O'Reilly logo

Mac® Security Bible by Joe Kissell

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 27. Working with SSL Certificates

IN THIS CHAPTER

Understanding SSL certificates

Obtaining an official SSL certificate

Making your own SSL certificate

Serving as your own certificate authority

Installing and modifying certificates in Mac OS X Server

Many of the services Mac OS X Server can run — including iCal, iChat, Mail (POP, IMAP, and SMTP), RADIUS, VPN, web, and, in Snow Leopard Server, Address Book — optionally support the use of SSL (Secure Sockets Layer) in order to encrypt all the data sent between client and server in either direction. SSL dramatically improves the security of network communications and, as such, should be used whenever possible. The only compelling reason not to use SSL is if you must offer a client a service that doesn't support SSL for some reason; those are increasingly few and far between.

NOTE

For more on SSL and email, see Chapter 9. For more on SSL and web browsing, see Chapter 10.

SSL uses a form of public-key encryption (or, more broadly, Public Key Infrastructure — PKI) to secure data. In PKI, to oversimplify slightly, encryption keys come in sets of two: a public key (used by others to encrypt data sent to you) and a private key (used by you to decrypt data you receive). On Mac OS X, you can store any of these keys in your keychain so applications such as Mail and Safari can automatically find and use them to encrypt or decrypt data as necessary.

NOTE

For more on keychains, including how they manage encryption keys, see Chapter 5.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required