Generating certificate signing request in Keychain Access: which private key is used?

arnekolja picture arnekolja · Oct 30, 2011 · Viewed 15.9k times · Source

I am wondering which private key Keychain Access in Mac OS X (Snow Leopard, now Lion) uses. Whenever I create a CSR using that app, it does not even ask for a private key to use. So which one does it use then?

I could imagine that it used the selected one, if you've selected one in your certificate list. But generating the request even works when nothing is selected at all or, making sure it's not an "invisible" selection, if the item that's selected is not a private key.

Does anyone know?

Thanks in advance

Arne

Answer

Rob Napier picture Rob Napier · Oct 30, 2011

It generates a new public/private keypair when you create a CSR in Keychain Access. The name of the key will be what you entered in the "Common Name" field when generating the CSR.

If you would like to generate a new CSR from an existing key, I do not believe this can be done entirely within Keychain Access. For how to do it with Keychain Access and OpenSSL, see How can I use an existing private key to a new iOS development certificate?