4Click the Action button below the certificates list and choose “Generate Certificate

Signing Request (CSR).”

Certificate manager creates the signing request and shows the ASCII text version in the sheet.

5Click Save to save the CSR to the disk.

Your CA will have instructions on how to transfer the CSR to the signer. Some CAs require you to use a web interface; others require sending the CSR in the body of a mail message. Follow the instructions given by the CA.

The CA will return a newly signed certificate, which replaces the one you generated. For instructions on what to do now with your newly signed certificate, see “Replacing an Existing Certificate” on page 71.

Creating a Certificate Authority

To sign another user’s certificate, you must create a CA. Sometimes a CA certificate is referred to as a root or anchor certificate. By signing a certificate with the root certificate, you become the trusted third party in that certificate’s transactions, vouching for the identity of the certificate holder.

If you are a large organization, you might decide to issue or sign certificates for people in your organization to use the security benefits of certificates. However, external organizations might not trust or recognize your signing authority.

To create a CA:

1Start Keychain Access.

Keychain Access is found in the /Applications/Utilities/ directory.

2In the Keychain Access menu, select Certificate Assistant > Create a Certificate

Authority.

The Certificate Assistant starts. It will guide you through the process of making the CA.

3Choose to create a Self Signed Root CA.

4Provide the Certificate Assistant with the requested information and click Continue.

You need the following information to create a CA: ÂÂ An email address

ÂÂ The name of the issuing authority (you or your organization)

You also decide if you want to override the defaults and whether to make this CA the organization’s default CA. If you do not have a default CA for the organization, allow the Certificate Assistant to make this CA the default.

In most circumstances, do not override the defaults. If you do not override the defaults, skip to step 16.

66

Chapter 4    Enhancing Security

Page 65 Page 67
Page 66
Image 66
Apple 10.6 manual Creating a Certificate Authority, To create a CA
Page 65 Page 67
Top Page Image Contents