To order your S/MIME or Personal Authentication certificate, you may need to generate a certificate signing request (CSR). A CSR can be created on a web server, with OpenSSL commands, or with an online CSR generation tool. You may refer to our CSR Generation guides for basic instructions, but please keep in mind that a CSR for an email signing certificate may be a little different than a CSR for SSL or for code signing certificates.
Your CSR for S/MIME or Personal Authentication Certificates should contain the following details:
- Common name: the user’s email address, e.g. firstname.lastname@example.org
- Organization: the user’s organization, or N/A if there is not one
- Locality: your city
- State: your state or district, fully spelled out
- Country: your country
The standard key-size for email signing CSRs is 2048 bits.
The CSR will have a matching private key that is required to use the certificate. If you use an online CSR generation tool, please make sure to save the private key in a familiar place before you exit the tool page. If the private key is not saved, or gets lost, you will not be able to use the certificate.
Which email signing products need a CSR?
Comodo/Sectigo Personal Authentication Certificates – CSR Required
You are required to submit a CSR for Comodo/Sectigo Personal Authentication Certificates (also called CPAC). You can copy and paste the CSR text into the CSR field on the order form when you submit your order.
Once you received the certificate, you will need to combine the collected file with the matching private key and convert it to PFX (PKCS#12) with a .p12 extension. You can use an online conversion tool, such as the SSL Shopper Certificate converter, or OpenSSL commands to convert the certificate.
DigiCert S/MIME Certificates – No CSR Required
It is optional to submit a CSR for DigiCert S/MIME certificates. We actually recommend that you do not submit a CSR for DigiCert S/MIME when placing your order. If you do not provide a CSR, you will be able to easily download the certificate, ready to install, from any browser as soon as it is issued.
If you do submit a CSR for your DigiCert S/MIME certificate, you will be required to convert the certificate to combine it with the matching private key before you can install it.