Install intermediate certificates
If you have trouble importing the intermediate certificates as a user with admin privileges, log in as user "root" instead.
- Download the intermediate certificates (or copy & paste them into a .crt file) from the InCommon Self-Service Web Portal.
- Import the certificate into the System Keychain.
- Launch Keychain App Select System Keychain
- Click on lock icon and authenticate to unlock the System keychain.
- Select Certificates Select File->Import. Navigate to the intermediate cert files from step 1 and import. Verify that the intermediates appear in the list of Certificates.
- Once the intermediate certificates are installed, all you need to do is create or import a certificate as you normally do via Server Admin.
Install Server Certificate
If you have trouble getting apache to start after assigning to a virtual server a certificate that you had installed before installing the intermediate certificates, you may need to re-import the server certificate after you install the intermediate certificates. (Hint: Save yourself some headache and install the intermediate certificates before starting a certificate request or renewal.)
To re-import a server certificate
- Make a copy of (or make sure you have a backup of) the server certificate files. (i.e., the files starting with the hostname associated with the certificate in /etc/certificates)
- Remove the server certificate.
- Launch Keychain App
- Select System Keychain
- Click on lock icon and authenticate to unlock the System keychain.
- Select Certificates
- Select the server certificate from the list
Stop the web server and any other software that may be using the certificate you want to remove.
- Select Delete from the Edit menu.
If production server, restart services.
- Verify that the certificate is no longer in the certificate list. (You might want to double-check by closing and restarting Keychain Access.)
- Import the server certificate.
- Launch Server Admin
- Select Web from service list on left.
- Select Sites
- Select the virtual site (443).
- Select security tab.
- Select "Manage Certificates" from the drop-down.
- Select Certificates from top nav.
- Click on gear drop-down and select "Import Certificate"
- Specify the server certificate details and import the files from the copy/backup from earlier step:
- Certificate file = <hostname>.crt
- Private Key File = <hostname>.key
- (Enter Private Key Passphrase if appropriate.)
- Associate the certificate to the server.
- Select Web (in Server Admin)
- Select Sites
- Select the virtual server
- Select the Security tab
- Select the newly imported server certificate from the drop-down.
- Save. (as prompted.)
- Restart. (as prompted.)
Reference
https://www.entrustdatacard.com/knowledgebase/how-to-install-ssl-certificate-on-a-mac-osx-107-server-and-up?keyword=Mac%20OS&productType=&serverType=