beautypg.com

Creating a certificate authority – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual

Page 66

background image

4

Click the Action button below the certificates list and choose “Generate Certificate

Signing Request (CSR).”
Certificate manager creates the signing request and shows the ASCII text version in
the sheet.

5

Click Save to save the CSR to the disk.

Your CA will have instructions on how to transfer the CSR to the signer. Some CAs
require you to use a web interface; others require sending the CSR in the body of a
mail message. Follow the instructions given by the CA.

The CA will return a newly signed certificate, which replaces the one you generated.
For instructions on what to do now with your newly signed certificate, see “Replacing
an Existing Certificate” on page 71.

Creating a Certificate Authority

To sign another user’s certificate, you must create a CA. Sometimes a CA certificate
is referred to as a root or anchor certificate. By signing a certificate with the root
certificate, you become the trusted third party in that certificate’s transactions,
vouching for the identity of the certificate holder.

If you are a large organization, you might decide to issue or sign certificates for people
in your organization to use the security benefits of certificates. However, external
organizations might not trust or recognize your signing authority.

To create a CA:

1

Start Keychain Access.

Keychain Access is found in the /Applications/Utilities/ directory.

2

In the Keychain Access menu, select Certificate Assistant > Create a Certificate

Authority.
The Certificate Assistant starts. It will guide you through the process of making the CA.

3

Choose to create a Self Signed Root CA.

4

Provide the Certificate Assistant with the requested information and click Continue.

You need the following information to create a CA:

An email address

Â

The name of the issuing authority (you or your organization)

Â

You also decide if you want to override the defaults and whether to make this CA the
organization’s default CA. If you do not have a default CA for the organization, allow
the Certificate Assistant to make this CA the default.
In most circumstances, do not override the defaults. If you do not override the defaults,
skip to step 16.

66

Chapter 4

Enhancing Security

See also other documents in the category Apple Software: