Configuring and using two-factor authentication for your CertCentral account

Two-factor authentication adds another layer of security to your CertCentral® account by allowing you to require two methods of identity verification before someone can log in and access account information. You can require two-factor authentication for all account users and for specific individual users (e.g., Jane Doe in IT).

When working with your account representative to set up two-factor authentication for your CertCentral account, you have three options:

  1. Do not force

    This option allows you to turn two-factor authentication on or off for your account. However, you must also configure all two-factor authentication requirements yourself (account wide and for specific users).

  2. Client Certificate

    This option creates an account-wide client certificate requirement automatically for your account. However, you can configure one-time password requirements for specific users.

  3. One-Time Password (OTP)

    This option creates an account-wide one-time password requirement automatically for your account. However, you can configure OTP to allow your OTP authenticators to remember their computers for 30 days. You can also configure Client Certificate requirements for specific users.

Once you've set up your CertCentral account, you can begin configuring your two-factor authentication requirements, as needed.

Note: To configure or edit the two-factor authentication requirements for your account, you must be assigned the administrator role.

Configuring Your Two-Factor Authentication Requirements

These instructions are for CertCentral administrators only and explain how to configure the two-factor authentication rules/requirements for your account.

Using the Second Factor of Your Two-Factor Authentication

These instructions explain how to use Two-Factor Authentication after it has been configured for your CertCentral account. The instructions are divided into two sections: Admin Specific instructions and User instructions.

User Instructions

Admin Specific Instructions

Managing Your Client Certificates

After generating a Client Certificate (as the second factor for your authentication process), we recommend backing it up. Once it's backed up (exported), you can do the following things with your client certificate, if needed:

  • Import it to a different Certificate Stores so that you can use multiple Web browsers to log in to your DigiCert CertCentral account.

  • Transfer it to another computer should you get a new one. Then, you can install it in the necessary Certificate Stores on your new computer.

For instructions on how to verify your client certificate installation, back up/export your client certificate, and import your client certificate, see Managing Your Client Certificates.