MAC OS X LION SERVER CSR


SSL INSTALLATION INSTRUCTIONS FOR MAC OS X LION SERVER

CREATE A SELF-SIGNED CERTIFICATE FROM THE SERVER APP


1. Click on the SERVER APP, and select the server you are going to be installing the SSL CERTIFICATE on. This will be shown as This Mac (Your computer’s name with the Server App), or Other Mac (connect with a host name or IP address). After that, fill in the ADMINISTRATOR’S credentials to view the server administration options.

2. Then, within the HARDWARE section select your Server’s computer name. Then, select Settings, tap Edit next to SSL Certificates.

Edit SSL Certificates

3. Select the Gear menu and click MANAGE CERTIFICATE.

Manage Certificates

4. Select the SELF-SIGNED CERTIFICATE given by intermediateCA_YOUR-COMPUTER, then select the Gear icon and choose GENERATE CERTIFICATE SIGNING REQUEST.

NOTE: If the certificate does not have a domain registered by a domain registrar, see additional instructions below to Create a Certificate Identity and Generate a CSR for an external domain name than the computer’s hostname.

5. Click all of the text of the CSR and copy it (Option + to highlight all of the text, and Command + c for copy), or select Save to Save the file. The CSR has now been made.

View Certificate

6. Then, DigiCert will send your SSL Certificate, and it can be installed.

CREATE A CERTIFICATE IDENTITY AND CSR


1. Click the Server App.

2. Locate the Hardware Section, and CLICK your server and SELECT the Settings tab. Then, select EDIT next to the SSL Certificate.

3. Select the gear and press MANAGE CERTIFICATES.

4. Then, select the edit option on the SSL Certificate.

5. Press the “+” button and choose CREATE A CERTIFICATE IDENTITY.

At this point, the Certificate Assistant will appear and you will have to enter the information needed on each screen.

6. In order to CREATE YOUR CERTIFICATE SCREEN enter the following:

Create Certificate Identity

NAME: “server.example.com” (This is the domain that you previously created, and will be the FQDN users will connect to)

IDENTITY TYPE: Self-Signed Root

CERTIFICATE TYPE: SSL Server

CHECK THE BOX THAT SAYS: LET ME OVERRIDE DEFAULTS

Specify domain information

7. There will be a warning that pops up on the screen telling you that you are creating a self-signed certificate that will not be instantly trusted by computers that get it. Press CONTINUE.

Create CSR

Serial number and validity

8. CERTIFICATE INFORMATION: Keep everything as the default items, and then press CONTINUE.

9. Fill in your email address and the information for the organization/individual for which the certificate is being purchased:

EMAIL ADDRESS: your@emailaddress.com

NAME: servername.domain.com

ORGANIZATION: Your Company, Inc

ORGANIZATION UNIT: IT

CITY/LOCALITY: YourCity

STATE/PROVINCE: YourState

COUNTRY: U.S.

Specify key size

1. Then, choose your Key Size as: 2048 bits, and Algorithm: RSA. Next, press CONTINUE.

2. For the Key Usage Extension screen, keep everything the same as the defaults and press CONTINUE.

Key Usage Extension

3. For the Extended Key Usage Extension screen, leave everything the same as the defaults and press CONTINUE.

Key Usage Extension 2

4. For the Basic Constraints Extension screen leave everything the same as the default options, and press CONTINUE.

Basic Constraints Extension

5. For the Subject Alternate Name Extension screen select the following only if you are getting a SAN CERTIFICATE, if not press CONTINUE.

dnsName: Type additional SAN names you will be using such as any more subdomains, or other websites (e.g. mail.domain.com, www.domaintwo.com) press CONTINUE.

Subject Alternate Name Extension

6. Next, you will see a screen that says, “YOUR CERTIFICATE HAS BEEN SUCCESSFULLY CREATED.” There will be an red warning that says, “This root certificate is not trusted.” Then, press DONE.

CSR Created

Export Key

7. Then, you will get a message that says, “SERVER WANTS TO EXPORT KEY “www.yourdomain.com” from your keychain. Press Allow to move on.

8. Select the GEAR and press CREATE CERTIFICATE SIGNING REQUEST. Next, this will pull up a window that says CSR text, then press (Option+a), and copy (Option+c), or press save the file to upload during the SSL Certificate Purchase option.

Export Key

9. Then, when you receive your SSL CERTIFICATE from DigiCert you can install it.

SSL INSTALLATION INSTRUCTIONS FOR MAC OS X LION SERVER
Back To Guides