macOS 10.14 (Mojave)
1. Open the Keychain Access application, located at /Applications/Utilities/Keychain Access.app.
2. Select Keychain Access >> Certificate Assistant >> Request a Certificate From a Certificate Authority… from the menu.
3. In the Certificate Assistant window that opens, enter your email address in the User Email Address
field. Then, enter the Fully Qualified Domain Name (FQDN) of the website this certificate will protect in
the Common Name field (depending on the certificate type, this may be a wildcard, such
as *.example.com). Leave the CA Email Address field blank. Check the Saved to disk radio button.
4. If you want to change the default key size and algorithm for the key pair (optional), check the Let me specify key pair information checkbox.
5. Click the Continue button.
6. In the dialog box that appears, give the CSR a filename with the extension .certSigningRequest, choose a location to save it, and click the Save button.
7. If you checked the optional Let me specify key pair information checkbox in step 4 above, you will be
prompted to choose the Key Size and Algorithm from the drop-down menus. After setting them,
click Continue. If you did not check the box this prompt will not appear.
8. Your new CSR will be saved to disk in the location you specified. Clicking the Show In Finder… button
will open a finder window with the CSR file.
9. Click the Done button to close the Certificate Assistant window.
10. You can confirm that your new key pair has been generated and installed in your system by clicking All Items in the left-hand
Category menu of the main Keychain Access window and typing the Common Name for the new CSR in the search box at the upper right.
原文:https://www.ssl.com/how-to/csr-generation-in-macos-keychain-access/
参考资料:https://help.apple.com/developer-account/?lang=zh-cn#/devbfa00fef7