Use coupon code BLACKFRIDAY2021 to save 50% on Certificate Request Single

Certificate Request

Get Digital Certificates for macOS from Active Directory Natively

Buy Now 14 Day Trial

Certificate Request from Twocanoes Software

Certificate Request is a powerful utility for the Mac that allows you to request and install digital certificates directly from Active Directory. This utility automatically discovers all the required information from Active Directory, once you have obtained a kerberos ticket; then, requesting a digital certificate can be as simple as clicking a single button. The digital certificate can be used for configuring wireless, Mail, VPN, and many other services on macOS that require certificates issued by Active Directory.
User Guide

Powerful Features

Native Requests

Certificate Request doesn’t require any changes to Active Directory. Certificate requests are sent over standard Windows protocols (DCE/RPC).

Active Directory binding not required

Certificate Request uses Kerberos to authenticate with Active Directory and doesn’t require the Mac to be bound to Active Directory. If the Mac is bound, Certificate Request can use the existing kerberos credentials from login to request a certificate.


Certificate Request automatically discovers all of the Active Directory information that is required, including the name of the Active Directory Certificate Authority server, the Certificate Authority name, and all available certificate templates. Certificate Request downloads the Active Directory Root Certificate automatically and makes it easy to configure the Mac to trust it.

Keychain or YubiKey

Certificate Request installs digital certificates directly to the standard macOS keychain or YubiKey hardware encryption device. The private key never leaves the keychain or the YubiKey, so it is secure.

Advanced Authentication

Certificate Request automatically detects if a login has already occurred and if there are kerberos credentials available. If there are multiple credentials available, Certificate Request gives the option to select the appropriate one; Certificate Request can also purge all credentials. Certificates use SHA512 hashing and 2048 bit RSA keys.


Multiple Template Support

Since digital certificates can be used in many different services, Active Directory bundles the settings into Templates. Certificate Request shows all available templates on the Active Directory server and makes it easy to select the appropriate one for the service you require (e.g., VPN, Mail, Wi-Fi, etc).


Buy Certificate Request

  • Certificate Request Single
  • 29.99
  • License for Single Mac
  • Request Certificate from Active Directory

    Store Certificate in Keychain or YubiKey

    Forum Support

  • Buy Now
  • Certificate Request Standard
  • 299.99
  • Licenses for up to 30 Macs
  • Request Certificate from Active Directory

    Store Certificate in Keychain or YubiKey

    1 Year Standard Business Day Support

    1 Year software maintenance


  • Buy Now

Simple, Yet Powerful

When Certificate Request is first launched, all the necessary Active Directory information needed to request a user certificate is automatically populated. Certificate Request is simple and easy to use with your existing Active Directory infrastructure without making any changes.


Intensely Integrated

Certificate Request doesn’t require a proxy or web services to work with your existing Active Directory network. DCE/RPC, a protocol that Windows Servers understand natively, is used to send all certificate requests.


At Your Service

Configure any services that require digital certificates easily. Certificate Request stores the digital certificate in the secure keychain on macOS, or in a YubiKey hardware device, so services such as VPN, Mail, 802.1X (wireless), and more can easily access them.


The Certificate Request command line tool allows administrators to automate certificate requests to Active Directory and installation into the keychain on macOS. The command line tool uses the user’s kerberos credentials so that certificate generation can happen seamlessly.


macOS 10.12 or Later
Active Directory user credentials for a kerberos ticket, or a Mac bound to Active Directory

Windows Server
Active Directory (Windows Server 2003 or later)
Standard Network Ports for LDAP, RPC, and Kerberos

YubiKey 4 Series Security Keys in PIV mode
Management Key
Available Slot for digital identity

Technical Specs

Generates X.509 Digital Certificates
SHA512 Hash
RSA 2048 bit keys
Kerberos Authentication


Certificate Request News & Tips

Troubleshooting Certificate Request

Created OnApril 3, 2018Last Updated OnOctober 11, 2021byTimoCertificate Request automatically queries Active Directory for relevant resources. If Certificate Request is failing to lookup the resources, you can try the following: 1. Verify that Certificate Request can find a domain controller by using a service record lookups in DNS: host -t SRV which returns:…


Introducing Certificate Request

We are releasing a new app here at Twocanoes Software, and this is one that is especially exciting for me. The app is called Certificate Request and it makes it a breeze to get digital certificate from Active Directory to your key on your Mac.