How to Generate Certificate Signing Request (CSR) in MAC OS X 10.7
This document provides instructions how to generate certificate signing request (CSR) for Apple Mac OS X Server 10.7. If you can not perform this steps on the server, please contact Apple Support.
NOTE: To generate a CSR, you will need to create a key pair for your server. These two items are a digital certificate key pair and cannot be separated. If you lose your public/private key file or your password and generate a new one, your SSL Certificate will no longer match.
Step 1: Start Profile Manager
1. Login to the server, and in the Services list, click Profile Manager.
2. Make sure to choose the "Settings" option, then click on "Edit" button.
3. In the Manage Certificates screen, click on the plus sign and choose " Create a Certificate Identity"
4. Please make sure to tick "SSL Server" in the Certificate Type. Also enter a name for the certificate for reference.
5. This step would create a self-signed certificate, which is required before you can generate a new CSR.
Step 2: Generate the CSR
1. In the Certificate Information page, leave the value as default.
2. Next please enter the distinguish name of your CSR
3. Select keysize as 2048 bit.
4. Leave the key extension as default.
5. Leave the Basic Contraints value as default.
6. At this stage, you can enter the Subject Alternate Name if you like
7. You would see a certificate summary page
8. Click on "Allow" to export the key
9. Go back to server.app and then Manage certificates
10. Now click on Create Certificate Signing Request (CSR) as shown in the diagram below.
11. You should see a CSR at this stage.
12. Use this CSR for enrolment of your SSL certificate on the Symantec website.
NOTE: During the enrolment open the file you created from the above steps and copy the contents into the enrollment form when requested for the CSR.
Back up your Private Key
RapidSSL recommends backing up the .key file and storing of the corresponding pass phrase. A good choice is to create a copy of this file onto a removable media. While backing up the private key is not required, having one will be helpful in the instance of server failure.
During the verification process, RapidSSL may need to contact your organization. Be sure to provide an email address, phone number and fax number that will be checked and responded to quickly. These fields are not part of the certificate.
WarungSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, WarungSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. WarungSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.
Further, WarungSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. Geotrust reserves the right to make changes to any information herein without further notice.