Generating the Request in Keychain
Under Keychain Access menu, find Certificate Assistant menu and select Request a Certificate From a Certificate Authority.
Enter the common name and email address in the Certificate Assistant window. For S/MIME and CPAC certificates, the Common Name must be the user’s email address.
Do not input CA Email Address, instead select Saved to Disk to designate a location on your Mac for the CSR text file to be saved.
Use Finder to locate the CSR file that was saved and right-click to open with TextEdit. You will copy and paste all the text from this file including —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– into the CSR field on the CertificateGeneration order form.
There is no further action needed in Certificate Assistant from this point, so if there are further options, you can simply exist the Assistant window.
Where Is the Private Key?
To locate the private key in Keychain, search the CSR common name in All Items in the Login keychain. There should be a public key (the CSR) and a private key matching the common name you entered when generating the CSR.
Make sure to never share or delete this private key, as you will need this file when you are ready to finalize and export your certificate.
After you submit your order, you may be required to complete validation before the certificate is issued.
CPAC Basic and Pro certificates only require email approval. Check for an email from email@example.com to complete this step. The certificate can be downloaded from your order dashboard as soon as you have finished the approval email step – you may not get another email confirming it’s ready.
CPAC Enterprise certificates require organization validation and mailbox domain validation as well as user approval. You may be required to provided documentation and communicate further with Sectigo’s validation team to finish the process and issue the certificate.
When the certificate is issued, you can download it and import it into Keychain to finish the installation.