Join Sean Colins for an in-depth discussion in this video Securing your server, part of OS X Server Essential Training: Yosemite.
- If you're gonna host a server and you're going to have data transferring between your server and your clients, you're going to want that data to be secure. Insomuch as it's possible to make it secure, we're going to accomplish that by going down here under the Server menu to the Certificates area. Certificates are used to setup a relationship between the server and the device using the server. When we start we have a self-signed certificate and you can see ours is named server.wisdompet.net.
This is of course based on the fact that it was created from the name that we set. That's how it knows and we can customize which services can use that by coming in here to this customized menu and we can say ah, well I would like to not secure my Contacts and Calendars, but I will secure my email, or my messages, or whatever. I'm gonna leave these all secured, but keep in mind that a self-signed certificate is missing an important piece of this certificate puzzle.
If you need more information about SSL and how SSL functions, you can watch another title on Lynda.com called, Understanding Secure Sockets Layer with Sean Colins. In that title, I explain how to setup SSL at the command line. There are certainly easier ways to do advanced certificate setup here in OS X server, but the nice thing is, you don't have to worry about that. The server app just configured an SSL certificate for you that will do the job.
The only thing you need to be aware of as a beginner is that this is self-signed and so your client systems when they connect up to your server the first time, will complain that they're connecting to a self-signed certificate and there's no way for them to verify the identity of this server. So you're going to gain the benefits of encryption, or the scrambling of data between your server and your client systems, but you don't get that trusted third party outside verification that says that your server is who it says it is.
As a result you can achieve this encryption and you can kind of fake it with the trust by installing this self-signed certificate on all of the client systems that will connect up to this server. If you take the certificate and install it on those systems, and you manually trust those settings, you're doing essentially the same thing that a trusted third party system is doing, you're just doing it manually instead of automatically. If you wanna do that, you can click here on the gear and say Show All Certificates.
This is the certificate that's listed above. If I double-click on that certificate, I can see all of its details including when it expires. If I go to Spotlight and I type in keychain access and when I get into keychain access, I go to System, and Certificates, I can see my certificates here, and I can see them by expiration date, or Name, or Kind. If I sort by Name, I can just look through here for the one with the name of my server.
There it is, server.wisdompet.net, and I can just drag that out to the desktop. If I take this .cer certificate and I put it on remote systems either by emailing it to them or by transferring it via file sharing, or even using a USB thumb drive, whenever I double-click on that certificate, when it gets to its remote system, I simply run through the process of accepting whatever comes up to trust it and to install it. When I finish that process, your system should connect up to all of your services without complaining about the lack of a trust.
And that's pretty much all there is to securing the services between OS X server with a self-signed certificate and your client systems.
- Planning your installation
- Setting up the network
- Addressing and naming the server
- Setting up network folders
- Administering file sharing
- Serving shared calendars
- Enabling a wiki
- Setting up messages
- Setting user and group access controls
- Working with DNS
- Configuring port forwarding
- Administering users with Profile Manager