This document provides instructions how to generate a CSR for Apple Mac OS X Server 10.4. If you can not follow this steps please contact Apple.
NOTE: Using the Server Admin utility to create certificate requests for new certificates and renewals is not recommended, as it can lead to issues when installing the new SSL certificate.
Step 1. Generate the Private Key
To create a CSR for the SSL certificate enrollment or renewal, the administrator (root) password will be required, along with access to the servers' command line - either via Terminal.app or SSH.
NOTE: For all SSL certificates, the CSR key bit length must be 2048
Connect to your server and run the following three commands at the command line:
sudo openssl req -new -newkey rsa:2048 -nodes -keyout ssl.key/private.key -out certreq.txt
sudo chmod 640 ssl.key/private.key
Step 2. Generate the CSR
When the second command is run, the administrator password will be requested and a short wizard will run to specify the information that will appear in the SSL certificate - see below for details:
NOTE: Please do not enter an email address, challenge password or an optional company name when generating the CSR
The new private key (private.key) and CSR (certreq.txt) files will be created. The third command prevents the private key from being world readable - the private key should be protected at all times to prevent compromise of the SSL certificate.
Proceed with the Enrolment.
Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO13575