Generating the Request in Keychain
Under Keychain Access menu, find Certificate Assistant menu, highlight with your cursor, and then click Request a Certificate from a Certificate Authority.
Enter the common name and email address in the Certificate Assistant window. For Email Signing certificates, the Common Name must be the email address of the requester.
Do not input CA Email Address, instead select Saved to Disk to designate a location on your Mac for the CSR text file to be saved.
Select the preferred key size – the industry standard for Email Signing certificates is 2048 bits. Then, click Continue.
Locate the CSR file that was saved and right-click to open with TextEdit. You will copy and paste all the text from this file including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the CSR field on your order generation form on your account.
There is no further action needed in Certificate Assistant from this point, so if there are further options, you can simply exist the Assistant window.
After completing the Generation step, the Validation process will begin. Depending on the version of the Email Signing certificate you purchased, there may be some personal or company validation required. The basic version should be quickly available via an email sent to the user by the Certificate Authority.
Once the collection email is received, you can move on to the Collection step.
Where Is the Private Key?
To locate the private key in Keychain, search the CSR common name in All Items in the Login keychain. There should be a public key (the CSR) and a private key matching the common name you entered when generating the CSR.
Make sure to never share or delete this private key, as you will need this file when you are ready to finalize and export your certificate.