Entrust Certificate Services Support Knowledge BaseLast Modified: 2016-09-07 15:42:15.0
How to install SSL Certificate on a Mac OSX 10.7 server and up?
Article Number: 46437
Last Modified: 2016-05-15 23:32:11.0
TN 8463 - How to install SSL Certificate on a Mac OSX 10.7 server and up?
Before you begin
- Never share private keys files.
- If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
- It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
- Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
- For more information on SSL/TLS Best Practices, click here.
Installing your Entrust SSL/TLS Certificate on Mac OS X Server version 10.7 and above.
- Download the certificate file from certificate pick up link. The file format for downloaded file is in zip compressed file. You need to extract all the certificate files by using any unzip tool. Such as built-in tool on Windows OS, Winzip, 7Zip etc.
- The installation steps below are only valid for OS X Server version 10.7 and above. The example below is using OS X Server version 10.10.5 (Yosemite Server ver 4.0).
STEP 1 – Installing Entrust Intermediate certificate.
1. Launch the keychain access management console from the finder. Click on the Spotlight icon on the top right hand corner of the screen and type keychain access.
2. Unlock the System keychain. Right click on the System and select Unlock Keychain “System”
3. Enter your admin password.
4. If the system keychain has been unlocked successfully, you should be able to see the padlock image has changed to an opened padlock.
5. Open the folder where you save the Entrust SSL/TLS certificate files and drag the intermediate1.crt file into the system keychain.
6. At this point, your intermediate certificate is now installed to your server.
STEP 2 – Installing Entrust SSL/TLS Server certificate
1. Launch the server app from Application section on your OS.
2. Select Certificate on the left column and you should see a pending request show inside Trusted Certificates section.
3. Double click on pending request. Drag the servercertificate.crt to the certificate files box.
4. At this point the server certificate is now installed to your server
STEP 3 – Binding the SSL/TLS certificate to the website
1. Go back to Server app console then select Website category on the left column. The websites window will open. Under the website section, you should see two entries: "Server Website" and "Server Website (SSL)", Double click on "Server Website (SSL)".
2. Click on arrow button next to "SSL Certificate" field to change the value from Self-signed certificate Entrust SSL/TLS Certificate (e.g. Entrust Certificate Authority - L1K)
3. Restart the web server by sliding the switch off and then on again from the top right of the main websites window.
The installation is no complete of your SSL/TLS certificate, you can verify the installation of the certificate using the Entrust Datacard SSL//TLS install checker: https://entrust.ssllabs.com/