MAC OS X LION SERVER CSR
SSL INSTALLATION INSTRUCTIONS FOR MAC OS X LION SERVER
CREATE A SELF-SIGNED CERTIFICATE FROM THE SERVER APP
1. Click on the SERVER APP, and select the server you are going to be installing the SSL CERTIFICATE on. This will be shown as This Mac (Your computer’s name with the Server App), or Other Mac (connect with a host name or IP address). After that, fill in the ADMINISTRATOR’S credentials to view the server administration options.
2. Then, within the HARDWARE section select your Server’s computer name. Then, select Settings, tap Edit next to SSL Certificates.
3. Select the Gear menu and click MANAGE CERTIFICATE.
4. Select the SELF-SIGNED CERTIFICATE given by intermediateCA_YOUR-COMPUTER, then select the Gear icon and choose GENERATE CERTIFICATE SIGNING REQUEST.
NOTE: If the certificate does not have a domain registered by a domain registrar, see additional instructions below to Create a Certificate Identity and Generate a CSR for an external domain name than the computer’s hostname.
5. Click all of the text of the CSR and copy it (Option + to highlight all of the text, and Command + c for copy), or select Save to Save the file. The CSR has now been made.
6. Then, DigiCert will send your SSL Certificate, and it can be installed.
CREATE A CERTIFICATE IDENTITY AND CSR
1. Click the Server App.
2. Locate the Hardware Section, and CLICK your server and SELECT the Settings tab. Then, select EDIT next to the SSL Certificate.
3. Select the gear and press MANAGE CERTIFICATES.
4. Then, select the edit option on the SSL Certificate.
5. Press the “+” button and choose CREATE A CERTIFICATE IDENTITY.
At this point, the Certificate Assistant will appear and you will have to enter the information needed on each screen.
6. In order to CREATE YOUR CERTIFICATE SCREEN enter the following:
NAME: “server.example.com” (This is the domain that you previously created, and will be the FQDN users will connect to)
IDENTITY TYPE: Self-Signed Root
CERTIFICATE TYPE: SSL Server
CHECK THE BOX THAT SAYS: LET ME OVERRIDE DEFAULTS
7. There will be a warning that pops up on the screen telling you that you are creating a self-signed certificate that will not be instantly trusted by computers that get it. Press CONTINUE.
8. CERTIFICATE INFORMATION: Keep everything as the default items, and then press CONTINUE.
9. Fill in your email address and the information for the organization/individual for which the certificate is being purchased:
EMAIL ADDRESS: your@emailaddress.com
NAME: servername.domain.com
ORGANIZATION: Your Company, Inc
ORGANIZATION UNIT: IT
CITY/LOCALITY: YourCity
STATE/PROVINCE: YourState
COUNTRY: U.S.
1. Then, choose your Key Size as: 2048 bits, and Algorithm: RSA. Next, press CONTINUE.
2. For the Key Usage Extension screen, keep everything the same as the defaults and press CONTINUE.
3. For the Extended Key Usage Extension screen, leave everything the same as the defaults and press CONTINUE.
4. For the Basic Constraints Extension screen leave everything the same as the default options, and press CONTINUE.
5. For the Subject Alternate Name Extension screen select the following only if you are getting a SAN CERTIFICATE, if not press CONTINUE.
dnsName: Type additional SAN names you will be using such as any more subdomains, or other websites (e.g. mail.domain.com, www.domaintwo.com) press CONTINUE.
6. Next, you will see a screen that says, “YOUR CERTIFICATE HAS BEEN SUCCESSFULLY CREATED.” There will be an red warning that says, “This root certificate is not trusted.” Then, press DONE.
7. Then, you will get a message that says, “SERVER WANTS TO EXPORT KEY “www.yourdomain.com” from your keychain. Press Allow to move on.
8. Select the GEAR and press CREATE CERTIFICATE SIGNING REQUEST. Next, this will pull up a window that says CSR text, then press (Option+a), and copy (Option+c), or press save the file to upload during the SSL Certificate Purchase option.
9. Then, when you receive your SSL CERTIFICATE from DigiCert you can install it.
SSL INSTALLATION INSTRUCTIONS FOR MAC OS X LION SERVER
Back To Guides