Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates.
It generates a new public/private keypair when you create a CSR in Keychain Access. The name of the key will be what you entered in the 'Common Name' field when generating the CSR. If you would like to generate a new CSR from an existing key, I do not believe this can be done entirely within Keychain Access. Part 3: macOS 10.15 Catalina Web Development Environment In Part 1 of this 2-part series, we covered configuring Apache on macOS Sierra 10.15 High to work better with your local user account, as well as the installation process for installing multiple.
- To create your CSR, see Mac OS X Yosemite: Create Your CSR.
- To install your SSL Certificate, see Mac OS X Yosemite: Install Your SSL Certificate.
- Manage passwords using keychains on Mac. MacOS uses keychains to help you keep track of and protect the passwords, account numbers, and other confidential information you use every day on your Mac computers and iOS and iPadOS devices. You can use the Keychain Access app on your Mac.
- Quick steps explained to import and export an SSL certificate on Mac OS X Mavericks. It's now easy to pair your Mavericks SSL certificate on Mac OS X. Step-by-step instructions.
- It generates a new public/private keypair when you create a CSR in Keychain Access. The name of the key will be what you entered in the 'Common Name' field when generating the CSR. If you would like to generate a new CSR from an existing key, I do not believe this can be done entirely within Keychain Access.
For El Capitan Server (10.11), please see Mac OS X El Capitan: Create CSR & Install SSL Certificate.
1. Mac OS X Yosemite: Create Your CSR (Certificate Signing Request)
To get a valid SSL Certificate, you must first generate a CSR (certificate signing request). Then, you will use the contents of the CSR to order your SSL Certificate.
Mac OS X Yosemite Server (10.10): How to Generate a CSR Using the Server App
- Open the Server App.In the Finder window, under Favorites, click Applications and then double-click Server.
- In the Server App window, under Choose a Mac, do one of the following options to select the server on which to create your CSR:Note: You should select the server on which you are going to eventually install this SSL Certificate.
- To create the CSR on this server
- Select This Mac – YourServerName and then click Continue.
- Enter your Administrator Name and Administrator Password and then click Allow.
- To create the CSR on another server
- Select Other Mac – YourServerName and then click Continue.
- Freemake setup file key generator. Enter your Host Name/IP Address, your Administrator Name and Administrator Password and then click Allow.
- In the Server App window, under Server, click Certificates.
- On the Certificates page, click + > Get a Trusted Certificate.
- On the Get a Trusted Certificate page, click Next.
- Enter the following information:
Host Name: Enter the name to be used to access the certificate. This name is usually the fully qualified domain name (FQDN). For example, www.yourdomain.com or yourdomain.com Contact Email Address: Enter an email address at which you can be contacted. Company or Organization: Enter the legally registered name of your organization or company. Department: Enter the name of your department within the organization. For example, you can enter IT or Web Security. Town or City: Enter the town or city where your organization or company is located. State or Province: Enter the state or providence where your organization or company is located. Country: In the drop-down list, select the country where your organization or company is located. - To generate your CSR, click Next.
- Click Save and save the CSR, making sure to note the filename and location of the file.
- Click Finish.
- Use a text editor (such as TextEdit) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and enter it into the DigiCert order form.Note: During your DigiCert SSL Certificate ordering process, make sure that you select Mac OS X Server when asked to Select Server Software. This option ensures that you receive all the required certificates for Mac OS X Yosemite SSL Certificate Installation (Intermediate and SSL Certificates).Ready to Order Your Mac OS X Yosemite SSL CertificatesBuy NowLearn More
- After your receive your SSL Certificate from DigiCert, your can install it.
2. Mac OS X Yosemite: Install Your SSL Certificate
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Mac OS X Yosemite: Create Your CSR.
After receiving your SSL Certificate, you first need to install the intermediate certificate on your server. Then, install your SSL Certificate on your server and assign the SSL Certificate to services.
To install and configure your SSL Certificate, do the following:
- Install the Intermediate CertificateMac OS X Yosemite: How to Install the Intermediate Certificate.
- Install your SSL Certificate.
- Assign your SSL Certificate to Services
i. Mac OS X Yosemite: How to Install the Intermediate Certificate
- Save the ZIP file your_domain_com.zip onto your server, and extract the SSL Certificate file (your_domain_com.crt) and the DigiCert Intermediate Certificate file (DigiCertCA.crt) to a folder.
- Double-click DigiCertCA.crt.
- In the Add Certificates window, in the Keychain drop-down list, select System and then click Add.
- Enter the administrator's password to authorize the change.
ii. Mac OS X Yosemite: How to Install Your SSL Certificate
- Open the folder containing your SSL Certificate file (yourdomain_com.crt).Keep this folder open so that you can readily access this file.
- Open the Server App.In the Finder window, under Favorites, click Applications and then double-click Server.
- In the Server App window, under Choose a Mac, do one of the following options to select the server on which you want to install your SSL Certificate.
- To install the certificate on this server
- Select This Mac – YourServerName and then click Continue.
- Enter your Administrator Name and Administrator Password and then click Allow.
- To install the certificate on another server
- Select Other Mac – YourServerName and then click Continue.
- Enter your Host Name/IP Address, your Administrator Name and Administrator Password and then click Allow.
- In the Server App window, under Server, click Certificates.
- On the Certificates page, double-click on the Pending certificate that you created when generating the CSR.
- On your certificate's page (i.e. www.yourdomain.com), under Certificate Files, in the Drag files received from your certificate vendor here box, drag-and-drop your SSL Certificate file (yourdomain_com.crt).
- Click OK.
iii. Mac OS X Yosemite: How to Assign Your SSL Certificate to Services
Generate Csr Apache
- In the Server App window, under Server, click Certificates.
- On the Certificates page, in the Secure services using drop-down list, select Custom.
- In the Service Certificates window, in the Certificate drop-down list, select your new SSL Certificate for each Service to which you want to assign it.For example, in the Certificate drop-down list for Websites (Server Website – SSL) select your new SSL Certificate.
- When you are finished, click OK.
- You have successfully installed, configured, and assigned your SSL Certificate to your respective Services.
Test Your Installation
Mac Os High Sierra Generate Csr And Export Key In Windows 7
If your website is publicly accessible, our DigiCert® SSL Installation Diagnostics Tool can help you diagnose common problems.
Related Links
SSL Certificates
Well, I guess there is not a single expert on this out there watching, so I'll wing it. I suppose the first thing I need to do is make this OS X server trust the ADCS root. This involves adding the root certificate to Keychain. I will dig up my notes on this .. there is a bash command to do this .. and post it here.
Once that is done, I have to make a choice. Eventually, I would want to replace my self-signed Open Directory server certificate with one issued by my ADCS CA. I have to decide if I should do this before or after I push out a profile to my Mac clients with the ADCS root certificate.
If I do it before, I'm not sure how that will affect the binding to OD. I don't see the OD server certificate installed in my client's Keychain .. I guess it is simply using it as an SSL certificate for in-transit encryption. There doesn't seem to be a trust established for this certificate, so if I replace it with one from ADCS the clients will be in the same situation .. communicating with a server with an untrusted cert. I don't know if the binding somehow made this cert trusted and the change will break that or not.
If I do it after I push out ADCS certs to the clients (via Profile Manager), then the clients would at least trust that new OD server cert, since it can be chained back to the ADCS root.