SSL Certificates, OSX Installation Info for SSL Certificates

OSX Installation Info for SSL Certificates

OSX Installation Info for SSL Certificates

Install intermediate certificates

If you have trouble importing the intermediate certificates as a user with admin privileges, log in as user "root" instead.
  1. Download the intermediate certificates (or copy & paste them into a .crt file) from the InCommon Self-Service Web Portal
  2. Import the certificate into the System Keychain.
  3. Launch Keychain App Select System Keychain
  4. Click on lock icon and authenticate to unlock the System keychain.
  5. Select Certificates Select File->Import. Navigate to the intermediate cert files from step 1 and import. Verify that the intermediates appear in the list of Certificates.
  6. Once the intermediate certificates are installed, all you need to do is create or import a certificate as you normally do via Server Admin. 

Install Server Certificate

If you have trouble getting apache to start after assigning to a virtual server a certificate that you had installed before installing the intermediate certificates, you may need to re-import the server certificate after you install the intermediate certificates. (Hint: Save yourself some headache and install the intermediate certificates before starting a certificate request or renewal.)

To re-import a server certificate

  1. Make a copy of (or make sure you have a backup of) the server certificate files. (i.e., the files starting with the hostname associated with the certificate in /etc/certificates)
  2. Remove the server certificate.
    1. Launch Keychain App
    2. Select System Keychain
    3. Click on lock icon and authenticate to unlock the System keychain.
    4. Select Certificates
    5. Select the server certificate from the list
      Stop the web server and any other software that may be using the certificate you want to remove.
    6. Select Delete from the Edit menu. 
      If production server, restart services.
    7. Verify that the certificate is no longer in the certificate list. (You might want to double-check by closing and restarting Keychain Access.)
  3. Import the server certificate.
    1. Launch Server Admin
    2. Select Web from service list on left.
    3. Select Sites
    4. Select the virtual site (443).
    5. Select security tab.
    6. Select "Manage Certificates" from the drop-down.
    7. Select Certificates from top nav.
    8. Click on gear drop-down and select "Import Certificate"
    9. Specify the server certificate details and import the files from the copy/backup from earlier step:
      1. Certificate file = <hostname>.crt
      2. Private Key File = <hostname>.key
      3. (Enter Private Key Passphrase if appropriate.)
  4. Associate the certificate to the server.
    1. Select Web (in Server Admin)
    2. Select Sites
    3. Select the virtual server
    4. Select the Security tab
    5. Select the newly imported server certificate from the drop-down.
    6. Save. (as prompted.)
    7. Restart. (as prompted.)

Reference

http://www.entrust.net/knowledge-base/technote.cfm?tn=6803




Keywords:ssl certificates osx csr sectigo incommon self service comodo installation   Doc ID:89871
Owner:Amy H.Group:University of Illinois Technology Services
Created:2019-02-20 14:44 CDTUpdated:2019-04-08 13:38 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0