Generate Certificate


  • ✅ 2.2 | ✅ 2.1 | ✅ 2.0 | ✅ 1.9 | ...


  • Generate a public certificate and a public/private key pair for signing messages.
  • ⚠️ Note: For renewals, please see certificate renewal steps instead.


If you have purchased Premium Support, you can follow the steps below to generate a Certificate and Private Key pair to suppress dialogue warnings. For renewals, please see certificate renewal steps instead.


  1. Navigate to

  2. Enter the primary emaill address and product key and click Sign In

    Note: Make sure there are no blank spaces before or after the product key.

  3. Once signed in, select QZ Tray.

  4. At the next screen you have the ability to generate a CSR (Certificate Signing Request) and a public/private key pair.

    You may already have a CSR and/or a public/private key pair. If that is the case, you can upload either of these at this screen. It must be 2048-bit. If you do not upload anything, a public key, private key, and a certificate will be generated.

  5. Fill in the required fields and hit Submit request

    NOTE: Currently, you cannot generate the certificate/keys in Safari. Other major browsers are all supported.

  6. After a few seconds a new field will appear at the bottom of the page. Download the public key, private key, and certificate.

    • Download the appropriate private key format for your environment. Most environments require PEM, however .NET environments require PKCS#12 (PFX)

    • All three downloads will not be available if you provided QZ with a CSR or a public/private key pair. The digital certificate will always be provided by QZ.

    • This key chain will be used by QZ Tray to verify the authenticity of signed messages and to suppress the print warnings.

    • Encrypt Private Key: Optional. Note, encrypted keys will not work with JavaScript signing examples.
    • Private Key: private-key.pem PKCS#8, private-key.pfx PKCS#12; needed for signing messages. This allows silent printing.
    • Public Key: public-key.txt x509; Not needed for printing, but is used to request new certificates.
    • Digital Certificate (Trusted Certificate): digital-certificate.txt Used on page load for silent printing.


    For security reasons, it is advised to store your private key in a secure location. Your private key should never be given out to anybody. If your private key is leaked, someone with malicious intents will be able to sign traffic on your behalf.

    If you believe your private key has been leaked, please let us know so we can blacklist this key.

    Note: The certificate and the private key are generated by YOUR web browser. This means we never get a copy of it, and could never pretend to be you while we print.

  7. Now at that you have these keys, navigate to signing tutorial for instructions on how to securely sign messages.

Edit this page