1 2 Previous Next 19 Replies Latest reply: Jun 2, 2014 2:00 PM by KPowerbookG4
eysfilm Level 1 Level 1 (0 points)

So our company has a Wildcard SSL Certificate that we use for most of our websites, and I've just setup a new 10.8 server for the use of profile manager.  I've added our Wildcard SSL certificate to the systems keychain and trusted in but for the life of me I can't get the SSL Cert to take.  I see it listed in the Server manager and select it and save the changes, but then I open up the SSL Cert again and there is nothing selected.

 

Any ideas?

 

Thanks in advance.


Mac mini, OS X Mountain Lion (10.8.2)
  • 1. Re: wildcard ssl
    stephen.willis.smith Level 1 Level 1 (65 points)

    I use a wild card for mine..

     

    Where did you get your cert?  If its from Go daddy you need a intermediate cert.

  • 2. Re: wildcard ssl
    stephen.willis.smith Level 1 Level 1 (65 points)

    So in server app go to

     

    Hardware>Settings then click edit beside SSL certificate

     

    Click manage certs and hit the + and create certificate identity

     

    On the first page of the wizard you want to check "override defaults"  step through the rest of the wizard (pretty straight forward) until you get to the Subject Alternate Name extension.  in the dNSName you want to enter *.mydomain.com.  Finish the wizard and allow it access to your keychain.

     

    Then use that cert and "generate certificate signing request (CSR) and use that to create your SSL.  Download your certs.  Go back into server app

    Hardware>Settings then click edit beside SSL certificate

    Select the cert you made and click on the gear "Replace Certicate with signed or renewed Cert"  and drag in your server.mydomain.com.crt cert (the one you downloaded).

     

    Next open up keychain access app and select:

    System

    Certificates

     

    then drag in the intermediate cert (need to enter your local admin password)

     

    That should link your cert up

     

    Let me know if that makes sense

  • 3. Re: wildcard ssl
    eysfilm Level 1 Level 1 (0 points)

    Thanks Stephen for the information.  It is a GoDaddy cert and I did import their intermediate cert too.

    Still no luck.

     

    The additional steps you provided are for requesting a new cert, but I can't do this as we use the wildcard on a bunch of other servers.  I've just eported our main wildcard cert and import that into our required web hosts.

    It imports fine on to the Mac, but for whatever reason it's not taking in the server setting (Hardware > Settings > SSL).

     

    Any other suggestions?

    Thanks.

  • 4. Re: wildcard ssl
    stephen.willis.smith Level 1 Level 1 (65 points)

    Unfortunately that is the extent of my limited knowledge....

    I have not had any issues as long as I follow the steps.

     

    Are you getting any kind of an error?

  • 5. Re: wildcard ssl
    eysfilm Level 1 Level 1 (0 points)

    No error message, which is the strange this.  I select the Wilcard SSL, Apply it and then open it back up and 'none' is selected.

     

    Stragne stuff....  Only thing I can think of is that the SSL name starts with *  (*.domain.com).  Maybe Apple doesn't like that?

  • 6. Re: wildcard ssl
    Mark23 Level 3 Level 3 (975 points)

    A certificate is a certificate, wildcard or not, Apple takes it all. Although I did have problems with a certificate not installing.

     

    Try restarting the server. I think the Comodo Wildcard certificates work best in my case.

  • 7. Re: wildcard ssl
    stephen.willis.smith Level 1 Level 1 (65 points)

    My SSL Cert is *.mydomain.com and I have no issues. 

     

     

    You might try clicking on edit by the SSL select the cert and go down to custom and select each service individually and see if that works. 

  • 8. Re: wildcard ssl
    eysfilm Level 1 Level 1 (0 points)

    Thanks for the tips.  I was doing the custom options.  The wildcard SSL actually works for the other options, but just not the websites.  I'm not too sure what's going on.

     

    I'm kind of abonding ship with this.  I'll just use our company's internal signed certs for now. Stops the errors internally atleast, but extrnal use still has the errors.

     

    Thanks everyone for the help.

  • 9. Re: wildcard ssl
    davidbpirie Level 1 Level 1 (0 points)

    I had the same issue but got it resolved. The problem was that I had added my wildcard certificate to the keychain before installing Server. This meant that the key file wasn't present in /etc/certificates - if you look in /etc/certificates you will see only 3 files for your wildcard cert (cert, chain and concat) but no 4th (key) file.

    Here's how I fixed it:

     

    Reverse the bad import:

    1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> select wildcard certificate -> Remove

    2. Open Keychain and remove the matching Private key

     

    Import again correctly:

    1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> Import a Certificate Identity -> drag in certificate file(s)

     

    Now when you look in /etc/certificates you will see 4 files for your wildcard cert and Server.app will happily assign it to all services.

  • 10. Re: wildcard ssl
    Angus Fox Level 1 Level 1 (90 points)

    I had to get Server Manager back to 'Not Configured' before it would accept my Wildcard Cert for all services. iChat service was 'stuck' using my self signed certificate. I had to manually set iChat to 'None' then enable and disable iChat to clear it. Note that I was not using iChat before. I still had to enable and disable it to clear its certificate.

     

    I could not get my wildcard certificate to work until I did this.

  • 11. Re: wildcard ssl
    DSHJ Level 1 Level 1 (45 points)

    So... Did things change in Server 2.2? I don't see what you're referring to in the Certificates area. It's as though Apple has completely disabled the ability to issue a wildcard request.

  • 12. Re: wildcard ssl
    Miggl Level 1 Level 1 (75 points)

    Double-click on your certificate that you want to create a CSR for, then click the Renew button. I was flumoxed by this at first as well. There appears to be a bug where you are required to enter the Department name in the form, I just entered "n/a", and everything went through fine.

     

    ~Mike

  • 13. Re: wildcard ssl
    DSHJ Level 1 Level 1 (45 points)

    I tried to renew, and it still won't let me enter an * for the subdomain. Everything else is filled out in the form. Any ideas?

  • 14. Re: wildcard ssl
    aw_mpls Level 1 Level 1 (0 points)

    Mac OS X Server 10.8 GUI does not support creation of wildcard CSRs. The workaround is to create one through the terminal using openssl as described here:

     

    http://www.digicert.com/csr-creation-apache.htm

1 2 Previous Next