Generating the Request in Keychain

  1. Under Keychain Access menu, find Certificate Assistant menu, highlight with your cursor, and then click Request a Certificate from a Certificate Authority.
  2. Enter the email address for the certificate in the User Email Address and Common Name fields in the Certificate Assistant window.  
  3. You do not need to enter a CA Email address, instead select "Saved to disk" for the Request and click Continue. 
    1. If you need to change the key size for this request, check "Let my specify keypair information" before continuing. The standard key size of 2048 is acceptable for Personal Authentication Certificates.
  4. Use Finder to locate the CSR file and open with a text editor to view the code. You will copy and paste this file into the order form on your account.
    1. To locate the private key in Keychain, search the common name in All Items in the Login keychain. There should be a public key (the CSR) and a private key matching the common name you entered when generating the CSR. 
  5. Fill out the order form for your Personal Authentication Certificate. Select "Enter My CSR Manually (Recommended)" and paste in the full request that you generated in Keychain. When you have finished the order form, click Submit to place the order.
  6. After submitting the order, you may be required to complete validation with the Certificate Authority. The Pro and Enterprise level Personal Authentication Certificate requires additional validation, while the Basic Personal Authentication Certificate should be ready to collect shortly after the order is placed. Check your email for the next steps, and take a look at our Personal Authentication Certificate Validation article for more information.

If you are ready to collect and install your Personal Authentication Certificate, head over to the Mac OS Personal Authentication Certificate Collection guide.