Lesson 1: Add a signed SSL certificate

An SSL certificate is a specific kind of certificate used to secure the majority of services for OS X Server.

Your services need to provide a valid, trusted SSL certificate to clients, so the client can:

  • Be sure it’s connecting to a service that’s really yours

  • Encrypt the data that it passes so that no one can read it

In this lesson, you’ll learn:

  • How certificates, keys, and signing interact

  • How to create a Certificate Signing Request (to ask a CA to sign your certificate)

  • How to install a signed certificate to be used with services

Step 1. Create a Certificate Signing Request (CSR)

When you create a CSR, you’re doing two things: creating a new, unsigned certificate, and preparing a signing request.

  • Open the Server app to see the list of services available in OS X Server. Select Certificates, then click the Add button add to add a trusted certificate.

    Follow the onscreen instructions and supply all the requested information.

    Certificate creation sheet

    WARNING: Do not use the placeholder values shown in this lesson. Use your own values.

Step 2. Send the CSR to the CA

When you’ve generated a signing request, you end up with a file that ends in .csr and a block of scrambled text. This is what you supply to the CA.

CSR sheet
  • Either copy and paste the text into a web form, or email the .csr file, depending on the requirements of the CA. Click Save to save the .csr file, or copy and paste the contents of the window into another document.

    Then the CA provides you with the files that you install (for example, a certificate file that ends in .pem). Depending on your CA, you can get the files any number of ways (for example, the CA can email you the files, or send you a link to download the files).

Step 3. Install the signed certificate

  • In the Server app, double-click the pending certificate, drag all of the files provided by the CA to the window, then click OK.

    Important: If your CA sends you several files (for example, a root certificate and intermediate certificates), you must drag all of them to the Certificate Files portion of the sheet.

    Certificate import sheet
    Certificate applied

Go to Lesson 2: Secure a service.