1 2 Previous Next 19 Replies Latest reply: Jun 2, 2014 2:00 PM by KPowerbookG4 Go to original post
  • 15. Re: wildcard ssl
    qurt Level 1 Level 1 (0 points)

    I had the same problem today.

     

    Turns out that the '+' sign in the certificates tab of server app has a menu.

    This menu allows you to import the certificate.

    Then it works.

     

    The problem is:

    Server app 2.2.1 has a bug.

    The menu will not show up most of the time...

  • 16. Re: wildcard ssl
    mryken Level 1 Level 1 (0 points)

    I was having the same issue today and couldn't figure it out.  Then I finally stumbled upon this recent knowledge base article:

     

    http://support.apple.com/kb/TS4539

     

    It worked like a charm.

  • 17. Re: wildcard ssl
    JeffA_Irvine Level 1 Level 1 (0 points)

    Jeff notes: Creating Wildcard SSL certificate for email server

    5/17/13

     

    Overview

    Server.app v2.2.1 uses Certificate Assistant to create CSR (Certificate Signing Requests). Certificate Assistant doesn't support the creation of a Wildcard CSR. Entering the wildcard *.domain.com  within the corresponding Certificate Assistant's Name field will not be accepted. This means the CSR and the private.key must be created from the command line using openssl.

     

    SSL Certificates that are used by OS X server based services are stored within the following directory:

    /etc/certificates

     

    For OS X server based services to use a SSL certificate, each certificate must have the following four files located within /etc/certificates.

    1. The certificate trust chain (chain.pem)

    2. The certificate (cert.pem)

    3. The key (key.pem)

    4. The Concatenated certificate with its private key (concat.pem)

     

    Notes

    -If any one of the four files are missing, Serveradmin.app will not allow a SSL certificate to be assigned to a service:

     

    -Each of the files name will contain the common name of the certificate followed by the SHA1 hash from the certificate.

     

    See

    http://support.apple.com/kb/TS4539

     

     

    CREATE AND INSTALL A WILDCARD SSL CERTIFICATE

     

    On the OS X 10.8.3 server, do the following:

    1. mkdir ~/Desktop/wildcardssl

     

    2. cd ~/Desktop/wildcardssl

     

    3. Create a CSR (Certificate Signing Request)

     

    With password on private key:

     

    openssl req -out CSR.csr -new -newkey rsa:2048 -keyout privateKey.key

     

    OPTIONAL: Without DES password on private key:

    openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key

     

    Two files will be created: (1) CSR.csr and (2) privatekey.key. The CSR is sent to the CA (Certificate Authority) for verification. They will send back a signed certificate.

     

    OPTIONAL: To view the contents of the CSR in plain text and verify:

    openssl req -text -noout -verify -in CSR.csr

     

    OPTIONAL: To view the contents of the privateKey.key and check:

    openssl rsa -in privateKey.key -check

     

    4. Submit the contents of the CSR.csr file. Use cat to view the contents and then copy and paste.

     

    cat CSR.csr

     

    I found an inexpensive site to purchase RapidSSL wildcard certificates. Last price was $99 each.

    http://cheapssls.com

     

    5a. After following the required steps, a Web Server Certificate and Intermediate CA will be emailed back to you.

     

    5b. Create a nano file and copy and paste the Web Server CERTIFICATE portion of the email into nano and save.

     

    nano cert.crt

     

    OPTIONAL: To view the contents of the certificate in plain text:

    openssl x509 -in cert.crt -text -noout

     

    6. Create another nano file and copy the intermediate CA text portion into it and save:

     

    nano rapidssl_intermediate_ca.crt

     

     

    7a. Now it's time to create the four certificate files that OS X Server.app requires for the wildcard SSL certificate to function properly. 

     

    7b. Open Server.app v2.2.1 and select Certificates

     

    7c. Locate the Gear Popup menu, and select "Show All Certificates".

     

    7d. Click the Plus symbol to the left of the Gear popup menu and select "Import a Certificate Identity…"

     

    7e. Drag the cert.crt, privateKey.key, and rapidssl_intermediate_ca.crt into the dialog window that appears and click the "Import" button.

     

    Now match the wildcard SSL with all the Services you desire.

    8. Locate the "Secure Services using:" popup menu and select  "Custom".

     

    9a. Archive (.zip) the Wildcard SSL folder located on the desktop and then copy it to a different secure location.

    9b. Delete both the original and the archive from the server.

     

    Done

     

    OPTIONAL: Move wildcard certificate to another OS X server.

    A. Archive (.zip) the Wildcard SSL folder on the Desktop and copy it to new server.

    B. Repeat the above steps 7a - 9b.

     

     

    Reference:

    http://support.apple.com/kb/TS4539

    Commonly used commands can be found here:

    http://www.sslshopper.com/article-most-common-openssl-commands.html

  • 18. Re: wildcard ssl
    kristin. Level 2 Level 2 (230 points)

    JeffA_Irvine—THANK YOU!!!

    I've been wresting with getting a wildcard SSL (via RapidSSL) working under OS X Server (tried various versions, based on RapidSSLs instructions—none worked properly—keychain always barfed on the wildcard star "*"). But, followed your instructions, and literally had it completed within 15 minutes, from start to finish. So, again, THANK YOU!!!

    Kristin.

  • 19. Re: wildcard ssl
    KPowerbookG4 Level 1 Level 1 (50 points)

    I would also like to add a HUGE THANK YOU to JeffA_Irvine.

     

    Hours of my life wasted--until now.  Back to work!

1 2 Previous Next