Skip navigation

wildcard ssl

5424 Views 18 Replies Latest reply: Feb 21, 2014 11:11 AM by kristin. RSS
  • qurt Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 9, 2013 7:02 AM (in response to eysfilm)

    I had the same problem today.

     

    Turns out that the '+' sign in the certificates tab of server app has a menu.

    This menu allows you to import the certificate.

    Then it works.

     

    The problem is:

    Server app 2.2.1 has a bug.

    The menu will not show up most of the time...

  • mryken Level 1 Level 1 (0 points)
    Currently Being Moderated
    Apr 24, 2013 12:32 PM (in response to eysfilm)

    I was having the same issue today and couldn't figure it out.  Then I finally stumbled upon this recent knowledge base article:

     

    http://support.apple.com/kb/TS4539

     

    It worked like a charm.

  • JeffA_Irvine Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 17, 2013 5:09 PM (in response to eysfilm)

    Jeff notes: Creating Wildcard SSL certificate for email server

    5/17/13

     

    Overview

    Server.app v2.2.1 uses Certificate Assistant to create CSR (Certificate Signing Requests). Certificate Assistant doesn't support the creation of a Wildcard CSR. Entering the wildcard *.domain.com  within the corresponding Certificate Assistant's Name field will not be accepted. This means the CSR and the private.key must be created from the command line using openssl.

     

    SSL Certificates that are used by OS X server based services are stored within the following directory:

    /etc/certificates

     

    For OS X server based services to use a SSL certificate, each certificate must have the following four files located within /etc/certificates.

    1. The certificate trust chain (chain.pem)

    2. The certificate (cert.pem)

    3. The key (key.pem)

    4. The Concatenated certificate with its private key (concat.pem)

     

    Notes

    -If any one of the four files are missing, Serveradmin.app will not allow a SSL certificate to be assigned to a service:

     

    -Each of the files name will contain the common name of the certificate followed by the SHA1 hash from the certificate.

     

    See

    http://support.apple.com/kb/TS4539

     

     

    CREATE AND INSTALL A WILDCARD SSL CERTIFICATE

     

    On the OS X 10.8.3 server, do the following:

    1. mkdir ~/Desktop/wildcardssl

     

    2. cd ~/Desktop/wildcardssl

     

    3. Create a CSR (Certificate Signing Request)

     

    With password on private key:

     

    openssl req -out CSR.csr -new -newkey rsa:2048 -keyout privateKey.key

     

    OPTIONAL: Without DES password on private key:

    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

     

    Two files will be created: (1) CSR.csr and (2) privatekey.key. The CSR is sent to the CA (Certificate Authority) for verification. They will send back a signed certificate.

     

    OPTIONAL: To view the contents of the CSR in plain text and verify:

    openssl req -text -noout -verify -in CSR.csr

     

    OPTIONAL: To view the contents of the privateKey.key and check:

    openssl rsa -in privateKey.key -check

     

    4. Submit the contents of the CSR.csr file. Use cat to view the contents and then copy and paste.

     

    cat CSR.csr

     

    I found an inexpensive site to purchase RapidSSL wildcard certificates. Last price was $99 each.

    http://cheapssls.com

     

    5a. After following the required steps, a Web Server Certificate and Intermediate CA will be emailed back to you.

     

    5b. Create a nano file and copy and paste the Web Server CERTIFICATE portion of the email into nano and save.

     

    nano cert.crt

     

    OPTIONAL: To view the contents of the certificate in plain text:

    openssl x509 -in cert.crt -text -noout

     

    6. Create another nano file and copy the intermediate CA text portion into it and save:

     

    nano rapidssl_intermediate_ca.crt

     

     

    7a. Now it's time to create the four certificate files that OS X Server.app requires for the wildcard SSL certificate to function properly. 

     

    7b. Open Server.app v2.2.1 and select Certificates

     

    7c. Locate the Gear Popup menu, and select "Show All Certificates".

     

    7d. Click the Plus symbol to the left of the Gear popup menu and select "Import a Certificate Identity…"

     

    7e. Drag the cert.crt, privateKey.key, and rapidssl_intermediate_ca.crt into the dialog window that appears and click the "Import" button.

     

    Now match the wildcard SSL with all the Services you desire.

    8. Locate the "Secure Services using:" popup menu and select  "Custom".

     

    9a. Archive (.zip) the Wildcard SSL folder located on the desktop and then copy it to a different secure location.

    9b. Delete both the original and the archive from the server.

     

    Done

     

    OPTIONAL: Move wildcard certificate to another OS X server.

    A. Archive (.zip) the Wildcard SSL folder on the Desktop and copy it to new server.

    B. Repeat the above steps 7a - 9b.

     

     

    Reference:

    http://support.apple.com/kb/TS4539

    Commonly used commands can be found here:

    http://www.sslshopper.com/article-most-common-openssl-commands.html

    Server.app v2.2.1, OS X Server
  • kristin. Level 2 Level 2 (230 points)
    Currently Being Moderated
    Feb 21, 2014 11:11 AM (in response to JeffA_Irvine)

    JeffA_Irvine—THANK YOU!!!

    I've been wresting with getting a wildcard SSL (via RapidSSL) working under OS X Server (tried various versions, based on RapidSSLs instructions—none worked properly—keychain always barfed on the wildcard star "*"). But, followed your instructions, and literally had it completed within 15 minutes, from start to finish. So, again, THANK YOU!!!

    Kristin.

1 2 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.