How to install an SSL certificate on Mac OS servers

Follow


Once you have your certificate activated, validated and issued (the issued certificate will be emailed to your administrative contact email mentioned during the activation or can be downloaded from the account by following this guide), it will be necessary to install it along with its CA bundle on your server and assign the certificate to different services, such as Mail (IMAP, POP and SMTP), File Sharing (iOS), Messages and Websites if needed.

CA bundle installation

CA bundle is a file that contains root and intermediate certificates. It is required to improve compatibility of the certificates with web browsers and other kind of clients so that browsers recognize your certificate and no security warnings appear.

If the certificate has been imported to the server without the CA bundle, it will be shown as “signed by an unknown authority”:

https://helpdesk.ssls.com/hc/article_attachments/115002771071/8.png

Note: If you installed the CA bundle for the same type of the certificate previously (e.g., this time you install a renewal certificate), there is no need to go through the whole procedure of the CA bundle installation once again. Thus, you can proceed with the installation of the certificate itself.

  1. First of all, you need to add the “CA bundle” .ca-bundle file you received to the “keychain” so the certificate can be trusted and signed by the Certificate Authority, Comodo CA (now Sectigo CA) in this case. In order to do this, please find the CA bundle that was received along with your issued certificate. The file in question has the .ca-bundle extension:
    https://helpdesk.ssls.com/hc/article_attachments/115002788912/9.png

  2. Find “Keychain Access” on your Mac:
    https://helpdesk.ssls.com/hc/article_attachments/115002789072/10.png

  3. Open “Keychain” then and drag the .ca-bundle file into the window appeared:
    https://helpdesk.ssls.com/hc/article_attachments/115002771291/11.png

  4. To check if the intermediate certificates were added, enter "Comodo" (or "Sectigo" if this was the part of the name of the certificates you imported) into the search bar:
    https://helpdesk.ssls.com/hc/article_attachments/115002789052/12.png    Intermediate certificates have blue icons unlike root ones (root CA certificates have yellow icons).

 As soon as the CA bundle is added to the Keychain of the system, feel free to proceed with the certificate installation:

  1. Find the .crt file you received from the Certificate Authority or downloaded from your account:
    https://helpdesk.ssls.com/hc/article_attachments/115002771271/13.png

  2. In the “Certificates” section under “Server”, find your “pending” certificate that was created along with the CSR code:
    https://helpdesk.ssls.com/hc/article_attachments/115002771231/14.png

  3. Double-click the certificate in question so you can see the following window:
    https://helpdesk.ssls.com/hc/article_attachments/115002789532/15.1.png

  4. Drag and drop the “yourdomain_tld.crt” file into the box:
    https://helpdesk.ssls.com/hc/article_attachments/115002789032/15.png

  5. Click “OK” to complete the installation process:
    https://helpdesk.ssls.com/hc/article_attachments/115002789012/16.png

  6. Once done, your valid certificate will appear in the list of the certificates installed on your server:
    https://helpdesk.ssls.com/hc/article_attachments/115002771191/17.png

Now we can assign the certificate to the services we would like to use it for:

  1. Select your certificate from the “Secure services using” list:
    https://helpdesk.ssls.com/hc/article_attachments/115002771211/18.png
    https://helpdesk.ssls.com/hc/article_attachments/115002771171/19.png
    If you want to assign your certificate to custom services (like Mail services, file sharing, etc.), click the corresponding button:

    https://helpdesk.ssls.com/hc/article_attachments/115002788992/20.png
  2. Click “OK” to apply the changes.

  3. The certificate is installed on the server now. You can always check the installation via this tool.

If you face any difficulties during the process or need any assistance, please do not hesitate to contact our Support Team via ticket or click a blue bubble icon in the lower right corner of the page to start a Live Chat. We are available 24/7 for you.

HTTPS redirect

In order to set up HTTPS redirect on your Mac Server, you need to locate the “Websites” section in your Server.app:
https://helpdesk.ssls.com/hc/article_attachments/115002771151/21.png

Select your website with port 80 configuration and click on the “pen” icon:
https://helpdesk.ssls.com/hc/article_attachments/115002788972/22.png

Click the “Edit” button which is located in the “Redirects” row:
https://helpdesk.ssls.com/hc/article_attachments/115002788952/23.png

There may be a default rule already set up for the website, and in this case, all you need to do is to click on the “pen” icon and adjust the following settings: When a user visits this website, redirect them to Website (SSL):
https://helpdesk.ssls.com/hc/article_attachments/115002771131/24.png
https://helpdesk.ssls.com/hc/article_attachments/115002788932/25.png

If you do not have a default rule listed under the “Redirects” section, you will need to create a new one. To create a new rule, please click the “+” button:

https://helpdesk.ssls.com/hc/article_attachments/115002771111/26.png

Create a rule with the following conditions:

When a user visits: A URL matching the following path http://example.com

Redirect them to: https://example.com

Because: The original has permanently moved

https://helpdesk.ssls.com/hc/article_attachments/115002771091/27.png

That’s it. Now when the users of your website try to access the http:// version of the website, they will be redirected to the https:// (secure) one.