Ask a Question

Managed PKI for SSL - Certificate Signing Request (CSR) Generation Instructions for Apple Mac OS X Server 10.5

Solution

This document provides instructions how to generate a CSR for Apple Mac OS X Server 10.5. If you can not follow this steps contact Apple.

Note: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR, and certificate must all match in order for the installation to be successful.
 
Note: Using the Server Admin utility to create certificate requests for new certificates and renewals is not recommended, as it can lead to issues when installing the new SSL certificate.


To generate a Certificate Signing Request (CSR) file using Apple Mac OS X Server 10.5, perform the following steps:

  1. Launch the Server Admin tool and connect to the server where you want to install the certificate.
  2. Highlight the server node in the SERVERS list.
  3. Select the Certificates button from the toolbar at the top of the right pane:


     
  4. Click the + button.
  5. Fill in the fields as appropriate. A brief description of each field follows:
  • Common Name - The fully-qualified domain name to which your certificate will be issued.
  • Organization - The full legal name of your company.
  • Organizational Unit (Optional) - Use this field to differentiate between divisions within an organization.
  • City (Locality) - Usually the city of your organization's main office, or a main office for your organization.
  • State/Province - Enter the full name of your state or province.
    Note: Make sure the State or Province is not abbreviated (e.g. California).
  • Country Code - Enter the two-character abbreviation of country in which organization resides (e.g. US).
  • Valid From/Expires On -Not used. Leave at default values.
  • Private Key Size - Must be at least 2048.
  • Private Key Passphrase (Optional) - If you wish to use a private key passphrase, enter and confirm it here. Note that this passphrase will need to be made available to the system whenever starting any applications that make use of this certificate. If you want your services to be able to start automatically upon server startup, leave the passphrase field blank.
  1. Click the Done button, then click the Save button. Click the "Gear" button and then select Generate Certificate Signing Request.
  2. Drag the icon on the sheet to the directory where you wish to save the certificate request. The rest of this document assumes that the
    file was saved to the Desktop.
  3. Click Done.
  4. Rename the file that was created from "-----BEGIN CERTIFICATE REQUEST----- & -----END CERTIFICATE REQUEST-----" to "certreq."
  5. This file contains the Certificate Signing Request (CSR) that you will need to provide when submitting your certificate reques
     to Symantec.
  6. You can close the Server Admin application.
  7. Verify your CSR
  8. Proceed with the Enrolment.


Once the certificate has been issued, follow the steps from this link to install the certificate on your server: INFO1948