beautypg.com

Certificate manager in server admin, 62 certificate manager in server admin – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 62

background image

Several keychains can hold certificates:

Â

SystemRootCertificates: This keychain holds root certificates that ship with
Mac OS X. The certificates already have trust given to them.

Â

System: This keychain holds certificates that the computer administrator can add. All
users on a given client can read from this keychain. The trust settings of a certificate
in this keychain can override those of a certificate in SystemRootCertificates.

Â

Any other keychain: This holds certificates for a given user and is only accessible to
that user. The trust settings of a certificate in this keychain can override those of a
certificate in SystemRootCertificates or System.

Trusted certificates can be in any of these locations, but to trust a certificate,
trust settings must be given explicitly to a certificate.

To configure clients to trust a certificate:

1

Copy the self-signed CA certificate (the file named ca.crt) onto each client computer.

This is preferably distributed using nonrewritable media, such as a CD-R. Using
nonrewritable media prevents the certificate from being corrupted.

2

Open the Keychain Access tool by double-clicking the ca.crt icon where the certificate

was copied onto the client computer.

3

Drag the certificate to the System keychain using Keychain Access.

Authenticate as an administrator, if requested.

4

Double-click the certificate to get the certificate details.

5

In the details window, click the Trust disclosure triangle.

6

From the pop-up menu next to “When using this certificate,” select “Always Trust”

You have now added trust to this certificate, regardless of who it is signed by.

From the command line
After copying the certificate to the target client computer, perform the following,
replacing with the file path to the certificate:

sudo /usr/bin/security add-trusted-cert -d -k /Library/Keychains/System.

keychain

You can use the security tool to save and restore trust settings as well. For more
information on using the

security

command-line tool, see the

security

man page.

Certificate Manager in Server Admin

Mac OS X Server’s Certificate Manager is integrated into Server Admin to help you
create, use, and maintain identities for SSL-enabled services.

62

Chapter 4

Enhancing Security

See also other documents in the category Apple Software: