This document provides instructions for generating Certificate Signing Request for MAC OS X 10.3. If you are unable to use these instructions for your server, Symantec recommends that you contact Apple.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
To generate the private key and the CSR for Mac OS X 10.3, follow the steps below:
Step1: Generate the Private Key
- Log in to the server using the root password and open the Terminal application.
- At the prompt, type these commands and press Return at the end of each one:
openssl sha1* > rand.dat
openssl genrsa -rand rand.dat -des 2048 > key.pem
- At the next prompt, type a pass phrase, then press Return.
NOTE: The pass phrase created unlocks the server's certificate key.
This pass phrase will be used when enabling SSL on the web server.
- If is doesn't already exist on the server, create a folder with the following name: /etc/httpd/ssl.key/
Step 2: Generate the CSR
- At the prompt, type the following command and press Return:
openssl req -new -key key.pem -out csr.pem
- When prompted, enter the following information:
- Common Name: The fully-qualified domain name to which your certificate will be issued.
- Organization: The full legal name of your company.
- Organizational Unit: Use this field to differentiate between divisions within an organization.
- City or Locality: Usually the city of your organization's main office, or a main office for your organization.
- State or Province: Enter the full name of your state or province.
Note: Make sure the State or Province is not abbreviated (e.g. California).
- Country: Enter the two-character abbreviation of country in which organization resides (e.g. US)
- Email Address: Optional
- To view the content of the CSR use the command: cat csr.pem
- Remember to back up the private key and the CSR to a removable disk in case of server problems.
- Then open the CSR using a text editor, such as Notepad, and copy and paste the contents of the CSR
into the appropriate text field when requesting a certificate.
- Remember to include the five dashes before "Begin Certificate Request" and after "End Certificate Request".
Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO22149
For more information contact Apple Support.