beautypg.com

Creating a self-signed certificate – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 65

background image

Chapter 4

Enhancing Security

65

Creating a Self-Signed Certificate

A self-signed certificate is generated at server setup. Although it is available for use,
you may want to customize the information in the certificate, so you would create a
new self-signed certificate. This is especially important if you plan on having a CA sign
your certificate.

When you create a self-signed certificate, Certificate Manager creates a private–public
key pair in the System keychain with the key size specified (512 - 2048 bits). It then
creates the corresponding self-signed certificate.

If you’re using a self-signed certificate, consider using an intermediate trust for it and
import the certificate into the System keychain on all client computers (if you have
control of the computers). For more information about using intermediate trust,
see “About Intermediate Trust” on page 61.

To create a self-signed certificate:

1

In Server Admin, select the server that has services that support SSL.

2

Click Certificates.

3

Click the Add (+) button and choose Create a Certificate Identity.

Certificate Assistant launches, populated with information needed to generate the
certificate.

4

If you override the defaults, choose “Let me override defaults” and follow the onscreen

instructions.

5

When finished, click Continue.

6

Confirm the certificate creation by clicking Continue.

The Certificate Assistant generates a key pair and certificate. Certificate Manager
encrypts the files with a random passphrase, puts the passphrase in the System
keychain, and puts the resulting PEM files in /etc/certificates/.

Requesting a Certificate from a Certificate Authority

Certificate Manager helps you create a CSR to send to your designated CA.

You need a certificate for the CA to sign. You can use the one that was generated at
server setup, but more likely you will want to generate one that has all the details
the CA requires before signing. If you need to generate a certificate before getting it
signed, see “Creating a Self-Signed Certificate” on page 65.

To request a signed certificate:

1

In Server Admin, select the server that has services that support SSL.

2

Click Certificates.

3

Select the certificate you want signed.

See also other documents in the category Apple Software: