If you created a Certificate Signing Request (CSR) for your Code Signing certificate on your Mac using Keychain Access, this guide will help you complete the collection process to obtain your certificate.
First, you must receive the certificate collection email from the Certificate Authority containing the link to the certificate collection website and the unique collection code required to download the certificate.
Please note that although the Certificate Authority recommends the use of Firefox ESR on Mac, we actually recommend using Google Chrome instead. The Chrome browser should automatically download a file named "user.crt". Please do not use Firefox or Safari to collect your certificate.
Next, you will import the certificate to Keychain to pair it with the private key.
- Import the certificate into Keychain through File > Import Items.
- In the Destination Keychain pop-up menu, choose the keychain you want to import to (should be the same one containing the private key i.e. Login), then click Open.
- You may encounter an error message stating the certificate could not be imported. This is usually a false error and the certificate will be correctly imported.
- Once the certificate is imported in keychain, you can export the certificate from Keychain following the instructions below.
Exporting the Certificate
1. Locate the imported certificate and its matching key by searching for the email address covered by the certificate. Highlight both items by pressing Command when clicking on each one.
You may also need to include the intermediate chain certificates from the Certificate Authority, which can be downloaded from the links below. Import both of these certificates into your keychain and include them when selecting the certificate and key files for export.
- [Download ] Sectigo Public Code Signing CA R36
- [Download ] SectigoPublicCodeSigningRootR46_AAA [ Cross Signed ]
2. Click File on the top toolbar and select Export Items.
3. Save the new file with an easily recognizable name and make sure the format is set to Personal Information Exchange (.p12). You may be required to set a new password on this file.
4. Once you have the certificate saved as a P12 file, you can move the file to another system and install there using the password created when exporting from Keychain.