Obtaining a web site certificate – Apple Mac OS X Server (Administrator’s Guide) User Manual
Page 362
362
Chapter 8
To generate a CSR for your server:
1
Log in to your server using the root password and open the Terminal application.
2
At the prompt, type these commands and press Return at the end of each one.
cd
openssl md5 * > rand.dat
openssl genrsa -rand rand.dat -des 1024 > key.pem
3
At the next prompt, type a passphrase, then press Return.
The passphrase you create unlocks the server’s certificate key. You will use this passphrase
when you enable SSL on your Web server.
4
If it doesn’t already exist on your server, create a directory at the following location:
/etc/httpd/ssl.key
Make a copy of the key.pem file (created in step 2) and rename it server.key. Then copy
server.key to the ssl.key directory.
5
At the prompt, type the following command and press Return.
openssl req -new -key key.pem -out csr.pem
This generates a file named csr.pem in your home directory.
6
When prompted, enter the following information:
m Country: The country in which your organization is located.
m State: The full name of your state.
m Locality: The city in which your organization is located.
m Organizational name: The organization to which your domain name is registered.
m Organizational unit: Usually something similar to a department name.
m Common name of your Web server: The DNS name, such as server.apple.com.
m Email address: The email address to which you want the certificate sent.
The file “csr.pem” is generated from the information you provided.
7
At the prompt, type the following, then press Return.
cat csr.pem
The cat command lists the contents of the file you created in step 5 (csr.pem). You should
see the phrase “Begin Certificate Request” followed by a cryptic message. The message ends
with the phrase “End Certificate Request.” This is your certificate signing request (CSR).
Obtaining a Web Site Certificate
You must purchase a certificate for each Web site from an issuing authority.