Generate a Certificate Signing Request (CSR) in macOS Keychain Access

How to Generate a CSR in macOS Keychain Access

For more helpful how-tos and the latest cybersecurity news, subscribe to’s newsletter here: 

Time needed: 15 minutes

To order your certificate from, you need to generate a Certificate Signing Request (CSR). To generate a CSR in macOS Keychain Access you’ll need to:

  1. Open Keychain Access.

    Open the Keychain Access application, located at /Applications/Utilities/Keychain

  2. Open Certificate Assistant.

    Select Keychain Access >> Certificate Assistant >> Request a Certificate From a Certificate Authority… from the menu.
    Request a Certificate From a Certificate Athority

  3. Enter email address and common name.

    In the Certificate Assistant window that opens, enter your email address in the User Email Address field. Then, enter the Fully Qualified Domain Name (FQDN) of the website this certificate will protect in the Common Name field (depending on the certificate type, this may be a wildcard, such as * Leave the CA Email Address field blank. Check the Saved to disk radio button.
    Enter email address and common name

  4. Choose to specify key size and algorithm (optional).

    If you want to change the default key size and algorithm for the key pair (optional), check the Let me specify key pair information checkbox.
    Let me specify key pair information

  5. Continue.

    Click the Continue button.
    Continue button

  6. Save CSR.

    In the dialog box that appears, give the CSR a filename with the extension .certSigningRequest, choose a location to save it, and click the Save button.
    create filename

  7. Select key size and algorithm (optional).

    If you checked the optional Let me specify key pair information checkbox in step 4 above, you will be prompted to choose the Key Size and Algorithm from the drop-down menus. After setting them, click Continue. If you did not check the box this prompt will not appear.
    Select key size and algorithm

  8. Show in Finder.

    Your new CSR will be saved to disk in the location you specified. Clicking the Show In Finder… button will open a Finder window with the CSR file.
    Show In Finder

  9. Close Certificate Assistant.

    Click the Done button to close the Certificate Assistant window.
    Done button

  10. Confirm key pair generation and installation.

    You can confirm that your new key pair has been generated and installed in your system by clicking All Items in the left-hand Category menu of the main Keychain Access window and typing the Common Name for the new CSR in the search box at the upper right.
    Search for key pair

  11. Open CSR in a text editor.

    Open the new CSR file in a text editor to copy and paste it when ordering certificates from See our how-to on Ordering and Retrieving SSL/TLS Certificates for instructions on using your new CSR in certificate orders. For information on installing your certificate, please see our how-to, SSL/TLS Installation on macOS 10.14 Mojave.
    CSR in text editor

Video: CSR Generation on macOS 10.15 (Catalina)

Subscribe To’s Newsletter

Don’t miss new articles and updates from

Stay Informed and Secure is a global leader in cybersecurity, PKI and digital certificates. Sign up to receive the latest industry news, tips, and product announcements from

We’d love your feedback

Take our survey and let us know your thoughts on your recent purchase.