Download a Certificate with Microsoft Internet Explorer

You can use a PKI key pair (unique to you, generated directly on your smart card) and an associated digital certificate (proving your identity inside your organization) in order to use a variety of security services.

Prerequisites:

  • Microsoft Smart Card Mini Driver Support (sub-component of the Digital Certificate Services component) installed during setup.

  • Your administrator has provided you with a Web site URL to access your organization's Certificate Authority. To download a smart card logon certificate, your organization's Certificate Authority must be either one of the following:

  • Microsoft Windows Server 2008 R2 or Windows Server 2012 or Windows Server 2016, Windows Server 2019, or Windows Server 2022.

  • A Certificate Authority trusted by your Active Directory.

  1. Insert your smart card (chip-side up and chip first) into the smart card reader.

  1. Launch Internet Explorer and go to your Certificate Authority’s Web site.

  2. Navigate to the page where you can generate or download a certificate (the steps to reach this page vary depending on the CA that you are using).

  3. When you are asked for the Cryptographic Service Provider (CSP), select Microsoft Base Smart Card Crypto Provider from the list of providers.

  4. Follow the CA’s instructions to generate or download a certificate.

When your smart card is full (that is, if there is not enough space for the certificate that you are downloading), ActivClient overwrites the default certificate with the new certificate. In this case, a message is displayed that you are about to replace the existing credentials on the card. Select Yes to overwrite the default certificate.

  1. Enter your PIN when prompted.

  2. Verify that the key pair and associated certificate have been loaded on your smart card using the ActivClient User Console (optional).

Note:

Once your certificate is downloaded, Microsoft applications, such as Internet Explorer and Outlook, display the certificate name and information.

However, the private key associated with the certificate is not stored on the personal computer. Therefore, you still need the smart card in order to use the certificate information.