This article explains how to implement a small workaround to allow users to be able to receive a personal x509 Certificate after Chrome removed it's keygen support.
Although this is not a complete workaround, this option will allow users to get a new certificate using Chrome without making any changes on SecureAuth.
Open Up Google Chrome and click on the top right corner for Settings
Search for Privacy settings
Now Click On Content Settings
Scroll down on the contents settings until you see the Key Generation
Click On Manage Exceptions
Insert a wildcard to allow Key generation for your domain