Chapter 27. Working with SSL Certificates
IN THIS CHAPTER
Understanding SSL certificates
Obtaining an official SSL certificate
Making your own SSL certificate
Serving as your own certificate authority
Installing and modifying certificates in Mac OS X Server
Many of the services Mac OS X Server can run — including iCal, iChat, Mail (POP, IMAP, and SMTP), RADIUS, VPN, web, and, in Snow Leopard Server, Address Book — optionally support the use of SSL (Secure Sockets Layer) in order to encrypt all the data sent between client and server in either direction. SSL dramatically improves the security of network communications and, as such, should be used whenever possible. The only compelling reason not to use SSL is if you must offer a client a service that doesn't support SSL for some reason; those are increasingly few and far between.
SSL uses a form of public-key encryption (or, more broadly, Public Key Infrastructure — PKI) to secure data. In PKI, to oversimplify slightly, encryption keys come in sets of two: a public key (used by others to encrypt data sent to you) and a private key (used by you to decrypt data you receive). On Mac OS X, you can store any of these keys in your keychain so applications such as Mail and Safari can automatically find and use them to encrypt or decrypt data as necessary.
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.