web analytics
en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

en English
X

Select Language

Powered by Google TranslateTranslate

We hope you will find the Google translation service helpful, but we don’t promise that Google’s translation will be accurate or complete. You should not rely on Google’s translation. English is the official language of our site.

Configuring Client Authentication Certificates in Web Browsers

All of SSL.com’s email, client, and document signing certificates can be used for client authentication in web applications. Certificate-based client authentication is a great way for businesses to add an additional authentication factor for employees who are working from home. With so many phishing scams out there, passwords alone are not enough to ensure good security!

This howto will show you how to use client certificates with the most popular desktop browsers. These instructions assume you have already downloaded and installed a PFX/PKCS12 file with your certificate and private key, or you have a hardware token with the certificate and private key inserted in the computer.

SSL.com certificates offering client authentication are available for as little as $20.00 per year for basic S/MIME email protection and ClientAuth. Our full-featured Business Identity certificates offer Organization Validation (OV) and trusted signatures for Adobe PDF, starting at $249.66 per year.

COMPARE EMAIL, CLIENT, AND DOC SIGNING CERTIFICATES

Google Chrome, Microsoft Edge, Internet Explorer, Apple Safari

Chrome, Edge, IE, and Safari are all configured to use client certificates and private keys provided by the OS. This includes PFX files imported into the OS certificate store, and certificates and private keys stored on smart cards (including SSL.com’s Business Identity certificates). So, if you’ve installed your PFX file or have your USB token inserted into the computer, you should already be good to go for client authentication with these popular desktop browsers.

Confirm Installation

You can verify that installed client authentication certificates are available to your browser by navigating to https://server.cryptomix.com/secure/. If certificates are present, a dialog box will appear, listing them.

confirm certificate availability

Mozilla Firefox

Use OS Certificate Store (Firefox 75 and Later)

Beginning with version 75, Firefox can be configured to use client certificates and private keys provided by the OS on Windows and macOS. This method supports both PFX files imported into the OS certificate store, and certificates and private keys stored on smart cards (including SSL.com’s Business Identity certificates). In general, this is now the preferred and simplest method to use client certificates in Firefox.

  1. Open Firefox and navigate to about:config in the address bar.
    about:config
  2. If prompted, click Accept the Risk and Continue.
    Accept the Risk and Continue
  3. Type security.osclientcerts.autoload into the search field.
    security.osclients.autoload
  4. Click the Toggle button on the right side of the screen.
    toggle button
  5. security.osclientcerts.autoload is now set to true, allowing the use of certificates provided by the operating system on Windows and macOS.
    true
  6. You can verify that Firefox can view certificates provided by the OS by navigating to about:preferences#privacy, then scrolling down and clicking the View Certificates button.
    View Certificates
  7. Select the Your Certificates tab to display a list of personal certificates provided by the OS.
    Your Certificates

Install Client Certificates in Firefox

You can also install a certificate and private key directly into Firefox’s own certificate store by importing a PFX/PKCS12 file as described below. This method is not appropriate for certificates with non-exportable private keys stored on smart cards, including SSL.com’s Business Identity Email, ClientAuth, and Document Signing certificates.

  1. Open Firefox and navigate to about:preferences#privacy, then scroll down and click the View Certificates button.
    View Certificates
  2. Select the Your Certificates tab, then click the Import button.
    Import
  3. Navigate to your PFX file, then click the Open button.
    open certificate file
  4. Enter the password you created when downloading the PFX file from SSL.com, then click the OK button.
    Enter password for PFX file
  5. The certificate is now installed in Firefox. Dismiss the dialog box by clicking the OK button.
    certifivcate installed

Confirm Installation

You can verify that installed client authentication certificates are available to Firefox by navigating to https://server.cryptomix.com/secure/. If certificates are present, a dialog box will appear, listing them.

confirm client certificate

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.

Subscribe to SSL.com’s Newsletter

Don’t miss new articles and updates from SSL.com