Summary
In this lab, you will create a self-signed certificate using Mac OS X.
Each exercise below builds upon the previous one. You should start each new exercise from the last step of the previous exercise unless it is explicitly written otherwise.
Learning Objectives
After completion of this lab, you will be able to:
- Create a self-signed certificate on Mac OS X
Prerequisites
To complete this lab, you will need the following:
- Mac laptop with Mac OS X installed
Exercise #1: Create a Self-Signed Certificate
In this exercise, you will create a self-signed certificate using Mac OS X Terminal.
Steps
- Press the Command (⌘) + Space keys on your Mac to show the Spotlight Search box
- Type
Terminal
in the box - Double-click on the
Terminal.app
from the list - When the Terminal app starts, create a new directory by typing:
mkdir Certificates
- Change to the new directory by typing:
cd Certificates
- Type the following command to start the process of a self-signed certificate creation:
openssl req -x509 -days 365 -newkey rsa:4096 -keyout [your_name]-self-signed.key -out [your_name]-self-signed.key.crt
where you replace[your_name]
with your name - Type a strong password for the certificate
- Fill in the following information at the prompts:
Country Name (2 letter code):US
State or Province Name (full name):WA
Locality Name (eg, city):Seattle
Organization Name (eg, company):[your_name]
Organizational Unit Name (eg, section):Home
Common Name (eg, fully qualified host name):[your_name]-mac
Email Address:[your_email]
- Create a decrypted version of your private key using the following command:
openssl rsa -in [your_name]-self-signed.key -out [your_name]-self-signed.decrypted.key
Note: The decrypted version of your private key is not protected with a password. Everyone who can obtain the decrypted private key can used it to sign data and decrypt messages. - List the files in the folder using the following command:
ls -al
- Milestone step: At this point, you have learned how to create a self-signed certificate on Mac OS X
Exercise #2: Convert the Self-Signed Certificate to PKCS#12
In this exercise, you will convert the certificate to PKCS#12 format using Mac OS X Terminal. This format is used for upload to cloud-based services and Web servers.
Steps
- Type the following command to convert the certificate to PKCS#12 format
openssl pkcs12 -export -in [your_name]-self-signed.key.crt -inkey [your_name]-self-signed.key -out [your_name]-self-signed.key.pfx
- List the files in the folder using the following command:
ls -al
- Milestone step: At this point, you have learned how to convert the self-signed certificate to PKCS#12 format on Mac OS X.
Last Update: October 23, 2019