Generate a Certificate Signing Request (CSR) in macOS Keychain Access

How to generate a CSR in macOS

This how-to will walk you through generating a key pair and certificate signing request (CSR) for submission to in macOS 10.14 (Mojave).


1. Open the Keychain Access application, located at /Applications/Utilities/Keychain
2. Select Keychain Access >> Certificate Assistant >> Request a Certificate From a Certificate Authority… from the menu.

Request a Certificate From a Certificate Athority

3. In the Certificate Assistant window that opens, enter your email address in the User Email Address field. Then, enter the Fully Qualified Domain Name (FQDN) of the website this certificate will protect in the Common Name field (depending on the certificate type, this may be a wildcard, such as * Leave the CA Email Address field blank. Check the Saved to disk radio button.

Enter email address and common name

4. If you want to change the default key size and algorithm for the key pair (optional), check the Let me specify key pair information checkbox.

Let me specify key pair information

5. Click the Continue button.

Continue button

6. In the dialog box that appears, give the CSR a filename with the extension .certSigningRequest, choose a location to save it, and click the Save button.

create filename

7. If you checked the optional Let me specify key pair information checkbox in step 4 above, you will be prompted to choose the Key Size and Algorithm from the drop-down menus. After setting them, click Continue. If you did not check the box this prompt will not appear.

Select key size and algorithm

8. Your new CSR will be saved to disk in the location you specified. Clicking the Show In Finder… button will open a finder window with the CSR file.

Show In Finder CSR in Finder

9. Click the Done button to close the Certificate Assistant window.

Done button

10. You can confirm that your new key pair has been generated and installed in your system by clicking All Items in the left-hand Category menu of the main Keychain Access window and typing the Common Name for the new CSR in the search box at the upper right.

Search for key pair

11. Open the new CSR file in a text editor to copy and paste it when ordering certificates from See our how-to on Ordering and Retrieving SSL/TLS Certificates for instructions on using your new CSR in certificate orders. For information on installing your certificate, please see our how-to, SSL/TLS Installation on macOS 10.14 Mojave.

CSR in text editor

Thank you for choosing! If you have any questions about CSR generation or any other topic relating to digital certificates and PKI, please do not hesitate to email us at, call 1-877-SSL-SECURE, or just click the chat button at the bottom right of this page.