Mac Tutorials - Herong's Tutorial Examples - v3.08, by Herong Yang
Issue New Certificate with My CA on macOS
This section provides a tutorial example on how to issue a new certificate from a CSR (Certificate Signing Request) with my private key and my root CA certificate on macOS using Keychain Access.
In the previous tutorial, I helped Joe to create his CSR (Certificate Signing Request). Now if he send me this CSR, I can issue a certificate with my root CA (Certificate Authority).
1. Click "Keychain Access > Certificate Assistant > Create a Certificate For Someone as a Certificate Authority" menu. The Certificate Assistant dialog box shows up.
2. Drag and drop the CSR file I received from Joe from a Finder folder. The CSR is opened in Certificate Assistant.
3. Enter the following and click "Continue". Joe's certificate is generated and included an email draft.
Issuing CA: Herong Yang's CA [ ] Let me override defaults for this request
4. Right click the attached certificate in the email and select "Save Attachment" to save a copy of Joe's certificate as "joe.pem". Then send the Joe's certificate to him in the email.
Table of Contents
Macintosh OS (Operating System) History
System and Application Processes
Keychain Access - Password Manager
►Keychain Access - Certificate Manager
Using Keychain Access as Certificate Manager
Listing of Trusted Root CA in macOS
Exporting Root Certificate to File from macOS
Delete/Untrust Certificates from macOS
Import Server Certificates to macOS
Create My Own Root CA on macOS
Review My Root CA Certificate on macOS
Review Private Key of My CA Certificate on macOS
Generate CSR (Certificate Signing Request) on macOS
►Issue New Certificate with My CA on macOS
Verify Certificate Signed by My CA on macOS
Manage Keychains with Commands
Keychain File Locations on macOS
CA Certificates at "/etc/ssl | /private/etc/ssl"