Create My Own Root CA on macOS

This section provides a tutorial example on how to create self-signed root CA for yourself on macOS using Keychain Access.

If you want to learn more about PKI technologies, you can use Keychain Access on your macOS computer to play the root CA (Certificate Authority) role. If everyone trusts you, you can issue certificates for others to use on the Internet.

The first step to become a root CA is to create self-signed root CA certificate as shown below:

1. Run Keychain Access.

2. Click "Keychain Access > Certificate Assistant > Create a Certificate Authority" menu. The Certificate Assistant dialog box shows up.

3. Enter the following and click "Continue".

Name: Herong Yang's CA
Identity Type: Self Signed Root CA
User Certificate: S/MIME (Email)
[x] Let me override defaults
Email from: Herong_yang@yahoo.com

4. Enter the following and click "Continue".

Serial Number: 1
Validity Period: 365 days
[ ] Create a CA web site
[ ] Sign your invitation

5. Enter the following your information like name, organization, address, etc., to allow others to verify and trust you. And click "Continue".

6. Select "521 bits" as Key Size "ECC" as Algorithm for your root CA certificate. And click "Continue".

7. Continue to enter "Key Usage Extensions" and other settings for your root CA certificate.

8. Repeat to enter default settings for generating new certificates for others in the future.

9. Select "System" keychain as the location to store your root CA certificate and future certificates generated from this CA.

10. Enter the Admin password to finish the process.

Create Self-Signed Root CA on macOS
Create Self-Signed Root CA on macOS

Table of Contents

 About This Book

 Introduction of PKI (Public Key Infrastructure)

 Introduction of HTTPS (Hypertext Transfer Protocol Secure)

 Using HTTPS with Google Chrome

 Using HTTPS with Mozilla Firefox

 HTTPS with Microsoft Edge

 Using HTTPS with Apple Safari

 HTTPS with IE (Internet Explorer)

 Android and Server Certificate

 iPhone and Server Certificate

 Windows Certificate Stores and Console

 RDP (Remote Desktop Protocol) and Server Certificate

macOS Certificate Stores and Keychain Access

 What Is Keychain Access on macOS

 Listing of Trusted Root CA in macOS

 Exporting Root Certificate to File from macOS

 Delete/Untrust Certificates from macOS

 Unlock Keychain to Access Certificate on macOS

 Import Server Certificates to macOS

Create My Own Root CA on macOS

 Review My Root CA Certificate on macOS

 Review Private Key of My CA Certificate on macOS

 Generate CSR (Certificate Signing Request) on macOS

 Issue New Certificate with My CA on macOS

 Verify Certificate Signed by My CA on macOS

 Keychain File Locations on macOS

 CA Certificates at "/etc/ssl | /private/etc/ssl"

 Perl Scripts Communicating with HTTPS Servers

 PHP Scripts Communicating with HTTPS Servers

 Java Programs Communicating with HTTPS Servers

 .NET Programs Communicating with HTTPS Servers

 CAcert.org - Root CA Offering Free Certificates

 PKI CA Administration - Issuing Certificates

 Comodo Free Personal Certificate

 Digital Signature - Microsoft Word

 Digital Signature - OpenOffice.org 3

 S/MIME and Email Security

 PKI (Public Key Infrastructure) Terminology

 Archived Tutorials

 References

 Full Version in PDF/EPUB