• Home
  • |
  • Blog
  • |
  • Step By Step Procedure To Generate A CSR In Mac
Generate a CSR in mac

We all know how important is a digital certificate in the digital world. No buddy can imagine a secure world without digital certificates. A digital certificate can be tagged to a user, computer, application, server, service and can also be tagged to RF access cards. Most of you have seen SSL/TLS certificates while using the web. It’s one of the most common digital certificates used to secure the communication between your web browser and a web server (website). Wait, digital certificates are not just used in securing communication over the network. They are also used in proving the identity of the associated entity. Digital certificates are not eternal. They expire after a fixed amount of time. It is required to renew the certificate to enjoy the service. The certificate renewal process begins with the generation of a certificate signing request (CSR) and requests a new certificate by submitting the Certificate Signing Request (CSR) to a Certificate Authority (CA). We have shown how to create a custom CSR on Windows and Linux servers in a separate post. In this post, we are covering how to generate a CSR in mac.
Keychain Access has made the process very simple. We are going to show you how easy to generate a CSR in mac using Keychain Access App.

What Is Keychain Access App In Mac?

Keychain Access is a mac OS app used to store web and other application passwords, private and public keys, digital certificates, and account information. It reduced a lot of effort to manage the passwords, digital keys, and certificates in a secure way. This application enables you to create and recall complex passwords, which will make them difficult to break. This can make your individual accounts more secure. In addition to that, it allows managing certificates, which are issued by trusted certificate authorities, to validate websites, digital documents, and other web-based services.
One cool thing about this is that it lets you share all the passwords, certificates, and account information with your other devices. You may need to collaborate Keychain Access with your iCloud Keychain to make it work.

What Is A Certificate Signing Request?

Certificate Signing Request is a piece of information encoded in base64 format. It comprises most of the details required to generate an X.509 digital certificate. Most likely, a certificate seeker who wants to request a new digital certificate or wants to renew the expired certificate for an application, user, server, or service will need to create a CSR on the machine by supplying the information. Then the CSR should be submitted to the Certificate Authority to sign a new certificate for the application, user, server, or service.

Prerequisites To Generate A CSR In Mac:

This is the ultimate question for which you should know the answer before going to start any task. In this case, prerequisites are almost nill. You just need to have the Keychain Access App on your mac which comes in preinstalled packages. Additionally, you should have all the required information to generate a CSR.

The Procedure To Generate A CSR in Mac OS:

Time needed: 10 minutes.

The procedure shows how to generate a CSR in most of the mac OS.

  1. Open Keychain Access app

    As we said earlier, Keychain Access app would be installed on your mac. You can find it in Applications -> Utilities -> Keychain Access. Click on the Keychain Access to open it.Open Keychain Access app

  2. Open the Certificate Assistant

    Select Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority from the menu.

    Certificate Assistant has several options. Select ‘Request a Certificate from a Certificate Authority‘ to generate a CSR for the mac you are working on.
    Open the Certificate Assistant

  3. Enter Email ID and Common Name

    1.User Email Address: Enter the email ID of the certificate owner in the this field.
    2.Common Name: Enter the Fully Qualified Domain Name (FQDN) of the website, server, or service for which you need a certificate in the this field.
    3. CA Email Address: Leave this field blank.

    Check the ‘Save to disk‘ radio button as we are generating a CSR file on the local disk.
    Tick the ‘Let me specify key pair information‘ if you want to specify the key size. You can set 1024, 2048, and 4096 for RSA.If you don’t specify this, the default is set to RSA 2048. Click Continue.
    Enter Email ID and Common Name

  4. Save the CSR on local disk

    Then Click to continue to save the CSR on local disk. Enter the name in the Save As field to save the CSR and location in Where. We are going to save the CSR in the Desktop for demonstration.
    Save the CSR on local disk

  5. Specify the Algorithm and Key Size

    There are two algorithms out there. You can select either ECC or RSA algorithms. And key size which support your Certificate Authority. If you don’t specify this, the default is set to RSA 2048.
    Specify the Algorithm and Key Size

  6. Create the CSR file

    The CSR will be written to the disk after click Continue. Click Done to end the process.Create the CSR file

  7. Show in Finder

    You can see the CSR file is saved in the Desktop.CSR file created on mac

  8. Open the CSR with any text editor.

    Open the CSR using any text editor app. Submit the content to your Certificate Authority and ask them to issue the certificate.
    CSR content

  9. Keypair of CSR in Keychain Access

    A pair of public and private key will be generated during the process of CSR generation. You can find the key pair of your CSR in Keychain Access app. Select ‘All items‘ in the keychain Access then type the common name in the search box.
    Keypair of CSR

That’s all. This is how you can generate a CSR in mac using Keychain Access app.

ssl.com has created a video tutorial on this. You can watch the video if you want to see the tutorial in video format.

Thanks for reading this post. Please visit thesecmaster.com to read more such tutorial posts.

About the author

Arun KL

To know more about me. Follow me on LinkedIn Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.