Create a self-signed certificate in macOS Server
If your server doesn’t have an SSL certificate, or if you need another one, start by creating a self-signed certificate.
Create a self-signed certificate
Select Certificates in the Server app sidebar.
Click and choose Show All Certificates.
Click , then choose Create a Certificate Identity from the pop-up menu.
In the Name field of the Certificate Assistant, enter your server’s fully qualified host name (for example, server.example.com).
Leave the other settings unchanged. Identity Type should be Self Signed Root, Certificate Type should be SSL Server, and “Let me override defaults” should be deselected.
Click Create, then click Continue when prompted.
You can choose the new self-signed certificate for the server. For information, see Use an SSL certificate in macOS Server.
You can also use the new self-signed certificate to request a signed certificate from a Certificate Authority. For instructions, see Obtain a trusted certificate in macOS Server.
Configure clients to trust a self-signed certificate
Clients need to be told to trust the self-signed certificate.
If you’re using a self-signed certificate with your server, you can prepopulate your Mac clients with the certificate by adding it to a configuration profile and then sending that profile to the Mac clients. For more information on how to create configuration profiles, see Work with configuration profiles in macOS Server.