While the easiest option for requesting your email certificate is to do it all in the web browser, you may also generate a certificate signing request (CSR). A CSR can be created on a web server, with OpenSSL commands, or with an online CSR generation tool. You may refer to our CSR Generation guides for basic instructions, but please keep in mind that a CSR for an email signing certificate may be a little different than a CSR for SSL or for code signing certificates.
CSR Information
Your CSR for S/MIME or Personal Authentication Certificates should contain the following details:
- Common name: the user’s email address, e.g. yourname@email.com
- Organization: the user’s organization, or N/A if there is not one
- Locality: your city
- State: your state or district, fully spelled out
- Country: your country
The standard key-size for email signing CSRs is 2048 bits.
The CSR will have a matching private key that is required to use the certificate. If you use an online CSR generation tool, please make sure to save the private key in a familiar place before you exit the tool page. If the private key is not saved, or gets lost, you will not be able to use the certificate.
Helpful Tips
It is optional to submit a CSR for email certificates. We actually recommend that you do not submit a CSR when enrolling your order as the browser generation method is much easier. If you do not provide a CSR during enrollment, you will be able to easily download the certificate, ready to install, from any browser as soon as it is issued.
If you do submit a CSR during enrollment, you must have a copy of the matching private key. You may also be required to convert the certificate into a special PFX or PKCS#12 format, which includes the certificate, private key, and any intermediate chain certificates provided by the Certificate Authority.