IN THIS CHAPTER
Understanding SSL certificates
Obtaining an official SSL certificate
Making your own SSL certificate
Serving as your own certificate authority
Installing and modifying certificates in Mac OS X Server
Many of the services Mac OS X Server can run — including iCal, iChat, Mail (POP, IMAP, and SMTP), RADIUS, VPN, web, and, in Snow Leopard Server, Address Book — optionally support the use of SSL (Secure Sockets Layer) in order to encrypt all the data sent between client and server in either direction. SSL dramatically improves the security of network communications and, as such, should be used whenever possible. The only compelling reason not to use SSL is if you must offer a client a service that doesn't support SSL for some reason; those are increasingly few and far between.
SSL uses a form of public-key encryption (or, more broadly, Public Key Infrastructure — PKI) to secure data. In PKI, to oversimplify slightly, encryption keys come in sets of two: a public key (used by others to encrypt data sent to you) and a private key (used by you to decrypt data you receive). On Mac OS X, you can store any of these keys in your keychain so applications such as Mail and Safari can automatically find and use them to encrypt or decrypt data as necessary.
For more on keychains, including how they manage encryption keys, see Chapter 5.