How to Install an SSL Certificate on macOS Server

Step-by-Step Guide to Install an SSL Certificate on a macOS Server

Installing an SSL certificate on macOS is super easy and requires four straightforward steps. These steps are:

1. Downloading the contents from the zip folder
2. Adding intermediate and root certificates to the Keychain
3. Installing the certificate
4. Assigning the SSL Certificate to the desired services

Before diving deeper into the steps, we must complete a prerequisite: CSR Generation.

CSR Generation

The entity requesting the SSL certificate has to send the details of the website and domain for which they are asking the certificate. This detail (CSR) consists of information that is required by a certificate authority to verify the website’s identity.

There are two procedures that an entity can follow to create or generate CSR, such as:

• Using CSR generation tools, or
• Doing it manually

Note: You have to make sure that the details provided in the CSR are updated and relevant. Once the CA verifies the details, it will send SSL certificate files to the registered email id. You must also remember that the time required to complete this process depends on the type of validation you choose for your website.

Installing SSL certificate on macOS

Once you have received the SSL certificate files on the registered email id, you can start the installation process.

Step1: Downloading the contents from the zip folder

The email that you received on the email must have a zip folder. Download that folder and extract all the files mentioned below:

• Root certificate having .ca bundle extension
• Intermediate Certificate having .ca bundle extension
• Primary Certificate with either one of the extensions (.pem, .cer, or .crt)

Step 2: Adding intermediate and root certificates to the Keychain

The next step you have to perform is to add intermediate and root certificates to the Keychain and to accomplish this, follow the steps mentioned below:

• Search for the term “Keychain Access” on your Mac using the search function.
• Use the cut function to select the .ca-bundle file, open the Keychain Access window, and paste the root certificate and intermediate certificate files (.ca-bundle file) into the same window. (You can also drag the .ca-bundle files, whatever seems easy for you.)

After adding the certificates, verifying that both certificates are in the Keychain is important. To accomplish this, perform the action mentioned below:

• Use the search function, and search for the CA’s name that has issued the certificate.
• A list will appear; verify that both certificates are mentioned in the list.

Note:  To simplify things, you can confirm the availability of both certificates in the Keychain based on the colors. The root certificate is displayed using the “Yellow” color icons. The intermediate certificate is shown using the “Blue” color icons.

Installing the SSL certificate on MacOS

The next step is to install the primary certificate. To accomplish this, you can follow the steps listed below:

• In the Server category, click on the Certificates section.
• In the right pane, below the term “Expiration Date,” you will notice the term “Pending” written.
• Double-click on the certificate name written on the left side of the term – Pending.
• A window will appear with the “Drag file received from your certificate vendor here” option.
• Drag your .crt file (primary certificate) into that box.
• Complete the installation process and click “OK.”
• You will notice that the term “Pending” has been replaced with a “Date.”

Assigning the SSL Certificate to the desired services

After successfully installing the certificate on the macOS server, it’s time to assign desired services. To accomplish this, you can follow the steps mentioned below:

• In the same above window, from the “Secure services using” list, select “Custom.”
• Select the desired services and click the OK button.

With this, your SSL certificate has been successfully installed on the macOS server.

Search