Generate a Certificate Signing Request CSR | Apple 10.6 guide

Using an SSL Certificate from an External Certificate Authority

If you do not have a valid certificate, you can acquire one from a certificate authority and add it to the System keychain:

Generate a Certificate Signing Request (CSR)

A CSR is a file that provides information needed to issue an SSL certificate.

1Log in to the server as root locally through Terminal or remotely via ssh.

2Enter the following commands:

$ cd /private/var/root/Library/Keychains/ $ /usr/bin/certtool r csr.txt k=certkc c

This use of the certtool tool begins an interactive process that generates a CSR in the file csr.txt and creates a keychain named certkc.

3In the New Keychain Passphrase dialog that appears, enter a password for the keychain you’re creating, enter the password a second time to verify it, and click OK.

Remember this password, because later you must supply it again.

4When “Enter key and certificate label” appears in the Terminal window, enter a one- word key, a blank space, and a one-word certificate label, and then press Return.

For example, you could enter your organization’s name as the key and mailservice as the certificate label.

The following output appears.

Please specify parameters for the key pair you will generate.

rRSA d DSA f FEE

Select key algorithm by letter:

5Enter r, and then press Return.

The following output appears.

Valid key sizes for RSA are 512..2048; default is 512

Enter key size in bits or CR for default:

6Enter a key size, and then press Return.

Larger key sizes are more secure, but they require more processing time on your server. Key sizes smaller than 1024 aren’t accepted by some certificate-issuing authorities.

The following output appears.

You have selected algorithm RSA, key size (size entered above) bits. OK (y/anything)?

7Enter y, and then press Return.

The following output appears.

Enter cert/key usage (s=signing, b=signing AND encrypting):

Chapter 3    Mail Service Advanced Configuration

69

Image 69

Apple 10.6 manual Generate a Certificate Signing Request CSR, Enter a key size, and then press Return

Contents

Mac OS X Server Apple Contents Mail Service Advanced Configuration Troubleshooting Mail Service Monitoring and Maintaining Mail Service Contents Preface What’s in This Guide Using Onscreen Help To get the most recent onscreen help for Mac OS X ServerTo see the most recent server help topics Getting Started Document Road Map Preface About This Guide Getting Additional Information Getting Documentation Updates Mail Service Architecture Understanding Mail Service Mac OS X Server Mail Transfer Agent Mail Screening Where Mail Is Stored Outgoing Mail LocationIncoming Mail Location Internet Message Access Protocol Imap Local Delivery AgentDovecot Post Office Protocol POP User Interaction with Mail Service Using Mailing Lists with Mail Service Mailman-Based Mailing ListsWiki-Based Mailing Lists Mail service uses DNS like this Using Network Services with Mail Service Before You Begin Managing Mail Service Using Mail Service Tools Configuring DNS for Mail ServiceTo enable MX records How User Account Settings Affect Mail Service Setup Overview Configure outgoing Mail service To start the mail configuration assistant Configure additional settings for Mail service Changing Mail Service Settings Administering Mail ServiceTo enable Mail Service for administration To change Mail service settings from the command line Viewing Mail Service Settings from the Command Line General SetupConfiguring Outgoing Mail Service Understanding Smtp Authentication Enabling Smtp Access To enable Smtp accessRequiring Smtp Authentication To relay Smtp mail through another server Relaying Smtp Mail Through Another ServerCopying Undeliverable Incoming Mail To keep a copy of undeliverable incoming mail Enabling Imap Access Configuring Incoming Mail ServiceSaving Mail Messages for Monitoring and Archival Purposes To save all messages Enabling POP Access To enable Imap accessTo enable POP access Choosing No Incoming Mail Retrieval Restricting Smtp Relay To change the local delivery directoryTo restrict Smtp relay Rejecting Smtp Connections from Specific Servers Restricted Smtp Relay and Smtp Authentication Interaction Filtering Smtp Connections Rejecting Mail from Blacklisted SendersTo reject mail from blacklisted senders To filter Smtp connections Connection Control Limiting Junk Mail and Viruses Mail Service Filtering To enable junk mail screeningEnabling Junk Mail Screening Bayesian Filters Training the junk mail filter with users’ help Training the Junk Mail Filter Training the junk mail filter without user interaction Filtering Mail by Language and LocaleTo allow mail by language and locale Enabling Virus Screening To enable virus screening To enable Sieve support From the command lineServer-Side Mail Rules Managing Mail Quotas To enable a user’s mail quotaLimiting Incoming Message Size Enabling Mail Quotas for Users Configure Quota Violation Responses Configuring Quota WarningsTo configure quota warnings To configure quota violation responses Setting Up a Wiki-Based Mailing List To enable wiki-based mailing listsMailing Lists About Mailman Setting Up a Mailman Mailing List To enable mailing listsEnabling Mailing Lists To create a list Creating a Mailing List To set a list’s maximum message length Setting a List’s Maximum Message LengthCreating a Mailing List Description To create a list description To customize a welcome message Customizing the Mailing List Welcome MessageCustomizing the Mailing List Unsubscribe Message To customize the subscriber welcome message Setting Mailing List Message Bounce Options To enable list moderationEnabling a Mailing List Moderator To set bounce options To set privacy options Designating a Mailing List as PrivateAdding Subscribers To add subscribers Viewing a Server’s Mailing Lists Administering Mailing ListsTo see the lists Viewing a Mailing List’s Information To designate a list administrator Designating a List AdministratorAccessing Web-Based Administrator Options To access a list’s web-based options To designate a list moderator Designating a List ModeratorArchiving a List’s Mail To archive a list’s mail Viewing Mailing List Archives Working with Mailing List SubscribersAdding a Subscriber to a List Removing a List Subscriber To add or remove a subscriber’s posting privileges Changing Subscriber Posting PrivilegesSuspending a Subscriber To suspend a user’s subscription to a list Subscribing to a Mailing List Via Mail List Subscriber OptionsTo subscribe via mail Subscribing to a Mailing List Via Web Setting and Changing Your Mailing List Password Unsubscribing from a Mailing List Via MailUnsubscribing from a Mailing List Via Web Changing Digest Mode To disable list deliveryDisabling List Mail Delivery To toggle digest mode Setting Additional Subscriber Options Where to Find More InformationTo access additional options Choosing Mime or Plain Text Digests Setting the Mail Service Log Detail Setting Mail Service Logging OptionsArchiving Mail Service Logs by Schedule To set the Mail service log detail Configuring Mail Client Applications Client-Specific Configuration for Mail Service Vacation Notices Using WebmailTo use WebMail How a user modifies their vacation notices Use this chapter to tune Mail service beyond a basic setup Securing User Access to Mail ServiceDesignating Authorized Mail Service Users Using Workgroup Manager for Mail Service Access Using Access Control Lists for Mail Service AccessTo enable a user’s mail access using Workgroup Manager Choosing Authentication for Mail Service Smtp AuthenticationTo enable mail access using ACLs Imap and POP Authentication To allow secure Smtp authenticationTo allow less secure authentication To set less secure Imap and POP authentication To set secure Imap and POP authentication Configuring SSL for mail transport Securing Mail Service with SSL Configuring SSL Transport for Imap and POP Connections Configuring SSL Transport for Smtp ConnectionsTo configure SSL transport for Smtp connections To configure SSL transport for Imap and POP connections Enter a key size, and then press Return Generate a Certificate Signing Request CSR Enter s, and then press Return Following output appears Accessing Server Certificates from the Command Line Creating the Password File in the Keychain Creating a Password File from the Command Line Mail Service Virtual Host To enable virtual hostingEnabling Virtual Hosting Adding or Removing Virtual Hosts Associating Users to the Virtual HostTo add or remove virtual hosts Postmaster@server.com At the prompt, enter the following command To create a Mac OS X Server-style alias Creating Additional Mail Addresses for Users Setting Up Forwarding Mail Addresses for a User To create a Postfix-style aliasTo forward a user’s mail To specify where mail is stored on the server Working with Mail Service Data StorageViewing the Location of the Mail Store Specifying the Location of the Mail Store To split the mail store Creating Additional Mail Store Locations Backing Up and Restoring Mail Messages Maximum Number of Mail Messages Per Volume Configuring Additional Mail Service Support for 8-Bit Mime Setting Up Mail Server Clustering with XsanConfiguring Mail Clustering To disable the default conversion Use this chapter to monitor and maintain Mail service Starting or Stopping Mail ServiceTo start or stop the service To reload Mail service from the command line Reloading Mail ServiceHolding Outbound Mail To hold outbound mail Creating an Administration Account Allowing Administrator Access to Mail FoldersTo create a mail administrator account Blocking Inbound Mail Connections Viewing an Overview of Mail Service Activity Monitoring Mail Service ActivityViewing Mail Service Logs To see an overview of Mail service activity Reclaiming Disk Space Used by Mail Service Log Archives To view a Mail service logViewing the Mail Connections List To view a list of connected mail users Monitoring the Outgoing Mail Queue Viewing Mail AccountsChecking the Outgoing Mail Queue Clearing Messages from the Outgoing Mail Queue Viewing Mail Service Statistics Retrying Undelivered Outgoing MessagesTo try to resend an outgoing message Computer responds with the following output Improving Performance Troubleshooting Mail Service When Mail Is Undeliverable When a Disk Is FullWhere to Find More Information Forwarding Undeliverable Incoming Mail Internet Books Appendix Service Settings D87.cert.pem Mailimapsieveproxyservers Emptyarray D87.key.pem Default ALL+RC4@STRENGTH 100 Mailpostfixsendercanonicalmaps 101 102 103 Strength 104 ALL!EXPORT+RC4@STRENGTH 105 106 Mailpostfixdisablemimeinput Processing 107 Begin Certificate 108 109 110 111 112 Options 113 Connect GET Post 114 115 116 117 118 119 120 121 TZ Mailconfig Lang 122 123 Begin RSA Private KEY 124 MAILER-DAEMON 125 Ratedelay Mailpostfixsmtprandomize Yes Addresses 126 127 128 Vacation Notification Script Self-Defined Forwarding Basic Sort and Antijunk Mail Filter129 130 Index Disks131 132 133 See also Mailman, subscribers Mailman 134