You can submit your own Certificate Signing Request (CSR) to generate your Personal Authentication Certificate.
We recommend that you use the very simple browser-based CSR generation method. You can do this method in any browser. Letting the browser generate your CSR means you will not have to convert any certificate files before you can install it on your device.
However, if you must provide your own CSR and Key for your email certificate, check out the steps below.
Generate Your CSR
There are many ways to generate a certificate signing request for a Personal Authentication Certificate. If you’re familiar with OpenSSL, you can use the command line to generate your CSR. You may also be able to generate your CSR on your web server or hosting control panel.
Required CSR Details
- Common Name: this should be the user email address for the certificate, e.g. me@mail.com
- Organization: your organization
- Locality: your city
- State: your state, province, region, etc (do not abbreviate)
- Country: your country
Online CSR Generators
The easiest method is to use an online CSR generation tool. Typically, you’ll just fill out a certificate request form to generate the public and private keys.
IMPORTANT: Make sure to save a copy of the private key to your own computer. Online CSR generators usually do not store your private key, so it will be deleted as soon as you exit the generator page. If you do lose your private key, you will need to create a new CSR.
Once you have your CSR, you can paste it into the Personal Authentication Enrollment form to complete your order.
Validation
Basic and Pro Approval
The Basic and Pro level Personal Authentication Certificates do not require business validation. You should receive an email from noreply@sectigo.com with instructions for verifying your application. The certificate will be issued shortly after you complete this verification step.
Organization Validation for Enterprise
The Enterprise level Personal Authentication Certificate requires Organization Validation. The verification email you receive from Sectigo will also have a link to your Validation Manager to check the status of your order, including Actions Required from your side. Sectigo may request additional documentation from you to complete this process.
Standard Requirements for Organization Validation
Sectigo’s validation team will refer to approved online resources, such as Dun and Bradstreet, Yellow Pages, or government websites to verify the following details based on your order:
- Legal registration
- Physical address
- Identity verification of certificate requester
- Phone call to verified phone number
If you need to provide documentation, you can open a case with the validation team using the Sectigo Ticketing Portal.
Collect Your Certificate
Once your certificate is issued, you can download the files from your storefront dashboard. You will receive a zip folder containing several folders.
- CER – CRT Files – contains your certificate in CRT format
- PKCS7 File – contains your certificate in PKCS#7/P7B format
- Plain Text – contains your certificate in TXT format
Please note that your private key will not be included in this download.
Convert Your Certificate
If you need to create PKCS#12 / PFX format certificate file, you’ll need to manually combine your certificate CRT or P7B with the matching private key. We have instructions for two methods, OpenSSL or SSLShopper Converter Tool:
Manual CSR Convert to PFX Guide