Like digital key pairs, digital certificates are another form of public-key encryption, and another method of authenticating a user. Mac OS X Server supports many services that ensure encrypted transfer of data, which is facilitated by certificates. To generate and maintain certificates of identity, Mac OS X Server uses a Public Key Infrastructure (PKI) system. PKI allows two parties in a data transaction to be authenticated to each other, and to use encryption keys and other information in identity certificates to encrypt and decrypt messages traveling between them.
You can think of certificates almost like a driver’s license.
When you are asked to show identification, others believe the information presented on your driver’s license because the Department of Motor Vehicles (DMV) has certified it. If you make your own license, it would be viewed as suspect. The DMV in this example plays the role of a public certificate authority (CA) in a digital certification infrastructure. To encrypt data transmission for mail, web, directory, and other services, Mac OS X Server uses Transport Layer Security (TLS) technology.
TLS technology relies on a PKI system for secure data transmission and user authentication. It creates an initial secure communication to negotiate a faster, secret key transmission. TLS is the successor to SSL and remains similar in implementation. It is common to see references to SSL/TLS, denoting the similarity.
Before you can use SSL in the Mac OS X Server services, you must create or import the certificates easily done with Server Admin. You can create your own self-signed certificate, generate a Certificate Signing Request (CSR) to send to a CA, or import a certificate previously created with OpenSSL. Each installation of Mac OS X Server v10.5 also includes a unique, self-signed certificate.
Server Admin has various features that make it easy to manage cheap SSL certificates: Certificate Manager, for creating, using, and maintaining identities for SSL-enabled services; and the Certificate Assistant application, which allows you to issue and sign certificates as a CA.