picture of tbs certificates
picture of tbs certificates
Our products range

Request a client certificate with Internet Explorer

Requesting a client certificate with Internet Explorer could not be easier. You'll just have to fill in the order form. If you are asked to select a software, choose Microsoft Internet Explorer. Fill in the form is enough.

According to the kind of client certificate, you'll be asked to fill in (or not) an e-mail field. Without this field the certificate will only be able to perform SSL client authentication (high SSL/TLS authentication) and to digitally sign documents. With an e-mail field, the certificate can be used to sign and encrypt e-mail (S/MIME standard).

The form may propose advanced settings, you will then be able to select the CSP of your choice. CSP is a private keys and certificates' storage unit driver. Microsoft always provides a software CSP matching the registry. If you have a smart card reader or a USB token, you probably also have a CSP to use them. In this case you can use it to store the private key and the certificate.

There are 2 possible settings with this CSP. See CSP Microsoft Base/strong/Enhanced Cryptographic Provider:
  • Exportable private key (CRYPT_EXPORTABLE): if unchecked, you won't be able to export the private out of the user session
  • Protected private key (CRYPT_USER_PROTECTED): a password will be requested each time you'll manipulate the key, there are usually 3 possible settings:
    • Low Security
    • Medium Security: a dialog box appears when a program wants to use the private key
    • High Security: a dialog box appears requesting a password when a program wants to use the private key
Warning: Do not use the plus (+) nor coma (,) characters in your fields. Internet Explorer does not support them.