Enrolling your certificate for Certificate Authentication
If your administrator has configured your account for Certificate Authentication as part of IBM® MFA Out-of-Band, you must enroll your certificate before you can use it to log on.
It is a Best Practice to clear your Windows system SSL state before enrolling your certificate. To do this, select .
Before you begin
In addition, from, ensure that Use "SSL 2.0" and "Use SSL 3.0" are both unchecked.
You must enroll your certificate before you can use it to log on with Certificate Authentication. The process requires action by both the administrator and the user, and the actions must occur in the correct sequence. Perform these steps only as directed by your administrator.
About this task
Note: This procedure has been verified with Microsoft Internet Explorer and Google Chrome.
- Clear your Windows system SSL state.
When instructed to do so by your administrator, begin the Certificate Authentication logon process at the web server login page provided by the
administrator, such as
Use your RACF userid to access the IBM MFA Out of Band login interface. User ID: Password:
On the Enrollment page, click on "Begin Certificate Enrollment."
AZFCERT1 Enrollment Ensure that you have a certificate available to enroll. AZFCERT1 Begin Certificate Enrollment
Select the certificate you want to use to log in and click OK. Your security administrator will
typically provide guidance on which certificate to use.
Note: If you are using Internet Explorer, be aware that the Windows Internet Options "Don't prompt for client certificate selection when only one certificate exists" setting can result in your not having to choose a certificate. The "Don't prompt for client certificate selection when only one certificate exists" setting is typically controlled by the system administrator.For PIV/CAC or other smart cards, you must then enter your valid PIN.Note: If you receive an error indicating that the server certificate is invalid, it is more likely that the certificate you chose is invalid.
If successful, you receive a message indicating the certificate enrollment succeeded and to
await further instruction from the administrator.
AZFCERT1 Enrollment Ensure that you have a certificate available to enroll. AZFCERT1 -[Succeeded] Certificate enrollment succeeded. Your certificate is tagged for Review. An administrator will notify you when it is Approved. Please close your browser window.The administrator will tell you when you can use the certificate to log on, as described in Logging in to an application with IBM MFA Out-of-Band.
- Close the browser window to end the session.