8 Integrating the Client with Security Solutions 61
Presentation Server documentation and SSL Relay documentation for
details.
2. Install the equivalent root certificate on the client. See “Configuring SSL/
TLS” on page 60.
3. Configure a connection, or all connections, to connect to the server using
SSL/TLS. See “Configuring SSL/TLS” on page 60.
Installing Root Certificates on Clients
To use SSL/TLS to secure communications between SSL/TLS-enabled clients
and the server, you need a root certificate on the client that can verify the
signature of the Certificate Authority on the server certificate. Mac OS X comes
with about 100 commercial root certificates already installed, but if you need to
install another certificate, follow the guidelines below.
Obtain a root certificate from the Certificate Authority and place it on each client
(the certificate will usually have the extension .crt or .cer). This root certificate is
then used and trusted by the client.
Depending on your organization’s policies and procedures, you may want to
install the root certificate on each client instead of directing users to install it. The
easiest and safest way is to add root certificates to the Mac OS X keychain;
alternatively place root certificates in a certificates folder in the folder containing
your client.
Important: The following steps assume your organization has a procedure in
place for users to check the root certificate before they install it.
To add a root certificate to a keychain
1. Double-click on the file containing the certificate. This will automatically
start the Keychain Access application.
2. In the Add Certificates dialog box, choose X509Anchors (if using Mac
OS 10.4 Tiger) or System (if using Mac OS 10.5 Leopard) from the
Keychain pop-up menu. Click OK.
3. Type your password in the Authenticate dialog box and click OK. The root
certificate is installed and can be used by SSL-enabled clients and by any
other application using SSL.
Configuring the Client to Use SSL/TLS
The following section explains how to configure the client to use SSL/TLS.