Import a certificate identity

If you have files containing an SSL certificate and matching private key, you can import them and then use the certificate to secure services provided by your server.

Import a certificate identity using the Server app

The SSL keys and certificates must be in Privacy Enhanced Mail (PEM) format. If your certificates and keys aren’t in PEM format, you must convert them before importing.

Important:  You must have all of the identity files for the certificate identity: the signed certificate, root and intermediate certificates, and keys.

  1. In the Finder, locate the files containing the certificate and matching private key, then put the files where you can see them while using the Server app (for example, on the desktop).

  2. Select Certificates in the Server app sidebar.

  3. Click the Action pop-up menu gear, then choose Show All Certificates.

  4. Click Add add, then choose Import a Certificate Identity from the pop-up menu.

  5. Drag all of the the files containing the certificates and private key to the middle of the dialog.

  6. Click Import. If prompted, enter the passphrase for the private key.

Import a certificate identity from the command line

  1. Log in to the server as root, locally through Terminal or remotely using ssh.

  2. Go to the folder where the saved certificate file is located.

    If the certificate file is saved on the desktop of the root user, enter the following command, then press Return:

    cd /private/var/root/Desktop

  3. Enter the following command, then press Return:

    $ certtool i sslcert.txt k=certkc

    Using certtool this way imports a certificate from the file named sslcert.txt into the keychain named certkc.

    A message confirms that the certificate was imported.

    ...certificate successfully imported.

  4. Log out from the server.

After generating a CSR and a keychain, you continue configuring Mail service for automatic SSL connections by purchasing an SSL certificate from a Certificate Authority (CA) such as Verisign or Thawte. You can do this by completing a form on the CA’s website.

When prompted for your CSR, open the csr.txt file using a text editor, such as TextEdit. Then, copy and paste the contents of the file into the appropriate field on the certificate authority’s website.

When you receive your certificate, save it in a text file named sslcert.txt. You can save this file with the TextEdit app. Make sure that you save the file as plain text, not rich text, and that it contains only the certificate text.