27.4. Creating and Using a Certificate Authority
In most cases, an SSL certificate signed by an existing certificate authority is the best solution, and when something simpler is needed, a self-signed certificate usually suffices. However, there may be situations in which you want to create your own certificate authority. For example, if your organization plans to issue a variety of different certificates (without having an external certificate authority sign them) but doesn't want to require its users to install multiple certificates and set their computers to trust them, it might designate itself as a certificate authority. By installing the certificate authority's root certificate on each user's device and marking it as trusted, the organization can ensure that all future certificates signed by that certificate authority are also trusted. You need not create these certificates yourself, but you — the administrator of the computer with the certificate authority certificate — must sign all requests generated by others.
To create a certificate authority, follow these steps:
Open Keychain Access, which is located in /Applications/Utilities.
Choose Keychain Access
Certificate Assistant 
Create a Certificate Authority. Certificate Assistant opens, displaying the Create Your Certificate ...
Get Mac® Security Bible now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
