0 Replies Latest reply: Mar 14, 2012 3:45 AM by Twistan
Twistan Level 1 Level 1 (5 points)

This Tutorial will be posted in several parts because of Apple's file upload limitation of 2 MB.



this is for the novice who is running Lion Server 10.7.3 and who wants to install a SSL Server certificate, signed by one's own Certificate Authority (CA).

Experts are most welcome to comment and correct.

No terminal commands required.

Screenshot Note: some fields have been greyed to protect our privacy. Instructions are given ABOVE the screenshot.

I recommend to obtain basic SSL knowledge so that you get the idea.




1) DNS running

2) a valid hostname such as myserver.name.private



Step 1:

Open Server App and create your own self-signed root certificate.

I do not show the steps here because this procedure has been very well described by Vicent Danen (March 2010) for SnowLeopard Server:

http://www.techrepublic.com/blog/mac/create-your-own-ssl-ca-with-the-os-x-keycha in/388

This root CA certificate should be visible when you open your Keychain.


Step 2:

Open Server App, click Hardware in the left panel, and go to Settingsin the right window.

Click the Edit button to the right of SSL certificate.


Step 3:

In the sub-window that pops up you see a list of already present certificates, including the root CA certificate that you created in step 1. Ignore this list for now. Click the "gear" icon right to the question mark in lower left hand corner.

Another window pops up. Choose "Manage Certificates":


Screen Shot 2012-03-14 at 8.06.42 PM.png

Step 4:

In the next window click the + button and choose "Create a Certificate Identity"


Screen Shot 2012-03-14 at 8.14.51 PM.png

The list of certificate shows your root CA certificate that you will choose later to sign the SSL server certificate that you are about to create.

Screen Shot 2012-03-14 at 8.26.18 PM.png

Step 5:

Now the "Certificate Assistant" opens and you have to make your first choices.

In the "Name" field enter the dns hostname such as server.name.private .

(The dns hostname is NOT the FQDN (Fully Qualified Domain Name), i.e. there is no dot after "private" ! )

Choose "Leaf" because this certificate will be a leaf of your root CA certificate.

Click Continue and go to Part 2 of this tutorial.

Step 1.png

Mac mini (Mid 2010), Mac OS X (10.7.3)