FAQ: Which browser can be used to signup for a Code Signing certificate?

SUMMARY

The private key for a Comodo code-signing certificate is generated by the
browser during certificate enrollment. When the "Submit" button is pressed,
a key pair of the selected size is generated. The private key is encrypted
and stored in the local key database.

Comodo recommends using Internet Explorer 8+ on Windows and Safari on Mac
for certificate enrollment as it is both easy to apply and convenient for
the user.

1. Microsoft Internet Explorer: IE uses the CertEnroll/XEnroll ActiveX
control to generate and install certificates through the browser.

2. Microsoft Edge: Neither the <keygen> nor the CertEnroll/XEnroll ActiveX
controls are present in Microsoft's new Edge browser. DON'T USE IT!

3. Mozilla Firefox: This browser supports key generation and certificate
installation by default through the <keygen> function and special
certificate file type handling.

Note: While Firefox supports in-browser certificate installation, it uses
its own keystore to store the certificate and is not shared with other
applications. Installing through Internet Explorer will install the
certificate to the Windows Certificate Manager which is used by other
applications such as Microsoft Office, Outlook, and Google Chrome. For this
reason, Internet Explorer is recommended.

4. Google Chrome: As of Chrome 49, the <keygen> function has been disabled
by default and digital certificate file types are downloaded instead of
installed. While the keygen function can manually be enabled, the custom
filetype handling is still removed, therefore installation through Google
Chrome is not supported.

ADDITIONAL INFORMATION

Note: From Chromium Version 49, "Key Generation" feature is no longer
supported. Please DO NOT use any Chromium based browser for S/MIME
certificate enrollment. Some examples of Chromium Based browsers are,
Google Chrome, Yandex Browser, Opera.

--
Friedrich Linder
Lindersoft | SetupBuilder | www.lindersoft.com
954.252.3910 (within US) | +1.954.252.3910 (outside US)

--SetupBuilder "point. click. ship"
--Helping You Build Better Installations
--Create Windows 10 ready installations in minutes
--Official COMODO Code Signing and SSL Certificate Partner

Note: on Windows 10, the default browser is Edge. Neither the <keygen> nor
the CertEnroll/XEnroll ActiveX controls are present in Microsoft's Edge
browser. DON'T USE IT !!!

To use Internet Explorer in Windows 10, just type Internet Explorer in the
Cortana/Search box.

Friedrich

Hi Friedrich,

> 3. Mozilla Firefox: This browser supports key generation and certificate
> installation by default through the <keygen> function and special
> certificate file type handling.
>
> Note: While Firefox supports in-browser certificate installation, it uses
> its own keystore to store the certificate and is not shared with other
> applications. Installing through Internet Explorer will install the
> certificate to the Windows Certificate Manager which is used by other
> applications such as Microsoft Office, Outlook, and Google Chrome. For this
> reason, Internet Explorer is recommended.

I used FF as the Comodo website popped up warnings about all the other
browsers;) It worked fine, but the way to export the certificate was
perfectly unintuitive;)

Best regards,

--
Arnor Baldvinsson
Icetips Alta LLC

:-(

It would have been nice to know about this trick. I would not have to
have fired up an older machine.

Question: Next time round - is it treated as a brand new request and I
can use any machine for that new exercise? The private key used this
time is not relevant any longer? Is that correct?

Andre

How to export the certificate:

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1004/0/export-certificates-windows