GoldKeys currently support 1024-bit RSA keys. These keys, stored as a PFX file, may be loaded onto a GoldKey using the GoldKey software and a Master token. To create a PFX file, you must be able to export your certificate’s private key.

Users on an Active Directory should obtain a certificate from their Active Directory Certificate Authority. For certificate authorities running Windows Server Enterprise Edition or higher, a custom certificate template makes issuing GoldKey-capable certificates more manageable. For standard-edition servers, see the following application note:

Creating a certificate for Active Directory login using GoldKey and Windows Standard Edition Server

Free personal certificates may be obtained from Comodo. For a free certificate, go to the following link and click the “Get it Free Now” button. The instructions below describe obtaining this certificate using Windows Internet Explorer.

Another window will open with a form for you to request your certificate. Fill out the form, click on Advanced Private Key Options, and change the key size to 1024. If you do not want to receive email from Comodo that is not related to retrieving this certificate, be sure to uncheck the Opt In box before accepting the certificate license terms.

You will be sent an email with a link where you may retrieve your certificate.

After you have installed the certificate using Comodo’s website, it will appear in your computer’s Personal certificate store. To export the certificate as a PFX file, open a command prompt and run “mmc”. From the File menu, click on Add/Remove Snap-in and add Certificates from the list on the left.

Then, under Certificates – Current User, Personal, Certificates, you will see a new certificate from Comodo. Right-click on that certificate and select Export from the All Tasks menu. Follow the prompts in the export wizard, making sure to export the private key.

See the GoldKey Manual for information on loading a certificate onto a GoldKey from a PFX file.