your Client Certificate

1. In Firefox, go to Preferences.

   

2. In the Preferences window, click Advanced, click the Certificates, and then click View Certificates.

   

3. In the Certificate Manage window, click Your Certificates and then, click Import.

   

4. In the Certificate File to Import window, in the Format drop-down list, select PKCS12 Files.

   

5. Then, go to and select your Client Certificate .pfx or .p12 file, and then click Open.

6. In the Certificate Manager, in the token drop-down list, select Software Security Device and click OK.

   

7. In the Password box, type the password that you created when you exported your Client Certificate w/private key and then, click OK.

   

8. When you receive the “Successfully restored your security certificate(s) and private key(s)” message, click OK.

   Your Client Certificate w/private key is now imported in to the Firefox Certificate Store, and you can use Firefox to log into your DigiCert account.

When you view your Client Certificate after it is installed or imported in to your login keychain, you may receive the “This certificate was signed by an unknown authority” warning message. The reason that you are receiving this message is because the Intermediate Certificate was not included in the Certificate Chain.

The certificate has been signed by DigiCert, and this message will not prevent you from being able to log into your DigiCert account. However, if you want to remove the warning message, all you need to do is install the Intermediate Certificate.

How to Remove the “This certificate was signed by an unknown authority” Warning Message

1. Open Keychain Access.

   In the Finder window, under Favorites, click Applications, click Utilities, and then click Keychain Access.

   

2. In the Keychain Access window, under Keychains, click login, under Category, click Certificates, and then, double-click on your Client Certificate.

   

3. In your “Client Certificate” window, expand Details.

   

4. In the Extension Certificate Authority Information Access section, under Method #2 CA Issuers, to the right of URI, click the Intermediate Certificate link.

   Your default browser (Safari or Chrome) should automatically download the Intermediate Certificate.

   

5. After your default browser (Safari or Chrome) downloads the Intermediate Certificate, double-click the certificate to open it and install it in your login keychain.

   

6. Close the Intermediate Certificate.

7. In your login keychain, where the warning message was located, you should now see the “This certificate is valid” message.