Your organization may require you to authenticate to MOVEit with an SSL (X.509) client certificate ("client cert"). This is common when "two-factor authentication" is required.
All client certs are either "self-signed" or "CA-signed". The "CA-" indicates that a "Certificate Authority" has signed the client cert and vouches for the identity of the bearer. Furthermore, CAs are divided into "commercial CAs" that sell client cert issue and signing services to the general public (e.g., Thawte, GeoTrust, etc.) and "corporate CAs" that perform the same client cert functions for their own users.
MOVEit supports self-signed certs, commercial CA-signed certs and corporate CA-signed certs, but only your organization can tell you which client certs it will accept for authentication. Your client cert may be delivered to you as a "*.pfx" file with a password or it may be your responsibility to request a client cert from a CA; again only your organization knows the details of this process.
Various browsers have different ways to install client certs. Internet Explorer (IE) uses the Windows Certificate Store; you can install and manage client certs through IE's "Certificate" dialog. Windows will also launch a client cert import wizard that will automatically install most client certs into IE if you just double-click "*.pfx" client cert file.
The Mozilla/Firefox line of browsers uses its own client cert store. To install client certs in these browsers you must use their "Certificate Manager".
Various browsers also have different ways to select client certs for authentication. The most common way is for the browser to simply ask you (via a pop-up dialog) about which client cert to use. When connecting to a MOVEit server, you may be prompted through your browser to select a client cert after you fill in your username and password or before you view the sign on screen.
However, most browsers also have options to automatically present a client cert if you only have one installed or not ask you about picking a client cert if you did not present one. In these cases you may be using client cert authentication behind the scenes (in the "one cert, so don't ask" case) or not at all (in the "no certs installed, so don't ask" case).
Finally, the private key on your client cert may be password protected. If this is the case you may need to type in the password you created when you opted to protect this client cert or key store as well. (Usually, such prompting takes place once per session.)
Return to Sign On Help.