Important Update!
Starting from June 1st, 2023, a new security measure is in place for code signing certificates. All code signing certificates must now be stored on hardware meeting specific security standards such as FIPS 140 Level 2, Common Criteria EAL 4+, or their equivalents.
As a result, the process of obtaining and installing certificates has changed. Certificate Authorities no longer support browser-based key generation, creating CSRs, and installing certificates on laptops or servers. Instead, if you opt for token + shipment as your code signing delivery method, the CA will handle CSR generation. Alternatively, if you prefer to use your Hardware Security Module (HSM), check the guides below or follow your HSM provider’s instructions for CSR generation.
- YubiKey 5 FIPS CSR Generation and Attestation
- Luna Network Attached HSM v7.x: CSR & Attestation Guide
The following text contains outdated information, no longer applicable to CSR generation for code signing certificates.
Code signing certificates digitally sign apps and software and enable verification of the software’s authenticity and integrity, ensuring that no one has tampered with or modified it. Both individuals and companies can obtain such a cert from a trusted Certificate Authority by generating a CSR for a code signing certificate.
How to Create a CSR for Code Signing?
The CSR (Certificate Signing Request) is a block of encoded text with your contact data that CAs use to check your credentials and sign the certificate. Below, you will find step-by-step tutorials on how to create a CSR for code signing on different programs.
Java Keystore
Generating a CSR via Java Keystore involves using the “keytool” command-line utility to create a private key and certificate pair, which are then used to generate the CSR. This process enables secure communication and proves the authenticity of the entity requesting the certificate.
macOS Keychain Access
To generate a Certificate Signing Request on a Mac using Keychain Access, enter the common name and email address in the Certificate Assistant window, select the preferred key size, and then save the CSR file to your desired location. Afterward, copy and paste the CSR text from the file into the appropriate field on your order generation form. For detailed instructions, check the link within the title.
CertReq
To generate a CSR for a code signing cert using the Windows prompt and the ‘certreq’ command, build a ‘request.inf’ file containing the Subject Details for the CSR. You can then submit the generated CSR to a Certificate Authority to obtain your code signing certificate.
Microsoft Management Console
Generating a CSR code via MMC is quick and easy. Add a new Snap-in in MMC, then initiate certificate enrollment and submit the required information about your company. Specify the key size, select the hash algorithm, and save the newly created CSR file on your device.
OpenSSL
You can generate a CSR for Code Signing certificates via the OpenSSL utility straight from your Windows device. Open the command prompt and run a few commands to enter the required information and create the CSR file.
Conclusion
Do you need a CSR for a code signing certificate? The answer is yes, but the code signing CSR generation steps differ from regular SSL certificates. On this page, we’ve provided the most common CSR generation tutorials. Select the relevant guide for your program and create the CSR for a code signing certificate in no time.
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10
