Knowledge Base
How to generate a CSR for S/MIME certificates enrolled using REST API
Overview
By the end of this guide, you will have generated a private key and a Certificate Signing Request (CSR) for a Secure/Multipurpose Internet Mail Extensions (S/MIME) certificate enrolled through the Representational State Transfer (REST) API, and packaged the issued certificate into a Public-Key Cryptography Standards #12 (PKCS#12) file. It covers generating the key, creating the CSR with your email address as the Common Name, and building the PKCS#12 file from either an X.509 certificate or a PKCS#7 certificate.
Prerequisites
-
OpenSSL installed on your system
-
The email address to use as the Common Name on the certificate
Step 1: Generate a private key
openssl genrsa -out smimeCert.key 2048
Step 2: Generate the CSR
Use your email address as the Common Name when generating the CSR:
openssl req -new -key smimeCert.key -out smimeCert.csr
Build a PKCS#12 file from an X.509 certificate
-
Save the private key to a file (cert-privkey.crt).
-
Save the X.509 certificate to a file (cert-pickup.crt).
-
Generate the PKCS#12 file (certificate.pfx):
openssl pkcs12 -export -out certificate.pfx -inkey cert-privkey.crt -in cert-pickup.crt
Build a PKCS#12 file from a PKCS#7 certificate
-
Save the private key to a file (cert-p7b.key).
-
Save the PKCS#7 certificate to a file (cert-p7b-file.p7b).
-
Convert the PKCS#7 certificate to PEM, then export the PKCS#12 file (smime-Final.pfx):
openssl pkcs7 -in cert-p7b-file.p7b -out smime-cert.pem -print_certs
openssl pkcs12 -export -inkey cert-p7b.key -in smime-cert.pem -name Smime-SectigoTest -out smime-Final.pfx
Fig 1: Example image of generating CSR using API
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
