Apple Mac OS X Server 10.7 (Lion) and 10.8 (Mountain Lion) - Generate CSR

These instructions apply to Mac OS X Server 10.7 (Lion) and 10.8 (Mountain Lion).

A Certificate Signing Request (CSR) is required when applying for an SSL certificate. This CSR (and private key) can be generated on your webserver. To request a wildcard certificate, fill in an * (asterisk) for the subdomain, for example *.sslcertificaten.nl (instead of www.sslcertificates.nl).

Create a self-signed certificate using Server App

  1. Open the Server App and select the server on which you wish to install the certificate. This might be the computer you are working on at the moment, or another computer (connect using a host name or IP-address). Login using Administrator credentials to be shown all Administrator options on the server.
  2. Select the computer name in the Hardware section, then click on the Settings tab. Click on Edit... SSL Certificate

    Apple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR

  3. Click on the gear wheel icon and choose Manage Certificates from the drop-down menu. 

    Apple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR

  4. Choose the self-signed certificate, issued by IntermediateCA_YOUR-COMPUTER..., click on the gear wheel icon to select actions and select Generate Certificate Signing Request.
    Note: If the certificate does not show a domain name registered by a registrar, please skip these instructions and start at Create a Certificate Identity and CSR to generate a CSR for an external domain name different from the computer host name.
  5. Select all of the text of the CSR and copy if to the clipboard (Click on the text-part and select Option + a to select the entire text, followed by Option + c to copy it), or click Save to save the file. The CSR will now be generated: 

    Apple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR

Create a Certificate Identity and CSR

  1. Open the Server App.
  2. Select your server in the Hardware section. Proceed by clicking on the Settings tab next to SSL Certificate and to then click on Edit.
  3. Click on the gear wheel and select Manage Certificates from the drop-down menu.
  4. Click on the Edit... option next to the SSL Certificate line.
  5. Click on the + drop-down menu and select Create a Certificate IdentityApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  6. The Certificate Assistant will now open. Please proceed by entering the following information in the Create Your Certificate window:
    • Name: 'server.example.com' (the domain name you want to use)
    • Identity Type: Self-Signed Root Certificate.
    • Type: SSL Server.
    • Please check the option: Let me override defaults.
    Apple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  7. You will now be shown a warning indicating the self-signed certificate will not automatically be trusted. Click on ContinueApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  8. Certificate Information: Use the standard settings and click ContinueApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  9. Please enter your e-mail address and other company- or personal data needed for the certificate (see also the overview of CSR fields): Apple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  10. Please select key size: 2048 bits and RSA as the Algorithm that should be used. Click on Continue
  11. Key Usage Extension: Use the standard settings and click on ContinueApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  12. Extended Key Usage Extension: Use the standard settings and click on ContinueApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  13. Basic Constraints Extension: Use the standard settings and click on ContinueApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  14. Subject Alternate Name Extension: Check the option Include Subject Alternate Name Extension if you plan to apply for a SAN certificate. If this is not the case, please select Continue without making any changes.
  15. dnsName: Enter any additional names that have to be protected, such as sub-domains or other websites (for example mail.domain.com, www.domain.com) and click on ContinueApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  16. You will now be shown a window with the message: Your Certificate has been successfully created, and a warning saying the root certificate is not trusted. Click on DoneApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  17. A window will now appear, telling you that the Server wants to export key "www.yourdomain.com" from your keychain. Click on AllowApple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR
  18. Click on the gear wheel icon and select Create Certificate Signing Request... from the drop-down menu. You will be shown a screen with the encrypted CSR code. This code can either be copied, or saved as a file. Apple OS X Server 10.7 (Lion) en 10.8 (Mountain Lion) - Aanmaken CSR

To order a certificate, copy the entire contents of the generated CSR, including the first and last line and all dashes.

Order certficate

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up