How to generate a certificate on MacOS X:
Open the KeyChain Access programme
- If you've already got a private/public key pair and don't want to generate a new one you can select the private key of that pair otherwise just go to the next step (note: from a security point of view it's wise to generate new key pairs once in a while e.g. every 5 years)
From the KeyChain menu select Certificate Assistant -> Request a Certificate From a Certificate Authority…
Then type in any email address and name (in the Common Name field), they don't have to match those in your account as CAcert doesn't use this information for your certificate (only the assured data from your account)
Choose Saved to disk (this is important as we can't process certificate requests which arrive via email because there is no authentication) and click Continue
Select a location where you want to save the certificate request and click Save and Show in Finder
Open the certificate request in a text editor of your choice (select Open with -> Other… in the context menu and select your text editor – e.g. TextEdit)
Now go to the CAcert website and log into your account
Select Client Certificates -> New
Choose the email addresses your want to be included in the certificate (if you want to include an email address which doesn't show up you have to add it to your account via Email Accounts -> Add)
- Select whether you want to include your name in the certificate (this is recommended but only available if you have been assured to at least 50 points)
1.Now check Show advanced options and copy the certificate request from the text editor into the text box which appeared
Click Next and wait for the next page to load (this may take a while because the certificate request has to be sent to our signing server over a serial connection)
Now open the certificate which has been generated for you, this should automatically import it into KeyChain so you can use it