Obtain a trusted certificate in macOS Server
If your server doesn’t have a signed SSL certificate or if you need a new one, you can use the generated self-signed certificate to request a signed certificate from a third-party Certificate Authority (CA).
You can obtain a valid signed certificate by generating a certificate signing request (CSR) file, which you send to a known CA. If your request satisfies the authority, it generates and sends you a signed certificate. There’s usually a fee involved with this service.
In the sidebar of the Server app , select Certificates.
Click the More button and choose Show All Certificates.
Click the Add button , then choose Get a Trusted Certificate from the pop-up menu.
Click Next, then enter your company or personal information in the fields.
Click Next, then click Finish.
Double-click the pending certificate signing request, in the certificates list.
Some certificate authorities ask you to enter the CSR text in a field on a webpage instead of uploading a file. In that case, click Save, then click the triangle next to the Certificate Signing Request. Then you can copy and paste the text to the CA’s website.
If you received files from your certificate vendor, drag them to the Certificate Files section of the Certificate Signing Request pane.
If your CA requires you to upload the CSR file, click Save and save the CSR file, then follow the instructions on the CA’s website. On the CA’s website, look for SSL Certificates.
You can use the CA of your choice. Here are a few:
Symantec Corporation (www.verisign.com)
The Go Daddy Group, Inc. (www.godaddy.com)
DigiCert, Inc. (www.digicert.com)
Comodo Group, Inc. (www.comodo.com)
GlobalSign Ltd. (www.globalsign.com)
After receiving your signed certificate from the CA, use it to replace your self-signed certificate. For information, see Use an SSL certificate in macOS Server.