Mac Server SSL Certificate CSR Creation

  1. Open the Server App, and choose the server you're going to be installing the SSL Certificate onto Either This Mac - (Your computer's name with the Server App), or Other Mac (connect with a host name or IP address.) Then Enter the Administrator's credentials to view the server Administration options.

  2. In the Hardware Section, click your 'Server's computer name' then click the Settings tab, and click to Edit... SSL Certificates. 

  3. Click the Gear drop-down menu and select Manage Certificate

  4. Choose the Self-Signed Certificate issued by IntermediateCA_YOUR-COMPUTER..., and click the Gear to open the actions and choose Generate Certificate Signing Request

    Note: If your certificate doesn't show a domain name registered by a domain registrar, please see the instructions below to Create a Certificate Identity and Generate a CSR for an external domain name other than your computer's hostname.

  5. Select all of the text of the CSR and copy it to the clipboard (click the text area and choose Option + a to select all of the text, and Option + c to copy the text), or click Save to save the file. 

    Your CSR should now be created. 

Create a Certificate Identity and CSR

  1. Open the Server App.

  2. Under the Hardware Section, select your server and click the Settings tab and next to SSL Certificate click 'Edit'.

  3. Click the Gear drop-down and select Manage Certificates.

  4. On the SSL Certificate line click the Edit... button.

  5. Click the '+' drop-down menu and choose Create a Certificate Identity



    This will open a Certificate Assistant and you will need to enter the information below on each screen:

    You should then see a screen showing "Your Certificate has been successfully created", and a red warning stating that This root certificate is not trusted. Click Done.

    You will then receive a message stating 'Server wants to export key "www.yourdomain.com" from your keychain.' Click to 'Allow'.

    1. Enter the following details on the Create Your Certificate Screen: 

      Name: 'server.example.com' (this should be the FQDN users will connect with, this should be a domain that you have purchased)
      Identity Type: Self-Signed Root
      Certificate Type: SSL Server
      Check the box Let me override defaults 

    2. You will receive a warning that you are creating a self-signed certificate that won't be automatically trusted by computers that receive it. ClickContinue

    3. Certificate Information: Leave all items as the default values and click Continue

    4. Enter your email address and the details for the organization/individual the certificate is being purchased for:

      Email Address: your@emailaddress.com
      Name(Common Name): servername.domain.com
      Organization: Your Company, Inc.
      Organization Unit: IT
      City/Locality: YourCity
      State/Province: YourState
      Country: TR

       

    5. On this screen choose Key Size: 2048 bits, Algorithm: RSA Then click Continue

    6. Key Usage Extension: Leave all options as defaults and click Continue

    7. Extended Key Usage Extension: Leave all options as defaults and click Continue

    8. Basic Constraints Extension: Leave as default option and click Continue

    9. On the Subject Alternate Name Extension screen choose the following if you are getting a SAN Certificate otherwise click Continue

      dnsName: Enter additional SAN names you will be securing such as additional subdomains, or other websites (e.g. mail.domain.com, www.domaintwo.com) click Continue

  6. Click the Gear then choose Create Certificate Signing Request... This will bring up a windows showing the CSR text, that you can select (Option+a), and copy (Option+c), or click to save the file to upload during the SSL Certificate Purchase Process.