Ask a Question

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Apple Mac OS X Server 10.7

Solution

This document provides instructions how to generate certificate signing request (CSR) for Apple Mac OS X Server 10.7. If you are not able to follow the steps on the server, Symantec recommends to contact Apple.

NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.

Step 1: Start Profile Manager

  1. Login to the server, and in the Services list, click Profile Manager.
  2. Make sure to choose the Settings option, then click the Edit button.

     
     
  3. In the Manage Certificates screen, click on the plus sign and choose Create a Certificate Identity.

      
     
  4. Please make sure to select SSL Server in the Certificate Type. Also enter a name for the certificate for reference.


     
  5. This step would create a self-signed certificate, which is required before you can generate a new CSR.

     

 

Step 2: Generate the CSR

  1. In the Certificate Information page, leave the value as default.


     
  2. Next please enter the information requested for the CSR.

      
     
    • Country Name (C): Enter the two-character abbreviation of country in which organization resides (e.g. US).
    • State or Province (S): Enter the full name of your state or province.
      Note: Make sure the State or Province is not abbreviated (e.g. California).
    • Locality or City (L): Usually the city of your organization's main office, or a main office for your organization.
    • Organization (O): The full legal name of your company.
    • Organizational Unit (OU): Use this field to differentiate between divisions within an organization.
    • Common Name (CN): The fully-qualified domain name to which your certificate will be issued.
       
  3. Select keysize as 2048 bit.

     
     
  4. Leave the key extension as default.

     
     
  5. Leave the Basic Contraints value as default.


     
  6. At this stage, you can enter Subject Alternate Names.  However these values should instead be added to the Symantec enrollment form.

      
     
  7. Next you will see a certificate summary page.

     
     
  8. Click on Allow to export the key.

     
     
  9. Go back to server.app and then select Manage certificates.
  10. Now click on Create Certificate Signing Request (CSR) as shown in the diagram below

     
     
  11. You should see the CSR text at this stage. 

     
     
  12. Use this CSR for enrolment of your SSL certificate on the Symantec website.
    NOTE: During the enrollment, open the file you created from the above steps and copy the contents into the enrollment form 
    when requested for the CSR.


Back up your Private Key

          Symantec recommends backing up the .key file and storing of the corresponding pass phrase. A good choice is to create a copy of 
          this file onto a removable media.While backing up the private key is not required, having one will be helpful in the instance of
          server failure.

Contact Information

           During the verification process, Symantec may need to contact your organization. Be sure to provide an email address,
           phone number, and fax number that will be checked and responded to quickly. These fields are not part of the certificate.
 
Once the certificate has been issued, follow the steps from this link to install the certificate on your server.