Request a certificate from a certificate authority
To obtain a valid certificate, you must create a certificate request and send it to the CA. If the authority agrees, it creates your certificate and returns it to you. You can obtain and hold many certificates signed by different CAs that are each valid for different purposes and subject to different policies. For example, you may have one certificate that lets you sign email and another that lets you identify yourself in Messages.
Choose Keychain Access > Certificate Assistant > Request a Certificate From a Certificate Authority.
Enter your email address, name, and the email address of the certificate authority you want to issue you the certificate, then click Continue.
To change the way key pairs are generated, click “Let me specify the key pair information.” Then choose the key size and algorithm, and click Continue.
Note: You can create RSA keys up to 4096 bits. RSA keys smaller than 2048 bits are no longer supported.
Review the certificate, then click Done.
The request for a certificate is sent to the certificate authority.