Certificate Signing Request (CSR) Generation Instructions for Apple Mac OS X Server 10.4

Solution ID:    SO13574    Updated:    09/15/2015

Solution


This document provides instructions how to generate a CSR for Apple Mac OS X Server 10.4. If you can not follow this steps please contact Apple.

NOTE: To generate a CSR, a key pair must be created for the server. These two items are a digital certificate key pair and cannot be separated. If the public/private key file or password is lost or changed before the SSL certificate is installed, the SSL certificate will need to be re-issued. The private key, CSR, and certificate must all match in order for the installation to be successful.
 

NOTE: Using the Server Admin utility to create certificate requests for new certificates and renewals is not recommended, as it can lead to issues when installing the new SSL certificate.

Step 1. Generate the Private Key

To create a CSR for the SSL certificate enrollment or renewal, the administrator (root) password will be required, along with access to the servers' command line - either via Terminal.app or SSH.

NOTEFor all SSL certificates, the CSR key bit length must be 2048

Connect to your server and run the following three commands at the command line:

cd /etc/httpd/
sudo openssl req -new -newkey rsa:2048 -nodes -keyout ssl.key/private.key -out certreq.txt
sudo chmod 640 ssl.key/private.key

Step 2. Generate the CSR

When the second command is run, the administrator password will be requested and a short wizard will run to specify the information that will appear in the SSL certificate - see below for details:

  • Country Name: The two-letter code for the country where your organization operates
  • State or Province Name: The state in which your organization operates - must not be abbreviated.
  • Locality Name: The city or suburb where your organization is located.
  • Organization Name: The full, legal entity name for your organization.
  • Organizational Unit Name: The department of your organization that will be using the SSL certificate.
  • Common Name: The website address or FQDN that will be secured by the SSL certificate.
     

NOTE: Please do not enter an email address, challenge password or an optional company name when generating the CSR

The new private key (private.key) and CSR (certreq.txt) files will be created. The third command prevents the private key from being world readable - the private key should be protected at all times to prevent compromise of the SSL certificate.

Verify your CSR

Proceed with the Enrolment.

Once the certificate has been issued, follow the steps from this link to install the certificate on your server: SO13575

 

Disclaimer:

Terms of use for this information are found in Legal Notices

Contact Support

Find Answers