1. Home
  2. Email Signing Support
  3. Email Signing and Personal Authentication Certificate Guide

Email Signing and Personal Authentication Certificate Guide

Personal Authentication Certificates can be used to add a trusted digital signature to emails and documents, as well as encrypt emails. This guide will walk you through the full process of obtaining a Personal Authentication Certificate, from purchase and certificate generation to collection and installation.

Please be aware of the following product limitations:

  • Sectigo and Comodo Personal Authentication Certificate requires the use of Microsoft Edge with Internet Explorer Mode enabled to generate and collect the certificate. If you do not have access to the Edge browser or cannot enable Internet Explorer mode, you may not be able to obtain this certificate
  • Sectigo and Comodo Personal Authentication Certificate is not trusted by Adobe. If you need to sign Adobe documents, you need a “Document Signing Certificate” instead. 

Quick Overview of the Personal Authentication Certificate Process

The steps for obtaining a Personal Authentication Certificate are very similar to the SSL and Code Signing certificate processes. After you purchase the Personal Authentication certificate, you will be required to generate it on your account with us, and then complete validation with the Certificate Authority (CA). 

There are three levels of validation for Personal Authentication Certificates:

  1. Basic – The certificate will only verify the user’s email address. 
  2. Pro – The certificate will verify the user’s full name and organization as well as email address.
  3. Enterprise – The certificate will verify the user’s full name, email address, and also provide details about their organization. 

For more information, check out our Personal Authentication Certificate product page

Once you have decided which certificate you need, you’ll follow these steps:

  1. Purchase your certificate. You will provide the exact details for the certificate after purchasing.
  2. Generate the certificate. You will need to use Microsoft Edge with Internet Explorer Mode enabled to generate the certificate on your account.  
  3. Complete the validation requirements. The requirements for validation depend on the type of certificate you have requested. 
  4. Collect the certificate. You will receive an email from the CA with instructions for collecting your certificate. You must use the Edge browser with Internet Explorer mode on the same computer that you used to generate the certificate.
  5. Download/export the certificate. After you successfully collect the certificate in your browser, you can download the PKCS12/PFX file from the browser’s certificate store.
  6. Install the certificate. Once you have downloaded the certificate file from your browser, you can install it on your PC or in your email client, and you can also move it to another system if needed. 

Generating your certificate

Step 1: Make Sure You’re Using the Right Browser

Generating a Personal Authentication Certificate requires using a browser that has certificate/key generation capabilities. At this time, we can only recommend using Microsoft Edge with Internet Explorer Mode enabled to generate a Personal Authentication Certificate.

Please check our guide to Enabling Internet Explorer Mode in Microsoft Edge for more information on completing this vital step before you continue with your certificate generation process.

If you cannot use the Microsoft Edge browser, you may be unable to generate a Personal Authentication Certificate. Our sales or support teams would be happy to help you find an alternative in this situation.

Step 2 – Generate Your Certificate

To generate the certificate, you will simply fill out the order form with the required information. Make sure the Internet Explorer Mode banner is present before you proceed, as it is critical for IE mode to be enabled here. Do not click the “Open in Microsoft Edge” button. 

On the generation form, you will be asked to provide information about the end user of the certificate. The email address that you provide in the Login Information section should be the address that is meant to use this certificate. 

The generation form for Basic certificates does require organization details even though the certificate will not include them. If you do not have an organization, you can provide your own name and address (remember, these details will not be on the certificate).

For Pro and Enterprise certificates please provide the legal name of the company and the address that is listed on the legal registration for the company. The Certificate Authority will need to verify this information through government and third-party business websites, so everything will need to match up exactly. 

Once you have filled out all the required information, click “Submit” and allow the browser some time to save the certificate data. It may take a few minutes for this process to finish. 

Validating your certificate

After the certificate has been generated, the Certificate Authority will need some time to process the order and begin the validation process with you.

Basic Validation

The Basic certificate does not require any special validation and can be issued almost immediately after generating the order. Check your email for the collection link!

Pro and Enterprise Validation

The Pro and Enterprise Personal Authentication Certificates require validation of the following information:

  • Verification of the Legal existence of the business using a government or tax document.
  • Verification of assumed name (DBA) if applicable using a government or tax document, or independent third-party source such as Dun & Bradstreet.
  • Verification of physical existence (address) using a government or tax document, or independent third-party source such as Dun & Bradstreet.
  • Subject identity verified with government-issued Photo ID and Selfie or “Face to Face” form. The name on the government issued photo ID (driver’s license, passport, national ID card, or military ID) must match the name of the admin contact
  • Authentication of the order by calling the customer on the official business phone number that is verified using government or tax document, or independent third-party source such as Dun & Bradstreet.

After validation, the customer is sent a challenge email to the email address to be listed on the certificate. The customer follows the instruction to verify the email address. Once the customer has completed the instructions in the challenge email, the certificate is issued.

Collecting your certificate

After the validation process is completed and the CA has issued the certificate, the user will receive an email containing a link and a code to complete the certificate collection process.

PLEASE NOTE: You must access the collection page using the same browser and same computer that originally generated the certificate. You can refer to our article on Enabling Internet Explorer Mode in Microsoft Edge to ensure your browser is correctly configured for the collection step.

Step 1 – Collect the certificate in the browser

Provide the user’s email address and collection code from the CA’s email, then click the button to ACCEPT the terms of the Subscriber Agreement. Click Submit & Continue when you are ready to proceed. 

On the next page, click the “Request My Certificate Now” button to collect the certificate into the browser’s certificate store. This process can take a few minutes, but you should get another confirmation email when the certificate is ready.

While the certificate is being collected, please leave the browser open, and do not refresh the page, click the Back button, or navigate away from the page.

When the collection process is done, you should see a pop-up informing you that the certificate is installed in the browser. 

Step 2 – Download the certificate from the browser’s store

Your certificate is now saved in the browser’s certificate store and can be downloaded from there. For full instructions on completing this process, check out the Enabling Internet Explorer Mode in Microsoft Edge guide.

Installing your certificate

The certificate collected from your browser should be a PFX format file, which contains the public and private keys for the certificate. Once you have this file, you can proceed to install it on your system, or transfer it to another system to install there.

Depending on your email client, you may need to import the certificate there and configure your settings to start using it. We have a guide for installing a certificate in Microsoft Outlook. For other email clients, please refer to the appropriate support documentation regarding the certificate installation process.

Please note: You can only send encrypted emails to a recipient who has their own email signing certificate installed on their side, after you have already exchanged signed emails with them. You can send signed emails to anyone. 

Updated on

Was this article helpful?

Related Articles