SearchSupportDocsFree trial
Contact us

Knowledge Base

Knowledge BaseCertificate Signing Request (CSR)

How to generate a Certificate Signing Request (CSR) for S/MIME Certificates on macOS using Keychain Access

Updated on May 29, 2026

Overview 

By the end of this article, a macOS user will have generated a Certificate Signing Request (CSR) file for a Secure/Multipurpose Internet Mail Extensions (S/MIME) certificate, confirmed that a matching public and private key pair was created in Keychain Access, and submitted the CSR to Sectigo — the Certificate Authority (CA) — for issuance. The article walks through opening Keychain Access, launching the Certificate Assistant, filling in the certificate request details, saving the CSR file, confirming key pair generation, viewing the CSR content, and submitting the CSR to Sectigo for the certificate to be issued and installed. 

What is an S/MIME certificate? 

A Secure/Multipurpose Internet Mail Extensions (S/MIME) certificate is a digital certificate that binds a verified email identity to a public and private key pair. The certificate allows the owner to digitally sign outgoing email — so recipients can verify the sender — and to decrypt incoming email that has been encrypted to that public key. S/MIME is supported natively by most desktop and mobile mail clients, including Apple Mail on macOS and iOS. 

Prerequisites 

Gather the following before starting: 

  • A macOS device with administrator access. 

  • The Keychain Access application (/Applications/Utilities/Keychain Access.app). 

  • The email address and full name to appear on the certificate. 

  • Purchase details for the S/MIME certificate from Sectigo (order number or account access). 

Steps 

Step 1 — Open Keychain Access 

Open the Keychain Access application. Navigate to /Applications/Utilities/Keychain Access.app, or press Command + Space to open Spotlight and search for Keychain Access. 

macOS Finder path /Applications/Utilities/Keychain Access.apmacOS Finder path /Applications/Utilities/Keychain Access.app shown as plain text. 

Image 1 — Path to the Keychain Access application in /Applications/Utilities. 

macOS Spotlight search results with Keychain Access as the tmacOS Spotlight search results with Keychain Access as the top match and additional help links. 

Image 2 — Spotlight search for Keychain Access on macOS. 

Step 2 — Launch Certificate Assistant 

From the macOS menu bar, choose Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. 

Breadcrumb showing Keychain Access then Certificate AssistanBreadcrumb showing Keychain Access then Certificate Assistant then Request a Certificate from a Certificate Authority. 

Image 3 — Menu path: Keychain Access > Certificate Assistant > Request a Certificate from a Certificate Authority. 

macOS menu bar dropdown with Certificate Assistant submenu omacOS menu bar dropdown with Certificate Assistant submenu open and the option Request a Certificate From a Certificate Authority highlighted. 

Image 4 — Certificate Assistant submenu in the Keychain Access menu bar. 

Step 3 — Fill in the Certificate Request details 

In the Certificate Assistant window, complete the certificate request details: 

  • User Email Address — enter the email address that will appear on the certificate. 

  • Common Name — enter the full name to appear on the certificate. 

  • Certificate Authority (CA) Email Address — leave blank unless Sectigo specifically instructs otherwise. 

  • Request is — select Saved to disk. 

  • Click Continue. 

Certificate Assistant dialog with the User Email Address, CoCertificate Assistant dialog with the User Email Address, Common Name and CA Email Address fields filled in, Saved to disk selected, and the Continue button at the bottom right. 

Image 5 — Certificate Assistant with the Certificate Information form completed. 

Step 4 — Save the CSR file 

In the save dialog, choose a filename and a location for the CSR (the default is CertificateSigningRequest.certSigningRequest saved to the Desktop), then click Save. On the confirmation screen, click Show in Finder to locate the file, then click Done. 

macOS save dialog for the CSR with the filename CertificateSmacOS save dialog for the CSR with the filename CertificateSigningRequest.certSigningRequest, location Desktop, and Cancel and Save buttons. 

Image 6 — Save dialog for the CSR file with the default filename and Desktop location. 

Step 5 — Confirm key pair generation 

In Keychain Access, click All Items in the left sidebar, then search for your Common Name in the top-right search bar. A matching public key and private key entry confirms that the key pair was created and stored in the login keychain. 

Keychain Access window showing All Items selected with a seaKeychain Access window showing All Items selected with a search returning a matching RSA 4,096-bit public key and private key in the login keychain. 

Image 7 — Keychain Access showing the matching public and private key pair for the new CSR. 

Step 6 — Open the CSR in a text editor 

Locate the .certSigningRequest file in Finder and open it in a text editor (for example, TextEdit). The file contains a PEM-encoded CSR beginning with -----BEGIN CERTIFICATE REQUEST----- and ending with -----END CERTIFICATE REQUEST-----. Copy the entire contents — including the BEGIN and END lines — to paste into the Sectigo S/MIME certificate request form. 

PEM-encoded CSR shown in a plain-text editor, beginning withPEM-encoded CSR shown in a plain-text editor, beginning with BEGIN CERTIFICATE REQUEST and ending with END CERTIFICATE REQUEST. 

Image 8 — PEM-encoded CSR opened in a text editor. 

Step 7 — Submit the CSR to Sectigo 

Submit the CSR contents to Sectigo through the S/MIME certificate request form on your Sectigo account. Once Sectigo validates the request and issues the certificate, download the issued certificate and double-click the file to import it into Keychain Access. The imported certificate binds to the existing private key, completing the S/MIME set-up. 

How to verify success 

Confirm the CSR was generated and the workflow is complete when all of the following are true: 

  • The CSR file (default name CertificateSigningRequest.certSigningRequest) exists at the chosen save location. 

  • Opening the CSR in a text editor shows a PEM block bounded by -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST-----. 

  • In Keychain Access, searching the Common Name under All Items returns a matching public key and private key in the login keychain. 

  • After submitting the CSR to Sectigo and importing the issued certificate, the certificate appears under My Certificates in Keychain Access alongside the same private key. 

Related Articles 

How to generate a CSR on various platforms 

How to install an S/MIME certificate on macOS 

How to change the trust settings of a certificate in Keychain Access on macOS 

What is an S/MIME certificate? 

Need assistance?

Contact our team for help with your purchase or issuing your certificate.

Live chat

Click the button below or click "Chat with an Expert" to start chatting with us now!

Start chat

Call us today

United States
+1 888 266 6361
France
+33 3 66 72 95 95
Italy
+39 02 4792 1708
Spain
+34 900 838 451
Germany
+49 800 1002328
International
+1 914 732 844

Resources