Importing a certificate identity – Apple Mac OS X Server (Version 10.6 Snow Leopard) User Manual
Page 68
Using a CA to Create a Certificate for Someone Else
You can use your CA certificate to issue a certificate to someone else. By doing so you
are stating you want to be a trusted party that can certify the identity of the certificate
holder.
Before you can create a certificate for someone, that person must generate a CSR. The
user can use the Certificate Assistant to generate the CSR and mail the request to you.
You then use the CSR’s text to make the certificate.
To create a certificate for someone else:
1
Start Keychain Access.
Keychain Access is found in the /Applications/Utilities/ directory.
2
In the Keychain Access menu, select Certificate Assistant > Create a Certificate for
Someone Else as a Certificate Signing Authority.
The Certificate Assistant starts, and guides you through the process of making the
certificate.
3
Drag the CSR and drop it on the target area.
4
Choose the CA that is the issuer and sign the request.
You can choose to override the request defaults.
5
Click Continue.
If you override the request defaults, provide the Certificate Assistant with the
requested information and click Continue.
The Certificate is now signed. The default mail application launches with the signed
certificate as an attachment.
Importing a Certificate Identity
You can import a previously generated OpenSSL certificate and private key into
Certificate Manager. The items are listed as available in the list of identities and are
available to SSL-enabled services.
The OpenSSL keys and certificates must be in PEM format.
To import an existing OpenSSL style certificate:
1
In Server Admin, select the server that has services that support SSL.
2
Click Certificates.
3
Click the Add (+) button and choose Import a Certificate Identity.
4
Drag the PEM file containing the private key to the sheet.
5
Drag the PEM file containing the public certificate to the sheet.
6
If needed, drag associated nonidentity certificates to the sheet as well.
68
Chapter 4
Enhancing Security