To generate a Certificate Signing Request (CSR) for Apple Mac OS x 10.6 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated. The CSR public key you will give to a Certificate Authority (CA) for signing and the private key will remain hidden on the Apple Mac OS x 10.6 system where the CSR request is made.
With Mac OS X you will first create your own self signed keypair, and then extract your CSR from it in order to give your your Certificate Authority (CA) for enrollment of a SSL certificate.
To generate a CSR for Apple Mac OS x 10.6 perform the following.
Step 1: Generating your Keypair:
- Start Server Admin and connect to your server.
- Click Certificates.
- Press the + button and chose Create a Certificate Identity.
- Specify the following information:
- Name: The Friendly name to associate with this keypair.
- Identity Type: Select Self Signed Root.
- Certificate Type: Select SSL Server.
- Check the Let me override defaults box.
- Click Continue.
- Changes to the Serial Number or Validity Period is not required, click Continue
- Specify the following information:
- Email Address – An email address of the responsible party for certificates
- Common Name – The fully-qualified domain name for which you plan to use your certificate. For example – www.yourdomain.com or domain.com
- Organization – The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request.
- Organizational Unit (Optional) – Name of a business unit or group. If applicable, you may enter the DBA (doing business as) name in this field.
- City (Locality) – Name of the city in which your organization is registered/located. Do not abbreviate. Enter the full name of the city.
- State/Province – Name of state or province where your organization is located. Do not abbreviate. Enter the full name.
- Country – The two-letter International Organization for Standardization (ISO) format country code for the country in which your organization is legally registered.
- Click Continue.
- Under Key Pair Information specify the following:
- Key Size: 2048 bits
- Algorithm: RSA
- Click Continue.
- Proceed through the following screens, accept the defaults for each of the following:
- Key Usage Extension
- Extended Key Usage Extension
- Basic Constraints Extension
- Subject Alternative Name Extension
- After the last screen, the Certificate Assistant will save the Certificate and quit. You will be returned to Server Admin, and see your new SSL certificate keypair under Certificates.
Step 2: Retrieving your CSR:
- Back under the Certificates click on your new SSL certificate.
- Click the icon and select Generate Certificate Signing Request (CSR).
- A pop up window will appear where you can either copy the content of the CSR or Save the CSR to a directory and path of your choice.
Your CSR request has been created and is ready for you to copy and paste its contents into the enrollment portal.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or the hosting organization that supports it.
Apple Support:
More for information refer to Mac