Enterprises can control user access to enterprise applications, such as web applications, by authenticating users via user credentials, such as a username and password. Enterprises may wish to provide a more secure environment by implementing strong authentication, also known as second-factor authentication. Second-factor authentication requires a user to provide additional evidence of who they are, for example, via a digital certificate (e.g., a public key infrastructure (PKI) certificate). Enterprises can develop proprietary applications to integrate a strong authentication service provider into an existing application infrastructure. For example, an enterprise can integrate second-factor authentication via digital certificates. However, the enterprise applications, such as virtual private network (VPN) applications and secure/multipurpose internet mail extensions (S/MIME) applications, typically require configuration for using digital certificates and for a root certificate to be installed on a client computer. A root certificate may be part of a trusted set of certificates known to both the issuer of a digital certificate (Certificate Authority) and the recipient of the digital certificate. Upon receiving the digital certificate, the recipient may verify that the digital certificate chains up to a trusted root certificate. If the received digital certificate chains up to a trusted root certificate, the recipient will trust and use the digital certificate. Otherwise, the recipient may discard the digital certificate and request another digital certificate.