Generating the Request in Keychain

  1. Under Keychain Access menu, open Certificate Assistant and select Request a Certificate From a Certificate Authority.
  2. In the Certificate Assistant window, enter the email address for the certificate in the User Email Address and Common Name fields.  
  3. You do not need to enter a CA Email address, instead select "Saved to disk" for the Request and click Continue. 
    1. If you need to change the key size for this request, check "Let my specify keypair information" before continuing. The standard key size of 2048 is acceptable for Personal Authentication Certificates.
  4. Use Finder to locate the CSR file and open with a text editor to view the code. You will copy and paste this file into the order form on your account. 
    1. To locate the private key in Keychain, search the common name in All Items in the Login keychain. There should be a public key (the CSR) and a private key matching the common name you entered when generating the CSR. The certificate needs this key to work.
  5. Fill out the order form for your Personal Authentication Certificate. Select "Enter My CSR Manually (Recommended)" and paste in the full request that you generated in Keychain. When you have finished the order form, click Submit to place the order. 
  6. After submitting the order, you may be required to complete validation with the Certificate Authority. The Enterprise level Personal Authentication Certificate requires organization validation, so you may be required to submit documentation and communicate further with Sectigo before the certificate can be issued.  The Basic Personal and Pro certificates just need approval by email, which you should receive shortly after placing the order.