Which browser Can I Use to Signup for a Code Signing certificate?
The private key for a S/MIME certificate is generated by the browser during certificate enrollment. When the submit button is pressed, a key pair of the selected size is generated. The private key is encrypted and stored in the local key database.
S/MIME certificates can be applied only using Internet Explorer and Mozilla Firefox. Comodo recommends using Internet Explorer 8+ on Windows and Firefox on Mac for certificate enrollment as it is both easy to apply and convenient for the user. For applying a Free Email certificate, start from the below URL..
BROWSER SUPPORT :
1. Microsoft Internet Explorer: IE uses the CertEnroll/XEnroll ActiveX control to generate and install certificates through the browser.
2. Microsoft Edge: Neither the <keygen> nor the CertEnroll/XEnroll ActiveX controls are present in Microsoft's new Edge browser.
3. Mozilla Firefox: This browser supports key generation and certificate installation by default through the <keygen> function and special certificate file type handling.
Note: While Firefox supports in-browser certificate installation, it uses its own keystore to store the certificate and is not shared with other applications. Installing through Internet Explorer will install the certificate to the Windows Certificate Manager which is used by other applications such as Microsoft Office, Outlook, and Google Chrome. For this reason, Internet Explorer is recommended.
4. Google Chrome: As of Chrome 49, the <keygen> function has been disabled by default and digital certificate file types are downloaded instead of installed. While the keygen function can manually be enabled, the custom filetype handling is still removed, therefore installation through Google Chrome is not supported.
Note: From Chromium Version 49, "Key Generation" feature is no longer supported. So, please DO NOT use any Chromium based browser for S/MIME certificate enrollment.
Some examples of Chromium Based browsers are, Google Chrome, Yandex Browser, Opera.
In case you mistakenly used Chrome initially to apply for the certificate, then you must ignore the current certificate and go with the replacement option. Follow the below instructions for replacing your certificate,
1. If it is a Free Email certificate, then simply revoke your current certificate and get a new one.
2. If it is a certificate issued from your E-PKI manager (for ex : a Corporate Email Certificate) then
- Send an email to firstname.lastname@example.org to get the refunds. ( acceptable only if the order was placed within the last 30 days ).
- Login to your account > E-PKI Manager > 'Report on your orders > Enter your order number > Run Report', Click 'Details' button > then hit 'Revoke'. Now, get a new certificate from your E-PKI manager. For this process, you must use Internet Explorer or Firefox just like we mentioned in the starting of this article. You may login to your E-PKI account using the below URL,