Manuals / Apple / Computer Equipment / Server

Apple 10.6 manual Creating a Self-Signed Certificate, To create a self-signed certificate

Models: 10.6

1 197
Download 197 pages 50.37 Kb
Page 65
Image 65

Creating a Self-Signed Certificate

A self-signed certificate is generated at server setup. Although it is available for use, you may want to customize the information in the certificate, so you would create a new self-signed certificate. This is especially important if you plan on having a CA sign your certificate.

When you create a self-signed certificate, Certificate Manager creates a private–public key pair in the System keychain with the key size specified (512 - 2048 bits). It then creates the corresponding self-signed certificate.

If you’re using a self-signed certificate, consider using an intermediate trust for it and import the certificate into the System keychain on all client computers (if you have control of the computers). For more information about using intermediate trust, see “About Intermediate Trust” on page 61.

To create a self-signed certificate:

1In Server Admin, select the server that has services that support SSL.

2Click Certificates.

3Click the Add (+) button and choose Create a Certificate Identity.

Certificate Assistant launches, populated with information needed to generate the certificate.

4If you override the defaults, choose “Let me override defaults” and follow the onscreen instructions.

5When finished, click Continue.

6Confirm the certificate creation by clicking Continue.

The Certificate Assistant generates a key pair and certificate. Certificate Manager encrypts the files with a random passphrase, puts the passphrase in the System keychain, and puts the resulting PEM files in /etc/certificates/.

Requesting a Certificate from a Certificate Authority

Certificate Manager helps you create a CSR to send to your designated CA.

You need a certificate for the CA to sign. You can use the one that was generated at server setup, but more likely you will want to generate one that has all the details the CA requires before signing. If you need to generate a certificate before getting it signed, see “Creating a Self-Signed Certificate” on page 65.

To request a signed certificate:

1In Server Admin, select the server that has services that support SSL.

2Click Certificates.

3Select the certificate you want signed.

Chapter 4    Enhancing Security

65

Page 64 Page 66
Page 65
Image 65
Apple 10.6 manual Creating a Self-Signed Certificate, Requesting a Certificate from a Certificate Authority
Page 64 Page 66