macOS - Creating a CSR for a client certificate with Keychain access

This manual describes how you can use the Keychain Access application on your macOS computer to create a CSR for ordering an E-mail signing certificate, also known as S/MIME or client certificate. With this method you are keeping the keypair on your computer, and are you able to use your certificate directly after it has been issued.

1. Open the Keychain Access application found in the 'Utilities' folder within the 'Application' directory on your computers startup disk.
2. Select the 'Login' keychain in the upper left 'Keychains' panel
3. Select the 'Secure notes' item in the lower left 'categories panel, to make sure we don't have a private key of any kind selected
4. Go to the Keychain Access menu bar, and select 'Keychain Access → Certificate Assistant → Request a Certificate from a Certificate Authority...'
5. In the 'Certificate Assistant' panel;
   • Fill in the 'User Email Address' with your email address
   • Fill in the 'Common name' your real name
   • The CA Email Address can be left blank
     
     

   
   
   

6. Select the 'Saved to disk' option and click 'Continue'
7. By default the new Certificate Signing Request will be saved on your desktop, click 'save'.
8. Open the resulting CSR file in your text editor of choice.
9. Copy the entire contents of the generated CSR, including the first and last line and all dashes. Having done this, please proceed to the order page on our website to apply for an email certificate.