This document provides instructions how to generate a CSR for Apple Mac OS X Server 10.5. If you can not perform this steps on the server, please conatct Apple Support.
NOTE: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR, and certificate must all match in order for the installation to be successful.
NOTE: Using the Server Admin utility to create certificate requests for new certificates and renewals is not recommended, as it can lead to issues when installing the new SSL certificate.
To generate a Certificate Signing Request (CSR) file using Apple Mac OS X Server 10.5, perform the following steps:
- Launch the Server Admin tool and connect to the server where you want to install the certificate.
- Highlight the server node in the SERVERS list.
- Select the Certificates button from the toolbar at the top of the right pane:
- Click the + button.
- Fill in the fields as appropriate. A brief description of each field follows:
- Common Name - The fully-qualified domain name for which you plan to use your certificate (e.g., - "www.example.com").
- Organization - The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request.
- Organizational Unit (Optional) - Enter the name of a business unit or group. If applicable, you may enter the DBA (doing business as) name in this field.
- City (Locality) - Name of the city in which your organization is registered/located. Please spell out the name of the city. Note: Do not abbreviate.
- State/Province - Name of state or province where your organization is located. Please enter the full name. Note: Do not abbreviate.
- Country Code - The two-letter International Organization for Standardization (ISO) format country code for the country in which your organization is legally registered.
- Valid From/Expires On -Not used. Leave at default values.
- Private Key Size - Must be at least 2048bit.
- Private Key Passphrase (Optional) - If you wish to use a private key passphrase, enter and confirm it here. Note that this passphrase will need to be made available to the system whenever starting any applications that make use of this certificate. If you want your services to be able to start automatically upon server startup, leave the passphrase field blank.
- Click the Done button, then click the Save button. Click the "Gear" button and then select Generate Certificate Signing Request
- Drag the icon on the sheet to the directory where you wish to save the certificate request. The rest of this document assumes that
the file was saved to the Desktop.
- Click Done.
- Rename the file that was created from "-----BEGIN CERTIFICATE----- & -----END CERTIFICATE-----" to "certreq."
This file contains the Certificate Signing Request (CSR) that you will need to provide when submitting your certificate request
- You can close the Server Admin application.
- Verify your CSR
- Proceed with the Enrolment.
Once the certificate has been issued follow these steps to install the certificate