Ask a Question

Solution ID : SO22022

Last Modified : 05/18/2018

Managed PKI for SSL - Installation Instructions for Mac OS X Server 10.4

Solution

This document provides instructions for installing a SSL certificate on Mac OSX 10.4 and assumes that you created the Private Key and CSR on the command line.

Step 1: Download the updated Intermediate CA bundle

  1. Download the Intermediate CA certificate from this link.
     
  2. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: If you are not sure which certificate you have purchased, follow the steps from this link.
     
  3. Paste the Intermediate CA certificate by using a plain text editor like TextEdit.app, nano or vi to avoid
    adding control characters or special fonts to the certificate file.
     
  4. Save the file as /etc/httpd/ssl.crt/intermediate.crt
     

Step 2: Download the SSL certificate

  1. The Symantec certificate will be sent by email. If using the certificate included as an attachment (Cert.cer), you may use the file.
    If using the certificate imbedded in the body of the email, copy and paste the certificate by using a plain text editor like
    TextEdit.app, nano or vi.

    The text file should look like:

    -----BEGIN CERTIFICATE-----
              [encoded data]
    -----END CERTIFICATE-----
     
  2. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
    extra line breaks or additional characters have been inadvertently added.

    NOTE: Download the certificate from your Managed PKI for SSL account.
    Please select X.509 as a certificate format and copy only the
    End Entity Certificate.

     
  3. To follow the naming convention for Apache, rename the certificate filename with the .crt extension, for example: public.crt
     
  4. Copy the Certificate into the directory that you will be using to hold the certificates, for example: /etc/httpd/ssl.crt/public.crt      

                        

Step 3: Assign the new SSL certificate to the web site

  1. Open the Server Admin utility.
     
  2. In the Computers & Services column, open out the current server and select Web.
     
  3. In the main section of the Server Admin screen, select the Sites tab and double-click the site being secured with SSL.
     
  4. Select the Security tab, check the box for Enable Secure Sockets Layer (SSL) if not already checked.

    NOTE: If you change this selection, the port number the website operates on may change (a warning will appear if this is the case).
    If you need the website to operate in both http and https mode, you need to create a copy of the site in Server Admin.

     
  5. In the Certificate: dropdown, select Custom Configuration.
     
  6. A dialogue box appears to specify the locations of the certificate and key files.

    The below assumes the file locations and names have been left as recommended:

    For 'Certificate File', enter /etc/httpd/ssl.crt/public.crt

    For 'Private Key File', enter /etc/httpd/ssl.key/private.key

    For 'Certificate Authority File', enter /etc/httpd/ssl.crt/intermediate.crt

    For 'Private Key Passphrase', leave empty unless a password has been set on the private key
     
  1. Click OK on the dialogue box, click Save on the Server Admin window and click Restart when prompted.

    NOTE: If there are any errors during the restart process, review the logs to determine the problem - the most common issue is an 
    incorrectly specified certificate file or a mismatch between the private key and SSL certificate.