Installing trusted SSL certificates on 10.5 Server -- anyone successful?
I've got a freshly-intalled 10.5 server directly connected to the internet. The ideal goal is to use it as a workgroup/collaboration server for a small group of distributed people who are scattered all over the place geographically.
My problem is that I can't use the GUI certificate manager to successfully import GoDaddy.com signed SSL certificates. I can create the self-signed cert, create the CSR request just fine. When the signed cert comes back from the vendor I try to bring it into the Certificate Manager and I just get nothing back -- no message, no error, no log entries. Just a certificate management interface that still lists my cert as unsigned and untrusted. Any attempts to use SSL protected services will verify that the cert being offered up is still self-signed.
I did get the webserver to secure itself properly by using command line OpenSSL commands to create the private key and CSR. Manually importing the key, cert and CA files will work and will create a good webserver. The problem with this method is that only the webserver is protected. Attempts to use the Certificate with iChat and iCal servers result in errors.
Has anyone been successful with this? It seems many people are using 10.5 server within a firewall where short non-fully-qualified hostnames and bonjour networking can be used. I need this 10.5 server connected to the internet and I need to protect OD, iChat, iCal and Apache via SSL. The workarounds I see posted for iCal and iChat problems all seem to involve either disabling SSL or using a shortname instead of a fully qualified hostname.
My problem is that I can't use the GUI certificate manager to successfully import GoDaddy.com signed SSL certificates. I can create the self-signed cert, create the CSR request just fine. When the signed cert comes back from the vendor I try to bring it into the Certificate Manager and I just get nothing back -- no message, no error, no log entries. Just a certificate management interface that still lists my cert as unsigned and untrusted. Any attempts to use SSL protected services will verify that the cert being offered up is still self-signed.
I did get the webserver to secure itself properly by using command line OpenSSL commands to create the private key and CSR. Manually importing the key, cert and CA files will work and will create a good webserver. The problem with this method is that only the webserver is protected. Attempts to use the Certificate with iChat and iCal servers result in errors.
Has anyone been successful with this? It seems many people are using 10.5 server within a firewall where short non-fully-qualified hostnames and bonjour networking can be used. I need this 10.5 server connected to the internet and I need to protect OD, iChat, iCal and Apache via SSL. The workarounds I see posted for iCal and iChat problems all seem to involve either disabling SSL or using a shortname instead of a fully qualified hostname.
Mac OS X (10.5)
