There are two methods you can use to generate your Code Signing certificate. If you don't have access to a web browser that can generate a certificate (i.e. Internet Explorer 11) you can generate your own Certificate Signing Request (CSR) to generate your order without using any specific browser.
This article does not cover the process of actually creating your CSR, as the method can differ depending on the tool you use. You can use any CSR generation utility, including a webserver, or the OpenSSL library if you have access to it. Mac users should refer to our guide to generate a CSR in Keychain Access.
There are also third-party CSR generators on the web that can be used, though you must make sure to save the CSR and private key file provided before you leave the generator web page. If you lose your private key, you must start over with a new CSR and key pair.
IMPORTANT: For Code Signing certificates, your CSR must be a minimum of 3072 bits.
1. Create your Certificate Signing Request
You can use any CSR tool to generate your Code Signing certificate request, including your web server.
What is the Common Name?
When asked for the "Common Name" of the certificate, which is usually a domain name for SSL requests, you will use your organization name or personal name depending on if you are requesting the certificate for your organization or for yourself as an individual developer.
Special Organization Name Requirements
There is a 64 character limit on the Organization Name field.
If you would like a DBA name on the certificate, please format the common name like: DBA (Legal Company Name)
If you are requesting the certificate for personal use, enter your first and last name as it is written on your government-issued photo ID (i.e. Driver's License)
Some CSR generation tools provide the CSR and private key together at the same time. You must make sure to save the private key where you can easily find it again as you will need this file to create your Code Signing certificate.
If you are using a certificate utility, you may not be able to see your private key and will only need to import the certificate file when it's available to complete the certificate process.
A standard CSR looks like this:
2. Submit Your CSR on the Order Form
Once you have your CSR, you can paste it into the order form. Please select the "Manually Enter My CSR" option and paste the full CSR code into the form.
3. Complete Validation with the CA
After you submit your order, the CA will begin the validation process with you. The requirements for validation differ depending if you are requesting the certificate for your organization or for yourself as an individual developer. You will get an order confirmation email from [email protected] which will have a link to the validation manager where you can manually upload any required documents.
4. Download the Certificate
Once validation is completed, you'll receive another email containing a link to download the certificate. We recommend using Google Chrome or Microsoft Edge to download this file as Firefox and Safari typically present errors trying to collect a certificate when the key is not present in the browser. Edge and Chrome will download your certificate as a file named "user.crt."
Additional Steps Required
After you have downloaded the certificate, you will need to take a few extra steps to put together the certificate and its private key so you can start code signing. If you are using a certificate utility, you may be able to simply import the "user.crt" file to pair it with the key, then export the Code Signing PFX file from the utility.
If you used an online tool to create your CSR, you will need to use another online tool or use OpenSSL commands to finish making the Code Signing certificate file. Check our article Converting Code Signing to PFX for further instructions.