Wiki - Generate Certificate
✅2.1 | ✅2.0 | ✅1.9 | ...
- Generate a public certificate and a public/private key pair for signing messages.
⚠️Note: For renewals, please see certificate renewal steps instead.
If you have purchased Premium Support, you can follow the steps below to generate a Certificate and Private Key pair to suppress dialogue warnings. For renewals, please see certificate renewal steps instead.
Navigate to https://qz.io/login/
Enter the primary emaill address and product key and click Sign In
Note: Make sure there are no blank spaces before or after the product key.
Once signed in, select QZ Tray.
At the next screen you have the ability to generate a CSR (Certificate Signing Request) and a public/private key pair.
You may already have a CSR and/or a public/private key pair. If that is the case, you can upload either of these at this screen. It must be 2048-bit. If you do not upload anything, a public key, private key, and a certificate will be generated.
Fill in the required fields and hit Submit request
NOTE: Currently, you cannot generate the certificate/keys in Safari or Internet Explorer. Please use Opera, Chrome, Firefox, or Microsoft Edge.
After a few seconds a new field will appear at the bottom of the page. Download the public key, private key, and certificate.
Download the appropriate private key format for your environment. Most environments require
.NETenvironments require PKCS#12 (
All three downloads will not be available if you provided QZ with a CSR or a public/private key pair. The digital certificate will always be provided by QZ.
This key chain will be used by QZ Tray to verify the authenticity of signed messages and to suppress the print warnings.
private-key.pfxPKCS#12; needed for signing messages. This allows silent printing.
public-key.txtx509; Not needed for printing, but is used to request new certificates.
Digital Certificate (Trusted Certificate):
digital-certificate.txtUsed on page load for silent printing.
For security reasons, it is advised to store your private key in a secure location. Your private key should never be given out to anybody. If your private key is leaked, someone with malicious intents will be able to sign traffic on your behalf.
If you believe your private key has been leaked, please let us know so we can blacklist this key.
Note: The certificate and the private key are generated by YOUR web browser. This means we never get a copy of it, and could never pretend to be you while we print.
Now at that you have these keys, navigate to the appropriate link below for instructions on how to securely sign messages.