Skip navigation

wildcard ssl

5411 Views 18 Replies Latest reply: Feb 21, 2014 11:11 AM by kristin. RSS
1 2 Previous Next
eysfilm Level 1 Level 1 (0 points)
Currently Being Moderated
Oct 2, 2012 3:24 PM

So our company has a Wildcard SSL Certificate that we use for most of our websites, and I've just setup a new 10.8 server for the use of profile manager.  I've added our Wildcard SSL certificate to the systems keychain and trusted in but for the life of me I can't get the SSL Cert to take.  I see it listed in the Server manager and select it and save the changes, but then I open up the SSL Cert again and there is nothing selected.

 

Any ideas?

 

Thanks in advance.

Mac mini, OS X Mountain Lion (10.8.2)
  • stephen.willis.smith Level 1 Level 1 (65 points)
    Currently Being Moderated
    Oct 2, 2012 6:30 PM (in response to eysfilm)

    I use a wild card for mine..

     

    Where did you get your cert?  If its from Go daddy you need a intermediate cert.

  • stephen.willis.smith Level 1 Level 1 (65 points)
    Currently Being Moderated
    Oct 2, 2012 6:49 PM (in response to stephen.willis.smith)

    So in server app go to

     

    Hardware>Settings then click edit beside SSL certificate

     

    Click manage certs and hit the + and create certificate identity

     

    On the first page of the wizard you want to check "override defaults"  step through the rest of the wizard (pretty straight forward) until you get to the Subject Alternate Name extension.  in the dNSName you want to enter *.mydomain.com.  Finish the wizard and allow it access to your keychain.

     

    Then use that cert and "generate certificate signing request (CSR) and use that to create your SSL.  Download your certs.  Go back into server app

    Hardware>Settings then click edit beside SSL certificate

    Select the cert you made and click on the gear "Replace Certicate with signed or renewed Cert"  and drag in your server.mydomain.com.crt cert (the one you downloaded).

     

    Next open up keychain access app and select:

    System

    Certificates

     

    then drag in the intermediate cert (need to enter your local admin password)

     

    That should link your cert up

     

    Let me know if that makes sense

  • stephen.willis.smith Level 1 Level 1 (65 points)
    Currently Being Moderated
    Oct 3, 2012 3:16 AM (in response to eysfilm)

    Unfortunately that is the extent of my limited knowledge....

    I have not had any issues as long as I follow the steps.

     

    Are you getting any kind of an error?

  • Mark23 Level 3 Level 3 (975 points)
    Currently Being Moderated
    Oct 3, 2012 12:08 PM (in response to eysfilm)

    A certificate is a certificate, wildcard or not, Apple takes it all. Although I did have problems with a certificate not installing.

     

    Try restarting the server. I think the Comodo Wildcard certificates work best in my case.

  • stephen.willis.smith Level 1 Level 1 (65 points)
    Currently Being Moderated
    Oct 3, 2012 12:52 PM (in response to Mark23)

    My SSL Cert is *.mydomain.com and I have no issues. 

     

     

    You might try clicking on edit by the SSL select the cert and go down to custom and select each service individually and see if that works. 

  • davidbpirie Calculating status...
    Currently Being Moderated
    Oct 29, 2012 3:31 PM (in response to eysfilm)

    I had the same issue but got it resolved. The problem was that I had added my wildcard certificate to the keychain before installing Server. This meant that the key file wasn't present in /etc/certificates - if you look in /etc/certificates you will see only 3 files for your wildcard cert (cert, chain and concat) but no 4th (key) file.

    Here's how I fixed it:

     

    Reverse the bad import:

    1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> select wildcard certificate -> Remove

    2. Open Keychain and remove the matching Private key

     

    Import again correctly:

    1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> Import a Certificate Identity -> drag in certificate file(s)

     

    Now when you look in /etc/certificates you will see 4 files for your wildcard cert and Server.app will happily assign it to all services.

  • Angus Fox Level 1 Level 1 (90 points)
    Currently Being Moderated
    Dec 11, 2012 1:14 AM (in response to eysfilm)

    I had to get Server Manager back to 'Not Configured' before it would accept my Wildcard Cert for all services. iChat service was 'stuck' using my self signed certificate. I had to manually set iChat to 'None' then enable and disable iChat to clear it. Note that I was not using iChat before. I still had to enable and disable it to clear its certificate.

     

    I could not get my wildcard certificate to work until I did this.

  • DSHJ Calculating status...
    Currently Being Moderated
    Dec 18, 2012 1:12 AM (in response to stephen.willis.smith)

    So... Did things change in Server 2.2? I don't see what you're referring to in the Certificates area. It's as though Apple has completely disabled the ability to issue a wildcard request.

  • Miggl Level 1 Level 1 (75 points)
    Currently Being Moderated
    Dec 27, 2012 12:52 PM (in response to DSHJ)

    Double-click on your certificate that you want to create a CSR for, then click the Renew button. I was flumoxed by this at first as well. There appears to be a bug where you are required to enter the Department name in the form, I just entered "n/a", and everything went through fine.

     

    ~Mike

  • DSHJ Level 1 Level 1 (45 points)
    Currently Being Moderated
    Jan 9, 2013 11:24 AM (in response to Miggl)

    I tried to renew, and it still won't let me enter an * for the subdomain. Everything else is filled out in the form. Any ideas?

  • aw_mpls Calculating status...
    Currently Being Moderated
    Feb 10, 2013 3:59 PM (in response to DSHJ)

    Mac OS X Server 10.8 GUI does not support creation of wildcard CSRs. The workaround is to create one through the terminal using openssl as described here:

     

    http://www.digicert.com/csr-creation-apache.htm

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.