4 Replies Latest reply: Dec 11, 2012 7:43 AM by Masterofnonsense
Lucid773 Level 1 Level 1 (0 points)

I have a valid intermediate and wildcard SSL cert I purchased from GoDaddy.  My entire PC server fleet uses this same cert.  While I can find instructions on importing this cert into server 10.6, there seems to be no instructions on how to make it work with 10.8 server rev 2.2...

 

 

If someone with a good understanding wouldn't mind step by stepping this for me, I would be very appreciative.


Mac mini, OS X Server, Server App v2.2
  • 1. Re: Having a ton of trouble with the new 2.2 Server Application and trying to import a GoDaddy SSL Wildcard Cert
    UptimeJeff Level 4 Level 4 (3,390 points)

    Its a bit different now..

     

    In the left-column of Server 2.2, choose 'Certificates'

    With the gear at the bottom-right, choose 'Show All Certificates'

     

    By choosing Show All Certificates, the + button now presents additional options including the import feature.

     

    Its the same from here.

    Drag:

         1. Key

         2. Signed cert from godaddy

         3. Godaddy intermediate

     

    Note- If you simply copied the key from your old server, its probably RSA encrypted.

    Sounds like you've done this before, but just had trouble enabling the option in 2.2, so I wont take them time to detail how to import your existing RSA key,

     

    Hope that helps.

     

    Jeff

  • 2. Re: Having a ton of trouble with the new 2.2 Server Application and trying to import a GoDaddy SSL Wildcard Cert
    Lucid773 Level 1 Level 1 (0 points)

    I do not have a key from my old server.  How do I create one?

  • 3. Re: Having a ton of trouble with the new 2.2 Server Application and trying to import a GoDaddy SSL Wildcard Cert
    UptimeJeff Level 4 Level 4 (3,390 points)

    You need the key from the old server, or any other server which has the wildcart cert running.

     

    For OS X Server's native services, Server Admin keeps Certs/Keys in /private/etc/certificates.

    The key is stored RSA Encrypted.

    The passphrase to decrypt is stored in the keychain of that computer.

    You'll need to copy the key from the old computer and if you get it from /private/etc/certficates, you will need the passphrase to decrypt it.

    You can decrypt a key with

    sudo openssl RSA -in /private/etc/certificates/domain.com.key] -out ~/Desktop/domain.com-no-pass.key

    you will be asked for the passphrase, you can find this in the system keychain of that computer, you will notice the keyfile has a long string of nunbers/letters, search for that string in keychain, view it and choose Show Password.

     

    If you run any non-apple services (rumps, kerio, etc) the key may be stored somewhere not encrypted.

     

    It may be easier to re-key with godaddy. Godaddy makes rekeying simple, just generate a new CSR on your new server.

    NOTE: Any servers running from the old cert/key will no longer be valid if you do this.

     

    Best Practice Tip: Make it a habit of ALWAYS copying the complete package of:

         Non-encrypted key

         Signed Cert

         Intermediate Cert

    in a safe place as a zip with the cert name and expire date as the filename (SSL  domain.com exp-2013-10-31)

    storing the cert without RSA encryption makes is simple to load the cert somewhere else when needed.

  • 4. Re: Having a ton of trouble with the new 2.2 Server Application and trying to import a GoDaddy SSL Wildcard Cert
    Masterofnonsense Level 1 Level 1 (10 points)

    In addition to what UptimeJeff said above.  Your certificate cannot work without the originally generated key.  Another way to backup your cert and key is to use Keychain Access. 

     

    • Choose the "System" keychain.
    • Select "Certificates" from the Category section
    • Certificates that have a disclosure triangle to the left of them are ones that have a private key.  You can see this by clicking the triangle.
    • Select the certificate and choose "Export Items..."
    • You will be prompted to create a filename and choose the file format.  You want the "Personal Information Exchange" P12 format.
    • You will then be asked to create a password to encrypt the key.
    • You can now take this file to another computer, Apple or Windows and import the certificate with the key. 
    • You will be prompted for the password you created when importing.