Managing Your Client Certificate for Your Direct ISSO Account

Because of FBCA certificate policy changes, all Direct users who have the ability to approve certificate requests (ISSOs) must log into the Direct Cert Portal using two-factor authentication. This change affects Direct users because Direct Certificates are FBCA cross-certified for interoperability with federal programs.

This policy change went into effect on October 23, 2014. The first time that you log in you are required to generate the client certificate that you will use for two-factor authentication This certificate then functions as your second form of authentication from then on. If you need to change browsers or computers, you must move this certificate to be able to log in.

Generating and Using Your Client Certificate

Because of the protocol for Direct ISSO accounts, two-factor authentication is now required for account login, with the second factor being a Client Certificate. The next time that you log into your Direct account you will be required to generate your Client Certificate.

Managing Your Client Certificate

After generating a Client Certificate as the second factor for your authentication process, we recommend that you back it up. Once you have backed up (exported) your Client Certificate, you can do the following things with it, if needed:

  • Import it into other Certificate Stores so that you can use multiple Web browsers to log in to your Direct account.

  • Transfer it to another computer should you get a new one. Then, you can install it in the necessary Certificate Stores on your new computer.

For instructions about how to verify Client Certificate installation, back up/export your Client Certificate, and import your Client Certificate. See Managing Your Client Certificates.

Resetting Client Certificates

If you (admin or user) lose your Client Certificate (lose computer, computer breaks down, or certificate gets deleted from your computer or the Certificate Store), you need to get your certificate reset so that you can once again login to your Direct account.