Readying certificates, 64 readying certificates – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 64

When certificates and keys are imported via Certificate Manager, they are put in the
/etc/certificates/ directory. The directory contains four PEM formatted files for every
identity:

The certificate

The public key

The trust chain

The concatenated version of the certificate plus the trust chain (for use with some

services)

The certificate and trust chain are owned by the root user and the wheel group, with
permissions set to 644. The public key and concatenation file are owned by the root
user and the certusers group, with permissions set to 640.

Each file has the following naming convention:

...pem

For example, the certificate for a web server at example.com might look like this:

www.example.com.C42504D03B3D70F551A3C982CFA315595831A2E3.cert.pem

Readying Certificates

Before you can use SSL in Mac OS X Server’s services, you must create or import
certificates. You can create self-signed certificates, create certificates and then generate
a Certificate Signing Request (CSR) to send to a CA, or import certificates previously
created with OpenSSL.

If you have previously generated certificates for SSL, you can import them for use by
Mac OS X Server services. The OpenSSL keys and certificates must be in PEM format.

Select a CA to sign your certificate request. If you don’t have a CA to sign your request,
consider becoming your own CA and then import your CA certificates into the root
trust database of your managed machines.

When you set up Mac OS X Server, the Server Assistant creates a self-signed certificate
based on information you provided when it’s first installed. It can be used for any
service that supports SSL. When your clients choose to trust the certificate, SSL
connections can be used without user interaction from that point on.

This initial self-signed certificate is used by Server Admin and Server Preferences to
encrypt administrative functions.

Chapter 4

Enhancing Security