Knowledge Base

Overview: 

This guide provides the step-by-step process for creating a CSR on macOS using Keychain Access and using Open SSL. A CSR is required to request and obtain digital certificates for secure communication and authentication. 

Platform: macOS (Keychain Access) 

Audience: macOS users who need to request SSL/TLS certificates. 
Scope: This procedure covers generating a CSR and verifying key pair creation using Keychain Access. And using OPen SSl 

Pre-requisites 

Before you begin, ensure you have the following: 

• Access to Keychain Access (/Applications/Utilities/Keychain Access.app) 

• Access to a macOS system with OpenSSL installed   

• Your server's common name or FQDN (as they should appear on the certificate) 

PART 1: Generate a Certificate Signing Request (CSR) for certificates on macOS using Keychain Access 
 

Follow these step-by-step instructions to generate a Certificate Signing Request (CSR) for certificates on macOS using Keychain Access.: 

Step 1: Open Keychain Access 

Navigate to:  

Step 2: Launch Certificate Assistant 

Go to the menu bar: 
               

Step 3: Fill in Certificate Request Details 

• User Email Address: Enter your email. 

• Common Name: Enter your server’s common name or FQDN. 

• CA Email Address: Leave blank unless instructed. 

• Request: Select Saved to disk. 

• Click Continue. 

Step 4: Save the CSR File 

Choose a filename and location to save the CSR. Click Show in Finder to view the file, then click Done. 

Step 5: Confirm Key Pair Generation 

In Keychain Access: 

1. Click All Items in the left sidebar. 

2. Search for your Common Name in the top-right search bar to confirm the key pair was created. 

 Step 6: Open CSR in a Text Editor 

Locate the .certSigningRequest file and open it in a text editor to view or copy its contents during the SSL certificate setup process. 

Submit the CSR file to Sectigo. Once the certificate is issued, import it into Keychain Access to complete the setup. 
 

PART 2: Generate a CSR using OpenSSL on macOS 

You can also create a CSR (Certificate Signing Request) using OpenSSL on macOS. 

Steps to generate a CSR using OpenSSL on macOS 

Step 1: Open Terminal   

Go to Applications → Utilities → Terminal 

Step 2: Generate a Private Key and CSR 

Run the following command to generate a 2048-bit RSA private key and CSR: 

 
openssl req -newkey rsa:2048 -keyout private.key -out server.csr -nodes 

When prompted, enter certificate details:  

• Country Name (C): Two-letter country code (e.g., US) 

• State or Province (ST): Full state name 

• Locality (L): City 

• Organization (O): Company name 

• Organizational Unit (OU): Department (optional) 

• Common Name (CN):  

• Domain name: example.com 

• Email Address: Optional 

Verification: 

Verify the CSR: 

openssl req -text -noout -verify -in request.csr 

Output 

• request.csr – Submit to Certificate Authority 

• private.key – Must be kept secure (do not share) 

Important Notes 

• Do not delete or lose the private key after submitting the CSR. 

• The certificate issued by the CA must be installed on the same system where the private key was generated. 

• For SSL certificates, the Common Name (CN) must exactly match the domain name. 

Related Articles:  

Tags: