Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual
Page 67
Chapter 4
Enhancing Security
67
5
If you override the defaults, provide the following information in the next few screens:
A unique serial number for the root certificate
Â
The number of days the CA functions before expiring
Â
The type of user certificate this CA is signing
Â
Whether to create a CA website for users to access for CA certificate distribution
Â
6
Click Continue.
7
Provide the Certificate Assistant with the requested information and click Continue.
You need the following information to create a CA:
An email address of the responsible party for certificates
Â
The name of the issuing authority (you or your organization)
Â
The organization name
Â
The organization unit name
Â
The location of the issuing authority
Â
8
Select a key size and an encryption algorithm for the CA certificate and then click
Continue.
A larger key size is more computationally intensive to use, but much more secure. The
algorithm you choose depends more on your organizational needs than a technical
consideration.
DSA and RSA are strong encryption algorithms. DSA is a United States Federal
Government standard for digital signatures.
9
Select a key size and an encryption algorithm for the certificates to be signed,
and then click Continue.
10
Select the Key Usage Extensions you need for the CA certificate and then click
Continue.
At a minimum, you must select Signature and Certificate Signing.
11
Select the Key Usage Extensions you need for the certificates to be signed and then
click Continue.
Default key use selections are based on the type of key selected earlier in the Assistant.
12
Specify other extensions to add the CA certificate and click Continue.
13
Select the keychain “System” to store the CA certificate.
14
Choose to trust certificates on this computer signed by the created CA.
15
Click Continue and authenticate as an administrator to create the certificate and
key pair.
16
Read and follow the instructions on the last page of the Certificate Assistant.
You can now issue certificates to trusted parties.