[stirner]

I remember using a StartSSL certificate. It wasn't linked to an account or anything sane, but instead installed a certificate in the browser which it used in place of login details. I happened to do this on my phone, which did not offer any way to access or export this certificate. When that phone died, my account was lost.

I'd warn against using anything from StartSSL, but I don't think anyone is going to in the first place.

[electroly]

As someone who is an actual StartSSL customer and not just someone who got confused by the login process and gave up, I think StartSSL is great. I haven't found cheaper identity validation elsewhere, and you can pump out unlimited certificates once you're validated. Using client certificates to log into the site is annoying, but it's fine once you figure out how it works. The problem you describe with losing your cert is not a problem: you can regenerate the login certificate using the "Lost authentication certificate?" link. I have done so and confirm that it works and that you don't need the old certificate to generate a new one. It is tied to a persistent account (contrary to what you claim in your post), so you lose nothing, and had you used an actual computer you could have backed up the certificate.

[stirner]

I can't claim to remember all the details (this was several years ago before I started at uni), but I'm certain I attempted to find an option like this and didn't. It may have been added in the interim or I might have simply been too inexperienced.

[mrgreenfur]

Also a customer, I'm pretty surprised how many people in this techy site were confused by a client cert and couldn't get past it.

[statictype]

You could just visit them in a desktop and regenerate the certificate?

[tedchs]

That was not my experience. I had the same problem, and their support would not let me change to a different client cert.

[lambada]

I've done that several times in the past, never had to contact support. Just go through as a new user. It means you have to revalidate your domain ownership but that's not much of a hassle.

[_nalply]

I even used a numbering scheme: yourname+start1@gmail.com yourname+start2@gmail.com and so on.

[stirner]

To do so, you'd have to log in. To log in, you'd need the existing certificate.

[electroly]

That's not true. I regenerated several login certificates before I finally actually figured out how to install the certificate in my browser. You are not screwed if you lose your login certificate. As long as you have access to the email address, you're fine. Use the "Lost authentication certificate?" link on the login page.

[anonbanker]

had the same issue using Firefox for Android. Lost my cert, couldn't export, stopped caring, opted for Tor to ensure better encryption.