Using a CA to Create a Certificate for Someone Else
You can use your CA certificate to issue a certificate to someone else. By doing so you are stating you want to be a trusted party that can certify the identity of the certificate holder.
Before you can create a certificate for someone, that person must generate a CSR. The user can use the Certificate Assistant to generate the CSR and mail the request to you. You then use the CSR’s text to make the certificate.
To create a certificate for someone else:
1Start Keychain Access.
Keychain Access is found in the /Applications/Utilities/ directory.
2In the Keychain Access menu, select Certificate Assistant > Create a Certificate for Someone Else as a Certificate Signing Authority.
The Certificate Assistant starts, and guides you through the process of making the certificate.
3Drag the CSR and drop it on the target area.
4Choose the CA that is the issuer and sign the request. You can choose to override the request defaults.
5Click Continue.
If you override the request defaults, provide the Certificate Assistant with the requested information and click Continue.
The Certificate is now signed. The default mail application launches with the signed certificate as an attachment.
Importing a Certificate Identity
You can import a previously generated OpenSSL certificate and private key into Certificate Manager. The items are listed as available in the list of identities and are available to
The OpenSSL keys and certificates must be in PEM format.
To import an existing OpenSSL style certificate:
1In Server Admin, select the server that has services that support SSL.
2Click Certificates.
3Click the Add (+) button and choose Import a Certificate Identity.
4Drag the PEM file containing the private key to the sheet.
5Drag the PEM file containing the public certificate to the sheet.
6If needed, drag associated nonidentity certificates to the sheet as well.
68
