In the following lines I will try to describe how to generate a SSL-Key and a corresponding CA-Cert so that you can be sure that your browser connects to the correct site. first generate a openssl key: openssl req -days 365 -new -x509 -nodes -out streamingadminserver.pem -keyout streamingadminserver.pem Fill out all the questions if you want, but you MUST use your hostname of your DSS as CN (Common Name). This key will last for one year. You can use more days if you want to. Now open the key with vi streamingadminserver.pem and remove the last block (everything between and including BEGIN CERTIFICATE and END CERTIFICATE). Now generate the CA-Cert: openssl req -days 365 -new -x509 -key streamingadminserver.pem -out my-ca-cert.pem Now append the certificate to the key with cat my-ca-cert.pem >> streamingadminserver.pem move the streamingadminserver.pem key to /etc/streaming, change the owner and the permissions sudo mv streamingadminserver.pem /etc/streaming/streamingadminserver.pem sudo chown qtss /etc/streaming/streamingadminserver.pem sudo chmod 600 /etc/streaming/streamingadminserver.pem Copy the "my-ca-cert.pem" to your desktop and doubleclick it. Keychain.app opens now. There should pop up a "Add Certificates" window. There select "X509Anchors" as Keychain and click OK. Now (maybe kill and) start the DSS with sudo /usr/local/sbin/streamingadminserver.pl Now you can connect to the DSS. You should see that Safari switches to port 1240. If not than you need to turn on SSL and try again. If everything works you should see the page without the "The certificate for this website was signed by an unknown certifying authority." message and there should be a lock in the upper right corner of Safari.