- Reference 4.1 Describe SSL Certificate Basics
- Reference 4.2 Configuring SSL Certificates
- Reference 4.3 Troubleshooting
- Exercise 4.1 Examine the Default SSL Certificate
- Exercise 4.2 Configure an Open Directory Certificate Authority
- Exercise 4.3 Configure Your Client Computer to Trust an SSL Certificate
This chapter is from the book
This chapter is from the book
This chapter is from the book
Exercise 4.1 Examine the Default SSL Certificate
Prerequisite
- Exercise 1.2, “Perform the Initial Installation of OS X Server on Your Server Computer”
In this exercise, you will examine the default self-signed certificate.
If necessary, on your server, open the Server app.
If the Server app does not automatically connect to your server and you are at the Choose a Mac window, select your server, click Continue, provide administrator credentials (Administrator Name: ladmin; Administrator Password: ladminpw), deselect the “Remember this password in my keychain” checkbox, and then click Connect.
- In the Server app sidebar, select Certificates.
Note that by default your server’s services use a certificate that is self-signed.
View the details of the certificate. Double-click the self-signed certificate; alternatively, select the certificate, and then click the Edit (pencil) button.
- Click OK return to the Certificates pane.
)
)
Note that there is little identifying information associated with this certificate. For example, there is no email address, organization name, department, or city. By default, no other computer or device trusts this self-signed certificate. To use this self-signed certificate to secure your server’s services, you could configure your client computers and devices to trust this certificate.
Alternatively, you could click the Add (+) button, choose Get a Trusted Certificate, send the resulting certificate signing request to a widely trusted certificate authority to sign, and then import the signed certificate. However, this is outside the scope of this guide, so the next exercise is a compromise between using a self-signed certificate with little information and using a certificate signed by a widely trusted CA.
