Currently having an SSL certificate is practically mandatory, because the most recent browsers can mark your website as insecure if you do not have an SSL certificate installed, not to mention that the site will be susceptible to different vulnerabilities such as data theft or Man-In-The-Middle attacks.
Luckily, installing an SSL certificate on a server with macOS server is quite simple. This tutorial will guide you in detail how to install the certificate yourself. This tutorial applies to macOS Server Yosemite and above.
In this tutorial we will cover the entire process related to obtaining and installing the SSL certificate, from the generation of the CSR to the configuration of the certificate on the websites hosted on the server.
The first step to install an SSL certificate is to generate a CSR code which we will use to purchase our certificate with the certifying authority of our choice. In my case I decided to use a free Let's Encrypt certificate.
First open the Server application, usually this can be found in the Launchpad, or you can also open it from Spotlight. (Fig. A)
Once inside the application, go to the "Certificates" section, and then at the bottom click on the add button (which is marked by a "+"). A contextual menu will open with different options, choose the option "Get a Trusted Certificate". (Fig. B)
|Fig. A - Server app on Launchpad.||Fig. B - Certificates section on Server app.|
It will open the CSR generation wizard, which will ask you to enter the data from your website to generate the CSR code that will later be necessary for the acquisition of the SSL certificate. (Fig. C)
Once you have entered all the data, click on the "Next" button which will take you to the CSR code already generated. This code should be copied in a safe place since it will be necessary for you to acquire the certificate. (Fig. D)
|Fig. C - CSR generation wizard.||Fig. D - Generated CSR.|
Once the CSR code has been generated, the certificate will appear as pending (Fig. E) in the Server application, it is at this moment in which you must acquire the SSL certificate using the CSR previously generated. Once the SSL certificate is purchased, the certification authority must send you 3 files, which are:
Once you have these files, simply give the option to Edit the pending certificate and drag the files to the server application window. (Fig. F)
After a few minutes in which the application processes the certificate, it should appear as active in the application. (Fig. G)
|Fig. E - SSL Certificate marked as pending.||Fig. F - Installation of the certificate files.||Fig. G - Active SSL Certificate.|
Once you have installed the SSL certificate, it is recommended to replace the auto-signed certificate that installs by default Server at the time of installation, by the new certificate you just installed.
To do this, go to the "Websites" section within the application and then you will see a list of all websites hosted on the server, sites with SSL enabled have the name "(SSL)" at the end. (Fig. H)
Choose the website with SSL which you want to modify and click the edit button (commonly marked with a pencil icon). This will open the website configuration panel where you can select your SSL certificate from the context menu "SSL Certificate". (Fig. I)
|Fig. H - Website lists.||Fig. I - Website control panel.|
And that would be all! The SSL certificate is already active and operating on the server, now only remains to check that the SSL is working properly using an online tool such as SSL Labs.