Apple Mac OS X Server 10.7 (Lion) and 10.8 (Mountain Lion) - Generate CSR
These instructions apply to Mac OS X Server 10.7 (Lion) and 10.8 (Mountain Lion).
A Certificate Signing Request (CSR) is required when applying for an SSL certificate. This CSR (and private key) can be generated on your webserver. To request a wildcard certificate, fill in an * (asterisk) for the subdomain, for example *.sslcertificaten.nl (instead of www.sslcertificates.nl).
Create a self-signed certificate using Server App
- Open the Server App and select the server on which you wish to install the certificate. This might be the computer you are working on at the moment, or another computer (connect using a host name or IP-address). Login using Administrator credentials to be shown all Administrator options on the server.
- Select the computer name in the Hardware section, then click on the Settings tab. Click on Edit... SSL Certificate.
- Click on the gear wheel icon and choose Manage Certificates from the drop-down menu.
- Choose the self-signed certificate, issued by IntermediateCA_YOUR-COMPUTER..., click on the gear wheel icon to select actions and select Generate Certificate Signing Request.
Note: If the certificate does not show a domain name registered by a registrar, please skip these instructions and start at Create a Certificate Identity and CSR to generate a CSR for an external domain name different from the computer host name.
- Select all of the text of the CSR and copy if to the clipboard (Click on the text-part and select Option + a to select the entire text, followed by Option + c to copy it), or click Save to save the file. The CSR will now be generated:
Create a Certificate Identity and CSR
- Open the Server App.
- Select your server in the Hardware section. Proceed by clicking on the Settings tab next to SSL Certificate and to then click on Edit.
- Click on the gear wheel and select Manage Certificates from the drop-down menu.
- Click on the Edit... option next to the SSL Certificate line.
- Click on the + drop-down menu and select Create a Certificate Identity.
- The Certificate Assistant will now open. Please proceed by entering the following information in the Create Your Certificate window:
- Name: 'server.example.com' (the domain name you want to use)
- Identity Type: Self-Signed Root Certificate.
- Type: SSL Server.
- Please check the option: Let me override defaults.
- You will now be shown a warning indicating the self-signed certificate will not automatically be trusted. Click on Continue.
- Certificate Information: Use the standard settings and click Continue.
- Please enter your e-mail address and other company- or personal data needed for the certificate (see also the overview of CSR fields):
- Please select key size: 2048 bits and RSA as the Algorithm that should be used. Click on Continue.
- Key Usage Extension: Use the standard settings and click on Continue.
- Extended Key Usage Extension: Use the standard settings and click on Continue.
- Basic Constraints Extension: Use the standard settings and click on Continue.
- Subject Alternate Name Extension: Check the option Include Subject Alternate Name Extension if you plan to apply for a SAN certificate. If this is not the case, please select Continue without making any changes.
- dnsName: Enter any additional names that have to be protected, such as sub-domains or other websites (for example mail.domain.com, www.domain.com) and click on Continue.
- You will now be shown a window with the message: Your Certificate has been successfully created, and a warning saying the root certificate is not trusted. Click on Done.
- A window will now appear, telling you that the Server wants to export key "www.yourdomain.com" from your keychain. Click on Allow.
- Click on the gear wheel icon and select Create Certificate Signing Request... from the drop-down menu. You will be shown a screen with the encrypted CSR code. This code can either be copied, or saved as a file.
To order a certificate, copy the entire contents of the generated CSR, including the first and last line and all dashes.