If you created a Certificate Signing Request (CSR) for your Personal Authentication certificate on your Mac using Keychain Access, this guide will help you complete the collection process to obtain your certificate.
First, you must receive the certificate collection email from the Certificate Authority containing the link to the certificate collection website. We recommend using Google Chrome to access the collection page and complete the request. Although the Certificate Authority recommends using Firefox ESR to complete the certificate collection process, you may not be able to successfully obtain your certificate using Firefox. Please do not use Firefox or Safari to collect your certificate.
Visit the certificate collection website and request the certificate following the instructions on the page. You can download and save the certificate to you preferred location on your computer.
Next, you will import the certificate to Keychain to pair it with the private key.
- Import the certificate into Keychain through File > Import Items.
- In the Destination Keychain pop-up menu, choose the keychain you want to import to (should be the same one containing the private key i.e. Login), then click Open.
- You may encounter an error message stating the certificate could not be imported. This is usually a false error and the certificate will be correctly imported.
- Once the certificate is imported in keychain, you can use it in your preferred mail client on your Mac device.
- If you intend to use the certificate on multiple devices, you can export the certificate from Keychain following the instructions below.
If your certificated is marked "Not Trusted" in Keychain, you may be missing the intermediate chain certificate from the Certificate Authority. To fix this issue, simply download the Secure Email chain certificate and import or drag the file into your login keychain. Click here to download the Secure Email chain certificate.
Exporting the Certificate
1. Locate the imported certificate and its matching key by searching for the email address covered by the certificate. Highlight both items by pressing Command when clicking on each one.
2. Click File on the top toolbar and select Export Items.
3. Save the new file with an easily recognizable name and make sure the format is set to Personal Information Exchange (.p12). You may be required to set a new password on this file, and to enter the password for your Mac user account.
4. Once you have the certificate saved as a P12 file, you can move the file to another system and install there using the password created when exporting from Keychain.