Ask a Question

Advanced Search

Solution ID : SO22102

Last Modified : 05/31/2019

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Mac OS X Server 10.6


This document provides instructions for generating Certificate Signing Request for MAC OS X 10.6 . If you are unable to use these instructions for your server, DigiCert recommends that you contact Apple.

Step 1:  Generate a Key and Certificate Signing Request:

  1. Launch  Applications > Server > Server Admin tool and connect to the server where you want to install the certificate
  2. Double click the server name in the SERVERS list.
  3. Enter the password, click Connect
  4. From the toolbar select Certificates
  5. Click + (add) button
  6. Select Create a Certificate Identity to open Certificate Assistant:
  • Name: Your certificate name (e.g.
  • Identity Type: Self Signed Root
  • Certificate Type: SSL Server
  • Override the defaults by selecting the option “Let me override defaults”
  • Click Continue
  1. Changes to the Serial Number or Validity Period is not required, click Continue
  2. Enter the Certificate Information:
  • Email Address - An email address of the responsible party for certificates
  • Common Name: The fully-qualified domain name to which your certificate will be issued.
  • Organization: The full legal name of your company.
  • Organizational Unit: Use this field to differentiate between divisions within an organization.
  • City or Locality: Usually the city of your organization's main office, or a main office for your organization.
  • State or Province: Enter the full name of your state or province. 
    Note: Make sure the State or Province is not abbreviated (e.g. California).
  • Country: Enter the two-character abbreviation of country in which organization resides (e.g. US).
  1. Click Continue
  2. Key Pair Information:
  • Key Size: 2048 bits
  • Algorithm: RSA
  1. Click Continue
  2. Proceed through the following screens, accept the defaults for each of the following:
  • Key Usage Extension
  • Extended Key Usage Extension
  • Basic Constraints Extension
  • Subject Alternative Name Extension
  1. After the last screen, the Certificate Assistant will save the Certificate and quit. You will be returned to Server Admin, and the self signed certificate should be displayed in the Certificates pane.Select the new certificate.
  2. Below the certificate name, click the Action menu (looks like a gear) and choose Generate Certificate Signing Request (CSR).
  3. Click Save to save the CSR.
  4. Verify your CSR
  5. Proceed with the Enrollment.

         NOTE: During the enrollment open the file you created from the above steps and copy the contents into the enrollment form 
         when requested for the CSR.

Step 2: Backup the private key
         DigiCert recommends backing up the .key file and storing of the corresponding pass phrase. A good choice is to create a copy
         of this file onto a removable media.While backing up the private key is not required, having one will be helpful in the instance
         of server failure.

Contact Information

        During the verification process, DigiCert may need to contact your organization. Be sure to provide an email address, phone number, 
        and fax number that will be checked and responded to quickly. These fields are not part of the certificate.

Once the certificate has been issued, follow the steps from this link to install the certificate on your serverSO17826


         For additional information please see the following Apple Support Article HT3976.