BSP eHosting Blog

Generating a Certificate Signing Request (CSR) – Mac OS X Server 10.5

Follow the instructions below to generate a CSR for your website. When you have completed generating your CSR, cut/copy and paste the certificate content into the CSR field on the SSL certificate-request page.
To Generate your Certificate Signing Request (CSR)

1. Launch the Server Admin tool and connect to the server where you want to install the certificate.
2. Highlight the server node in the SERVERS list.
3. Select the Certificates button from the toolbar at the top of the right pane.
4. Click the + button.
5. Fill in the fields as appropriate. A brief description of each field follows:
* Common Name – The fully-qualified domain name for which you plan to use your certificate (e.g., – “www.example.com”).
* Organization – The full legal name of your organization. The listed organization must be the legal registrant of the domain name in the certificate request. If you are enrolling as an individual, please enter the certificate requestor’s name in the Organization field, and the DBA (doing business as) name in the Organizational Unit field.
* Organizational Unit – Optional. Enter the name of a business unit or group. If applicable, you may enter the DBA (doing business as) name in this field.
* City (Locality) – Name of the city in which your organization is registered/located. Please spell out the name of the city. Do not abbreviate.
* State/Province – Name of state or province where your organization is located. Please enter the full name. Do not abbreviate.
* Country Code – The two-letter International Organization for Standardization (ISO) format country code for the country in which your organization is legally registered.
* Valid From/Expires On – Not used. Leave at default values.
* Private Key Size – Must be at least 2048.
* Private Key Passphrase – Optional. If you wish to use a private key passphrase, enter and confirm it here. Note that this passphrase will need to be made available to the system whenever starting any applications that make use of this certificate. If you want your services to be able to start automatically upon server startup, leave the passphrase field blank.
6. Click the Done button, then click the Save button.
7. Click the Gear button and then select Generate Certificate Signing Request (CSR).
8. Drag the icon on the sheet to the directory where you wish to save the certificate request. The rest of this document assumes that the file was saved to the Desktop.
9. Click Done.
10. Rename the file that was created from “—–BEGIN CERTIFICATE REQUE” to “certreq”. This file contains the Certificate Signing Request (CSR) that you will need to provide when submitting your certificate request to us.

Installing and Configuring a Digital Certificate on Mac OS X Server 10.6

There are two separate certificates you need to install—the intermediate certificate and your server certificate. You can download these certificates in a zip file from the admin interface.

For more information about downloading your certificate, see Downloading and Installing an SSL Certificate.

To Install the Intermediate Chain

1. Copy the certificate files to your server.
2. Launch the Keychain Access application (/Applications/Utilities/Keychain Access).
3. If the button at the lower left of the Keychain Access window is labeled “Show Keychains” then click the button to show the Keychain list.
4. Select the System keychain.
5. Click the padlock icon at the top left to unlock the System keychain. Authenticate as a user with administrative privileges, if prompted.
6. Select File->Import. Navigate to and select the sf_intermediate.crt that you copied to your server.
7. Verify that the “Starfied Technologies Secure Certification Authority” appears in the list.
8. Close the Keychain Access application.

To Install Your Certificate

1. Launch the Server Admin tool and connect to the server where you want to install the certificate.
2. In the Servers pane, select the server on which you want to install the SSL certificate.
3. Select Certificates from the toolbar at the top of the right pane.
4. Select the item representing the certificate you have requested. Click the “Gear” button and then select Add Signed or Renewed Certificate from Certificate Authority….
5. Drag the file containing your server certiicate to the blue certificate icon that displays after the previous step.NOTE: Make sure to drag the file with your server certificate. Do NOT use the file containing the intermediate certificate.
6. Click Replace Certificate.

Assign the Certificate to your Services

After installing your certificate as well as the intermediate CA certificate, you can assign this certificate to the desired services (Web, Mail, iChat, Open Directory, etc.). In the appropriate settings pane for the desired service, select the certificate that you have just installed and then click the Save button.

What Is a Verified Legal Opinion?

In order for the Certification Authority (CA) to process a Premium SSL certificate request, the requestor must submit a Verified Legal Opinion or CPA letter completed and signed by a member of the State Bar Association.

The Verified Legal Opinion document serves to authenticate (any of) the following information pertaining to the certificate-requesting organization:

• Certificate Approver: Name, Title, Agency and Authorization
• Contract Signer: Name, Title, Agency and Authorization
• Place of Business
• Phone Number
• Operational Experience
• Domain Name Exclusive Right of Use
• Domain Name Exclusive Right of Use Knowledge