Mac Tutorials - Herong's Tutorial Examples - v3.08, by Herong Yang
Create My Own Root CA on macOS
This section provides a tutorial example on how to create self-signed root CA for yourself on macOS using Keychain Access.
If you want to learn more about PKI technologies, you can use Keychain Access on your macOS computer to play the root CA (Certificate Authority) role. If everyone trusts you, you can issue certificates for others to use on the Internet.
The first step to become a root CA is to create self-signed root CA certificate as shown below:
1. Run Keychain Access.
2. Click "Keychain Access > Certificate Assistant > Create a Certificate Authority" menu. The Certificate Assistant dialog box shows up.
3. Enter the following and click "Continue".
Name: Herong Yang's CA Identity Type: Self Signed Root CA User Certificate: S/MIME (Email) [x] Let me override defaults Email from: Herong_yang@yahoo.com
4. Enter the following and click "Continue".
Serial Number: 1 Validity Period: 365 days [ ] Create a CA web site [ ] Sign your invitation
5. Enter the following your information like name, organization, address, etc., to allow others to verify and trust you. And click "Continue".
6. Select "521 bits" as Key Size "ECC" as Algorithm for your root CA certificate. And click "Continue".
7. Continue to enter "Key Usage Extensions" and other settings for your root CA certificate.
8. Repeat to enter default settings for generating new certificates for others in the future.
9. Select "System" keychain as the location to store your root CA certificate and future certificates generated from this CA.
10. Enter the Admin password to finish the process.
Table of Contents
Macintosh OS (Operating System) History
System and Application Processes
Keychain Access - Password Manager
►Keychain Access - Certificate Manager
Using Keychain Access as Certificate Manager
Listing of Trusted Root CA in macOS
Exporting Root Certificate to File from macOS
Delete/Untrust Certificates from macOS
Import Server Certificates to macOS
►Create My Own Root CA on macOS
Review My Root CA Certificate on macOS
Review Private Key of My CA Certificate on macOS
Generate CSR (Certificate Signing Request) on macOS
Issue New Certificate with My CA on macOS
Verify Certificate Signed by My CA on macOS
Manage Keychains with Commands
Keychain File Locations on macOS
CA Certificates at "/etc/ssl | /private/etc/ssl"