Step 1: Generate a Private Key

* Log in to your server using the root password and open the Terminal application.
* At the prompt, type the following commands and press return after each one:

cd
openssl md5 * > rand.dat
openssl genrsa -rand rand.dat -des 2048 > key.pem
* At the next prompt, type a passphrase, then press return. The passphrase you create unlocks the server's certificate key. You will use this passphrase when you enable SSL on your Web server.
* If it doesn't already exist on your server, create a directory at the following location:

/etc/httpd/ssl.key
* Make a copy of the key.pem file that you just created and rename it server.key. Then copy server.key to the ssl.key directory.

Step 2: Create your Certificate Signing Request

* At the prompt, type the following command and press return:

openssl req -new -key key.pem -out csr.pem
* When prompted, enter the following information:

  • Country: Enter the two-letter country code for your country.
  • State: Enter the name of the State or Province in which your organization operates. Do not abbreviate.
  • Locality: Enter the name of your city, town, or other locality.
  • Organization Name: Enter the name of your organization.
  • Organizational Unit: Enter the name of your division, department, or other operational unit of your organization.
  • Common Name: Enter the domain name that you want to use your SSL certificate with.
  • E-mail address: Enter your e-mail address.

The file csr.pem is generated from the information you provided.

When asked to "Copy & Paste" your CSR into the CSR field during the order process, open the csr.pem file with a text editor and copy and paste the content into the CSR field on the order form.

For additional MAC OSX information please visit the Apple Website