How to Generate Certificate Signing Request (CSR) in MAC OS X 10.4
This document provides instructions how to generate a CSR for Apple Mac OS X Server 10.4. If you can not perform the steps on the server, please contact Apple.
NOTE: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR, and certificate must all match in order for the installation to be successful.
Step 1. Generate the Private Key
1. To create a CSR for the SSL certificate enrollment or renewal, the administrator (root) password will be required, along with access to the servers' command line - either via Terminal.app or SSH.
NOTE: For all SSL certificates, the CSR key bit length must be 2048
2. Connect to your server and run the following three commands at the command line:
sudo openssl req -new -newkey rsa:2048 -nodes -keyout ssl.key/private.key -out certreq.txt
sudo chmod 640 ssl.key/private.key
Step 2. Generate the CSR
1. When the second command is run, the administrator password will be requested and a short wizard will run to specify the information that will appear in the SSL certificate:
Country Name: The two-letter code for the country where your organization operates
State or Province Name: The state in which your organization operates - must not be abbreviated.
Locality Name: The city or suburb where your organization is located.
Organization Name: The full, legal entity name for your organization.
Organizational Unit Name: The department of your organization that will be using the SSL certificate.
Common Name: The website address or FQDN that will be secured by the SSL certificate.
NOTE: Please do not enter an email address, challenge password or an optional company name when generating the CSR
2. The new private key (private.key) and CSR (certreq.txt) files will be created. The third command prevents the private key from being world readable - the private key should be protected at all times to prevent compromise of the SSL certificate.
3. Verify your CSR. Make sure all information provided is the same that you just insert when generate the CSR.
4. Proceed with the Enrolment.
WarungSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, WarungSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. WarungSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.
Further, WarungSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.