27.1. Certificate Overview

Working with certificates has historically been a cumbersome and confusing process, requiring the use of arcane command-line tools, potentially confusing email exchanges with certificate authorities, and a long list of steps to install and manage certificates, not to mention integrating them with various services your server may provide. (And, sad to say, if you're running a web server on the regular, non-server version of Mac OS X and want to set it up for SSL, you may still have to go through many of those steps, as I detail in Chapter 18.) In Leopard Server and Snow Leopard Server, however, most of that agony is a thing of the past. Using friendly, straightforward programs provided with Mac OS X Server, you can easily create and manage any sort of certificate you may need.

Most of the common activities you might need to perform involving certificates take place right in Server Admin, thanks to a built-in feature called Certificate Manager (which you may use without even realizing it). For some less-common activities, you can use a different tool: Certificate Assistant, which you can access from within the Keychain Access utility.

The first decision to make is whether to obtain a proper certificate, signed by a well-known certificate authority, or to create a self-signed certificate. Either type of certificate provides equally good encryption, but the two types vary in the amount of inconvenience they may entail for you (as the server's administrator) ...

Get Mac® Security Bible now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.