Apple Mac OS X Server (version 10.2.3 or later) User Manual

Tools for Advanced Administrators

615

3

In the New Keychain Passphrase dialog that appears, enter a passphrase or password for the
keychain you are creating; enter the password or passphrase a second time to verify it; and
click OK.

Remember this passphrase, because later you must supply it again.

4

When “Enter key and certificate label:” appears in the Terminal window, type a one-word key,
a blank space, and a one-word certificate label; then press Return.

For example, you could type your organization’s name as the key and mailservice as the
certificate label.

5

Type r when prompted to select a key algorithm, then press Return.

Please specify parameters for the key pair you will generate.

r RSA

d DSA

f FEE

Select key algorithm by letter:

6

Type a key size at the next prompt, then press Return.

Valid key sizes for RSA are 512..2048; default is 512

Enter key size in bits or CR for default:

Larger key sizes are more secure, but require more processing time on your server. Key sizes
smaller than 1024 are not accepted by some certificate-issuing authorities.

7

Type y when prompted to confirm the algorithm and key size, then press Return.

You have selected algorithm RSA, key size (size entered above) bits.

OK (y/anything)?

8

Type b when prompted to specify how this certificate will be used, then press Return.

Enter cert/key usage (s=signing, b=signing AND encrypting):

9

Type s when prompted to select a signature algorithm, then press Return.

...Generating key pair...

Please specify the algorithm with which your certificate will be

signed.

5 RSA with MD5

s RSA with SHA1

Select signature algorithm by letter:

LL0395.Book Page 615 Wednesday, November 20, 2002 11:44 AM