Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Twistan
Twistan Author
User level: Level 1
23 points

Step by Step : How to Create an SSL Server Certificate (Part 1)

This Tutorial will be posted in several parts because of Apple's file upload limitation of 2 MB.


Hello,

this is for the novice who is running Lion Server 10.7.3 and who wants to install a SSL Server certificate, signed by one's own Certificate Authority (CA).

Experts are most welcome to comment and correct.

No terminal commands required.

Screenshot Note: some fields have been greyed to protect our privacy. Instructions are given ABOVE the screenshot.

I recommend to obtain basic SSL knowledge so that you get the idea.



Prerequisites:

1) DNS running

2) a valid hostname such as myserver.name.private



Step 1:

Open Server App and create your own self-signed root certificate.

I do not show the steps here because this procedure has been very well described by Vicent Danen (March 2010) for SnowLeopard Server:

http://www.techrepublic.com/blog/mac/create-your-own-ssl-ca-with-the-os-x-keycha in/388

This root CA certificate should be visible when you open your Keychain.


Step 2:

Open Server App, click Hardware in the left panel, and go to Settingsin the right window.

Click the Edit button to the right of SSL certificate.


Step 3:

In the sub-window that pops up you see a list of already present certificates, including the root CA certificate that you created in step 1. Ignore this list for now. Click the "gear" icon right to the question mark in lower left hand corner.

Another window pops up. Choose "Manage Certificates":


User uploaded file

Step 4:

In the next window click the + button and choose "Create a Certificate Identity"


User uploaded file

The list of certificate shows your root CA certificate that you will choose later to sign the SSL server certificate that you are about to create.

User uploaded file

Step 5:

Now the "Certificate Assistant" opens and you have to make your first choices.

In the "Name" field enter the dns hostname such as server.name.private .

(The dns hostname is NOT the FQDN (Fully Qualified Domain Name), i.e. there is no dot after "private" ! )

Choose "Leaf" because this certificate will be a leaf of your root CA certificate.

Click Continue and go to Part 2 of this tutorial.

User uploaded file

Mac mini (Mid 2010), Mac OS X (10.7.3)

Posted on Mar 14, 2012 3:45 AM

Reply

There are no replies.

Step by Step : How to Create an SSL Server Certificate (Part 1)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up