If you already have your SSL Certificate and just need to install it, see
SSL Installation Instructions for Mac OS X Lion Server.

Create a Self-Signed Certificate from the Server App

For instructions for Snow Leopard Server (10.6) please see Mac Server 10.6 Snow Leopard CSR Creation.

  1. Open the Server App, and choose the server you're going to be installing the SSL Certificate onto Either This Mac - (Your computer's name with the Server App), or Other Mac (connect with a host name or IP address.) Then Enter the Administrator's credentials to view the server Administration options.

  2. In the Hardware Section, click your 'Server's computer name' then click the Settings tab, and click to Edit... SSL Certificates.

    Mac OS X Lion Select Servername

  3. Click the Gear drop-down menu and select Manage Certificate.

    Lion Server 10.7 Manage Certificates

  4. Choose the Self-Signed Certificate issued by IntermediateCA_YOUR-COMPUTER..., and click the Gear to open the actions and choose Generate Certificate Signing Request.

    Note: If your certificate doesn't show a domain name registered by a domain registrar, please see the instructions below to Create a Certificate Identity and Generate a CSR for an external domain name other than your computer's hostname.

  5. Select all of the text of the CSR and copy it to the clipboard (click the text area and choose Option + a to select all of the text, and Option + c to copy the text), or click Save to save the file.

    Your CSR should now be created.

    Certificate Successfully Created

  6. After you receive your SSL Certificate from DigiCert, you can install it.

    See SSL Installation Instructions for Mac OS X Lion Server.

Create a Certificate Identity and CSR

  1. Open the Server App.

  2. Under the Hardware Section, select your server and click the Settings tab and next to SSL Certificate click 'Edit'.

  3. Click the Gear drop-down and select Manage Certificates.

  4. On the SSL Certificate line click the Edit... button.

  5. Click the '+' drop-down menu and choose Create a Certificate Identity.

    Mac Lion Server 10.7 Create Identity

    This will open a Certificate Assistant and you will need to enter the information below on each screen:

    1. Enter the following details on the Create Your Certificate Screen:

      Name: 'server.example.com' (this should be the FQDN users will connect with, this should be a domain that you have purchased)
      Identity Type: Self-Signed Root
      Certificate Type: SSL Server
      Check the box Let me override defaults

      Create Certificate Identity Override Defaults

    2. You will receive a warning that you are creating a self-signed certificate that won't be automatically trusted by computers that receive it. Click Continue.

      OS X Lion Self-Signed Certificate Warning

    3. Certificate Information: Leave all items as the default values and click Continue.

      Serial Number & Validity Period

    4. Enter your email address and the details for the organization/individual the certificate is being purchased for:

      Email Address: your@emailaddress.com
      Name(Common Name): servername.domain.com
      Organization: Your Company, Inc.
      Organization Unit: IT
      City/Locality: YourCity
      State/Province: YourState
      Country: U.S.

      Mac Lion Server CSR Details

    5. On this screen choose Key Size: 2048 bits, Algorithm: RSA Then click Continue.

      Key Pair Information - 2048 Bit RSA Key
    6. Key Usage Extension: Leave all options as defaults and click Continue.

      Key Usage Extension
    7. Extended Key Usage Extension: Leave all options as defaults and click Continue.

      Include Extended Key Usage
    8. Basic Constraints Extension: Leave as default option and click Continue.

      Basic Constraints
    9. On the Subject Alternate Name Extension screen choose the following if you are getting a SAN Certificate otherwise click Continue:

      dnsName: Enter additional SAN names you will be securing such as additional subdomains, or other websites (e.g. mail.domain.com, www.domaintwo.com) click Continue.

      SAN dNSName ipAddress screen

    10. You should then see a screen showing "Your Certificate has been successfully created", and a red warning stating that This root certificate is not trusted. Click Done.

      Certificate Successfully Created

      You will then receive a message stating 'Server wants to export key "www.yourdomain.com" from your keychain.' Click to 'Allow'.

      Export Key, click Allow

  6. Click the Gear then choose Create Certificate Signing Request... This will bring up a windows showing the CSR text, that you can select (Option+a), and copy (Option+c), or click to save the file to upload during the SSL Certificate Purchase Process.

    Click Gear, then Generate CSR

  7. After you receive your SSL Certificate from DigiCert, you can install it.

    See SSL Installation Instructions for Mac OS X Lion Server.

  8. Buy an SSL Certificate for OS X Lion Server Today!

    Buy Now