O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

27.4. Creating and Using a Certificate Authority

In most cases, an SSL certificate signed by an existing certificate authority is the best solution, and when something simpler is needed, a self-signed certificate usually suffices. However, there may be situations in which you want to create your own certificate authority. For example, if your organization plans to issue a variety of different certificates (without having an external certificate authority sign them) but doesn't want to require its users to install multiple certificates and set their computers to trust them, it might designate itself as a certificate authority. By installing the certificate authority's root certificate on each user's device and marking it as trusted, the organization can ensure that all future certificates signed by that certificate authority are also trusted. You need not create these certificates yourself, but you — the administrator of the computer with the certificate authority certificate — must sign all requests generated by others.

To create a certificate authority, follow these steps:

  1. Open Keychain Access, which is located in /Applications/Utilities.

  2. Choose Keychain Access Certificate Assistant Create a Certificate Authority. Certificate Assistant opens, displaying the Create Your Certificate ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required