Mac OSX Mountain Lion Server create a Certificat

The most important element of your cert is that you use a hostname (common name in SSL terms) that resolves publicy and internally.

Typical hostnames are:

mail.mydomain.com

domain.com

server.domain.com

That hostname should map to the public IP of your server (when looked up externally) and should map to the LAN address of your server when looked up from your LAN.

Here's an overview to get the process started

Go here

Chooe Manage Certificates (this gets you to the section where you can create a new cert)

Create a new cert (for now, this will be a self-signed cert)

Enter the name, this is IMPORTANT

It must be the hostname you will use to access the server

(mail.domain.com, domain.com, etc)

The other fields are not important for the typical server (but feel free to explore)

Click Create

Now you will see the new certificate in the list.

You need a CSR to pass to your SSL provider, choose this option

Here's what the CSR looks like.. Copy it and use it during the SSL ordering process with your provider.

Your SSL provider will verify that you are associated with this domain, when done they will return a 'signed certificate'

You then choose the option above to 'Replace Certificate with Signed or Renwed Certiciate'.

When you choose that option, you can include the intermediate certificate, for example, godaddy always gives you a cert name 'gd_intermediate.crt) which you need to include.

I hope that overview helps

Jeff

forgot to mention... having the cert signed is optional.

You don't need to send the CSR anywhere.

You can use the self-signed cert.

From client computers, you'll want to choose to always trust the cert.

This is fine for the typical small office. I wouldn't use self-signed when providing services to vendors/clients, but for your own people- its fine.

I use godaddy certs, they are about $7/year if you lookup a promo code... cheap and users won't see the SSL Trust dialog.

Sure would appreciate a step by step tut for godaddy certs i have a 5 domain cert and cant get it to work on lion server. Thx

The UCC certs (godaddy 5 domain certs) are intersting to deal with.

Here is a simple illustration that might help

If you have 5 servers, each with unique hostnames and all 5 are in the GD UCC cert:

mail.domain.com

files.domain.com

od.domain.com

www.domain.com

vpn.domain.com

Later, if you decide to change the list of 5 hostnames, you have to re-issue the certificate and the original is revoked. So if you decommission vpn.domain.com and use that slot for lion.domain.com, the certs for all 5 need to be re-installed.

Its not a bad setup IF things won't be changing...

But when one name in the list changes, and you have to mess with the config of 4 other servers/services... its not so attractive.

But- you already have the UCC cert.

You should be able to import it and it should work when using any of the hostnames included within it.

The import process is the same as a standard cert. Look here:

https://discussions.apple.com/thread/4592721?answerId=20560284022#20560284022

Conisidering you can purchase individual GD certs for between $5-$13/year, the UCC cert seems like less of a deal.

Disclosure-

I have nothing to do with godaddy. I am not am employee, reseller and I don't get affiliate or any other kickback.

Here's an example (from a quick google of godaddy ssl promo) of a promo code: PETE499SSL

That code makes individual certs about $5/year.

Jeff

Hi UptimeJeff,

I having a problem ...

On your first image posted have a arrow pointing to a Edit button of SSL Certificate, here is my problem, I don't have this write on my server, have only the push notifications option and jump directly to service data location...

I have a Mac mini server, and only using wifi settings? Have any problem? Why I don't have this SSL certificate write option... Brand new man and server installed, following for knowing I am reading the Mac OS server training essentials step by step, and trapped in this option that don't have and don't know to continue... What can I do?

Please help! Thanks a lot.

Regards

Rafael Pesuto

You're probably using Mountain Lion OS X Server and should go to the Certificates section in the sidebar of Server.app to manage your certificates. From that point it's basically the same.

Here's the difference for Server.app 2.2.1 to replace a self-signed cert with a trusted cert:

After you receive your trusted cert files...

Go to the Certificates section in the left sidebar of Server.app. Then in right pane DOUBLE-CLICK the self-signed cert you want to replace with the trusted cert. This opens a different window. Then drag and drop both cert and intermediate cert files into window.

It took me a couple hours to discover all it took was a double-click. I was looking for the option under the gear icon. Struggled to find how to replace the cert. It was so simple it was hard.

Apple's Help needs to be updated.