Generating a Certificate Signing Request (CSR) using Apple Mac OS X Server 10.2 Step 1: Generate a Private Key. Log in to your server using the root password and open the Terminal application. At the prompt, type the following commands and press return after each one: cd openssl md5. rand.dat openssl genrsa -rand rand.dat -des 2048 key.pem. To generate a Certificate Signing Request (CSR) for Apple Mac OS x 10.11 you will need to create a key pair for your server the public key and private key. These two items are a digital certificate key pair and cannot be separated.
Use these instructions to create your CSR (certificate signing request) and then, to install your SSL and intermediate certificates.
To create your CSR, see Mac OS X Yosemite: Create Your CSR.
To install your SSL Certificate, see Mac OS X Yosemite: Install Your SSL Certificate.
For El Capitan Server (10.11), please see Mac OS X El Capitan: Create CSR & Install SSL Certificate.
1. Mac OS X Yosemite: Create Your CSR (Certificate Signing Request)
To get a valid SSL Certificate, you must first generate a CSR (certificate signing request). Then, you will use the contents of the CSR to order your SSL Certificate.
Generate Csr Openssl
Mac OS X Yosemite Server (10.10): How to Generate a CSR Using the Server App
Open the Server App.
In the Finder window, under Favorites, click Applications and then double-click Server.
In the Server App window, under Choose a Mac, do one of the following options to select the server on which to create your CSR:
Note: You should select the server on which you are going to eventually install this SSL Certificate.
To create the CSR on this server
Select This Mac – YourServerName and then click Continue.
Enter your Administrator Name and Administrator Password and then click Allow.
To create the CSR on another server
Select Other Mac – YourServerName and then click Continue.
Enter your Host Name/IP Address, your Administrator Name and Administrator Password and then click Allow.
In the Server App window, under Server, click Certificates.
On the Certificates page, click + > Get a Trusted Certificate.
On the Get a Trusted Certificate page, click Next.
Enter the following information:
Host Name: Enter the name to be used to access the certificate. This name is usually the fully qualified domain name (FQDN). For example, www.yourdomain.com or yourdomain.com Contact Email Address: Enter an email address at which you can be contacted. Company or Organization: Enter the legally registered name of your organization or company. Department: Enter the name of your department within the organization. For example, you can enter IT or Web Security. Town or City: Enter the town or city where your organization or company is located. State or Province: Enter the state or providence where your organization or company is located. Country: In the drop-down list, select the country where your organization or company is located. To generate your CSR, click Next.
Click Save and save the CSR, making sure to note the filename and location of the file.
Click Finish.
Use a text editor (such as TextEdit) to open the file. Then, copy the text, including the -----BEGIN NEW CERTIFICATE REQUEST----- and -----END NEW CERTIFICATE REQUEST----- tags, and enter it into the DigiCert order form.
Note: During your DigiCert SSL Certificate ordering process, make sure that you select Mac OS X Server when asked to Select Server Software. This option ensures that you receive all the required certificates for Mac OS X Yosemite SSL Certificate Installation (Intermediate and SSL Certificates).
Ready to Order Your Mac OS X Yosemite SSL Certificates
Buy NowLearn MoreAfter your receive your SSL Certificate from DigiCert, your can install it.
2. Mac OS X Yosemite: Install Your SSL Certificate
If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see Mac OS X Yosemite: Create Your CSR.
After receiving your SSL Certificate, you first need to install the intermediate certificate on your server. Then, install your SSL Certificate on your server and assign the SSL Certificate to services.
To install and configure your SSL Certificate, do the following:
Install the Intermediate Certificate
Mac OS X Yosemite: How to Install the Intermediate Certificate.
Install your SSL Certificate.
Assign your SSL Certificate to Services
i. Mac OS X Yosemite: How to Install the Intermediate Certificate
Save the ZIP file your_domain_com.zip onto your server, and extract the SSL Certificate file (your_domain_com.crt) and the DigiCert Intermediate Certificate file (DigiCertCA.crt) to a folder.
Double-click DigiCertCA.crt.
In the Add Certificates window, in the Keychain drop-down list, select System and then click Add.
Enter the administrator's password to authorize the change.
ii. Mac OS X Yosemite: How to Install Your SSL Certificate
Open the folder containing your SSL Certificate file (yourdomain_com.crt).
Keep this folder open so that you can readily access this file.
Open the Server App.
In the Finder window, under Favorites, click Applications and then double-click Server.
In the Server App window, under Choose a Mac, do one of the following options to select the server on which you want to install your SSL Certificate.
To install the certificate on this server
Select This Mac – YourServerName and then click Continue.
Enter your Administrator Name and Administrator Password and then click Allow.
To install the certificate on another server
Select Other Mac – YourServerName and then click Continue.
Enter your Host Name/IP Address, your Administrator Name and Administrator Password and then click Allow.
In the Server App window, under Server, click Certificates.
On the Certificates page, double-click on the Pending certificate that you created when generating the CSR.
On your certificate's page (i.e. www.yourdomain.com), under Certificate Files, in the Drag files received from your certificate vendor here box, drag-and-drop your SSL Certificate file (yourdomain_com.crt).
Click OK.
iii. Mac OS X Yosemite: How to Assign Your SSL Certificate to Services
In the Server App window, under Server, click Certificates.
On the Certificates page, in the Secure services using drop-down list, select Custom.
In the Service Certificates window, in the Certificate drop-down list, select your new SSL Certificate for each Service to which you want to assign it.
For example, in the Certificate drop-down list for Websites (Server Website – SSL) select your new SSL Certificate.
When you are finished, click OK.
You have successfully installed, configured, and assigned your SSL Certificate to your respective Services.
Test Your Installation
If your website is publicly accessible, our DigiCert® SSL Installation Diagnostics Tool can help you diagnose common problems.
Mac Os High Sierra Generate Csr And Export Key In Windows 7
Related Links
SSL Certificates
This tutorial will show you how to generate and secure SSH keys on macOS Sierra (10.12) and macOS High Sierra (10.13). SSH keys allow you to log into your server without a password. They increase convenience as well as security by being significantly more resistant to brute-force attacks.
SSH (Secure Shell) is a protocol most often used for remote management and for file transfer often denoted as sFTP (Secure File Transfer Protocol). When accessing a remote server such as a Vultr VPS, it is recommended to use SSH with PKE (Public Key Exchange) which uses a key-pair where the public key is provided to the server and the private key in stored on your machine.
SSH Keys can be automatically added to servers during the installation process by adding your public keys in the Vultr control panel. You can manage your SSH keys on this page. It is important to remember that these are your public keys only (usually denoted with .pub), you should never expose your private keys.
Key types
There are several different key types that can be selected. Use the -t argument upon generation, such as ssh-keygen -t ed25519. The ED25519 key type, which uses an elliptic-curve signature, is more secure and more performant than DSA or ECDSA. Most modern SSH software (such as OpenSSH since version 6.5) supports the ED25519 key type, but you may still find software that is incompatible, thus the default key type is still RSA.
The default key type is 2048-bit RSA which offers good security and compatibility. For higher security, you can choose a larger key size using the -b argument on generation, such as ssh-keygen -b 4096 to create a 4096-bit RSA key pair.
Key generation
To generate an SSH key, you will need to open Terminal.app found in 'Applications > Utilities > Terminal'.
To create a 4096-bit RSA key pair, enter:
Generate Csr Iis
Then you will see:
Pressing Enter/Return will save your new key pair to this default location, which is recommended. You will then have the option to create a passphrase, which will encrypt the key so that it cannot be used without authorization. Using a passphrase is also recommended.
At this point, your keypair has been created and stored in ~/.ssh/id_rsa. To make the key available to the system and store the passphrase in the system keychain, we will need to complete several additional steps. Note that this is only needed if you would rather not be prompted for the key passphrase each time it is used.
Add new keypair to SSH agent
Enter ssh-add -K ~/.ssh/id_rsa. You will then be prompted for the passphrase and you will see the following:
If you would like to use this SSH key to log into a server that has already been created, you can use the ssh-copy-id tool to store the public key on the server you would like to access.
Add new key to remote server
Using ssh-copy-id:
The console will request your login password since the remote server is not yet aware of your key. You will see the following:
You can now attempt to log into the remote server with ssh root@192.0.2.1 and you should be connected without a password prompt.