We are attempting to set up Profile Manager to manage the Macs on our AD domain. We have a valid certificate for the server's web services, and users can hit it with https just fine. When enrolling a device with Profile Manager, we realized we needed a valid code signing certificate so that the users are not prompted with warnings during the install. I purchased a code signing certificate from GoDaddy and have been attempting to import this into Server.app so that I can assign it to the Profile Manager install.
I'm running 10.8.4 with the latest version of the server.app.
Here are the basic steps as I understand it:
- Under certificates in the server.app, click the + and choose "Get a Truste Certificate..."
- Fill out the company information.
- A CSR is generated. Copy the CSR.
- Log in to the CA site, in my case GoDaddy.
- Rekey the cert using the CSR just generated.
- Download the rekeyed cert from the CA. In my case, it is a .pem file with what appears to be 3 certificates in it.
- Back in server.app, select the pending cert and click the gear icon.
- Choose View Certificate Signing Request.
- Drop the cert file from the CA into the window as instructed.
Here is where mine fails I get the following error in the log:
Error: The server '127.0.0.1' reported an error while processing a command of type: 'importCertificates' in plug-in: 'servermgr_certs'. Error: Error Domain=com.apple.servermgr_certs Code=-67811 "none of the imported certificates matched a public/private key pair in the keychain"
I also tried going in to the Profile Manager settings, clicking edit, then Import and dropping the .pem file in that way. Unfortunately no keys accompany the cert so the Import button remains grayed out after that. As another shot, I opened the certs via finder and imported them to the Keychain app, unfortunately this did not make a differnce in the error. Now I understand that I could just use a self signed cert and enroll my devices, ignoring the warning. Unfortunately our CIO uses a Mac and has already decided we must have the cert in place and working before roll out. Any help would be greatly appreciated, thanks!