We all know how important is a digital certificate in the digital world. No buddy can imagine a secure world without digital certificates. A digital certificate can be tagged to a user, computer, application, server, service and can also be tagged to RF access cards. Most of you have seen SSL/TLS certificates while using the web. It’s one of the most common digital certificates used to secure the communication between your web browser and a web server (website). Wait, digital certificates are not just used in securing communication over the network. They are also used in proving the identity of the associated entity. Digital certificates are not eternal. They expire after a fixed amount of time. It is required to renew the certificate to enjoy the service. The certificate renewal process begins with the generation of a certificate signing request (CSR) and requests a new certificate by submitting the Certificate Signing Request (CSR) to a Certificate Authority (CA). We have shown how to create a custom CSR on Windows and Linux servers in a separate post. In this post, we are covering how to generate a CSR in mac.
Keychain Access has made the process very simple. We are going to show you how easy to generate a CSR in mac using Keychain Access App.
What Is Keychain Access App In Mac?
Keychain Access is a mac OS app used to store web and other application passwords, private and public keys, digital certificates, and account information. It reduced a lot of effort to manage the passwords, digital keys, and certificates in a secure way. This application enables you to create and recall complex passwords, which will make them difficult to break. This can make your individual accounts more secure. In addition to that, it allows managing certificates, which are issued by trusted certificate authorities, to validate websites, digital documents, and other web-based services.
One cool thing about this is that it lets you share all the passwords, certificates, and account information with your other devices. You may need to collaborate Keychain Access with your iCloud Keychain to make it work.
What Is A Certificate Signing Request?
Certificate Signing Request is a piece of information encoded in base64 format. It comprises most of the details required to generate an X.509 digital certificate. Most likely, a certificate seeker who wants to request a new digital certificate or wants to renew the expired certificate for an application, user, server, or service will need to create a CSR on the machine by supplying the information. Then the CSR should be submitted to the Certificate Authority to sign a new certificate for the application, user, server, or service.
Prerequisites To Generate A CSR In Mac:
This is the ultimate question for which you should know the answer before going to start any task. In this case, prerequisites are almost nill. You just need to have the Keychain Access App on your mac which comes in preinstalled packages. Additionally, you should have all the required information to generate a CSR.
The Procedure To Generate A CSR in Mac OS:
Time needed: 10 minutes.
The procedure shows how to generate a CSR in most of the mac OS.
- Open Keychain Access app
As we said earlier, Keychain Access app would be installed on your mac. You can find it in Applications -> Utilities -> Keychain Access. Click on the Keychain Access to open it.
- Open the Certificate Assistant
Select Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority from the menu.
Certificate Assistant has several options. Select ‘Request a Certificate from a Certificate Authority‘ to generate a CSR for the mac you are working on.
- Enter Email ID and Common Name
1. User Email Address: Enter the email ID of the certificate owner in the this field.
2. Common Name: Enter the Fully Qualified Domain Name (FQDN) of the website, server, or service for which you need a certificate in the this field.
3. CA Email Address: Leave this field blank.
Check the ‘Save to disk‘ radio button as we are generating a CSR file on the local disk.
Tick the ‘Let me specify key pair information‘ if you want to specify the key size. You can set 1024, 2048, and 4096 for RSA. If you don’t specify this, the default is set to RSA 2048. Click Continue.
- Save the CSR on local disk
Then Click to continue to save the CSR on local disk. Enter the name in the Save As field to save the CSR and location in Where. We are going to save the CSR in the Desktop for demonstration.
- Specify the Algorithm and Key Size
There are two algorithms out there. You can select either ECC or RSA algorithms. And key size which support your Certificate Authority. If you don’t specify this, the default is set to RSA 2048.
- Create the CSR file
The CSR will be written to the disk after click Continue. Click Done to end the process.
- Show in Finder
You can see the CSR file is saved in the Desktop.
- Open the CSR with any text editor.
Open the CSR using any text editor app. Submit the content to your Certificate Authority and ask them to issue the certificate.
- Keypair of CSR in Keychain Access
A pair of public and private key will be generated during the process of CSR generation. You can find the key pair of your CSR in Keychain Access app. Select ‘All items‘ in the keychain Access then type the common name in the search box.
That’s all. This is how you can generate a CSR in mac using Keychain Access app.
ssl.com has created a video tutorial on this. You can watch the video if you want to see the tutorial in video format.
Thanks for reading this post. Please visit thesecmaster.com to read more such tutorial posts.