4 Replies Latest reply: Aug 16, 2010 3:24 PM by Tim Bloom1
Tim Bloom1 Level 1 (110 points)
Hey Everyone,

I have an Xserve here that we just migrated to from a 10.4.11 server. I need to get our SSL certificate updated for use on the new server. When I generate a Certificate Signing Request it no longer asks you to fill out the information for your organization. It appears to just pull it from the server's registration. This organization's name has a comma in it, and NetworkSolutions rejects it.

When I attempt to change the Organization or Registered To fields in Server Admin and choose to save, it always reverts back to what it was before. Does anybody know why it would not allow me to change these?

Beyond that, is there a way to access the old assistant to generate a CSR and fill in the fields manually? Even CLI would be fine if it's not too much of a headache.

Mac OS X (10.6.4)
  • Tim Bloom1 Level 1 (110 points)
    Has anyone ever ran across this problem or is it just me?
  • Gordon Davisson Level 3 (520 points)
    You can change the server's organization by editing the file /etc/systemserialnumbers/xsvr (the first line is the serial number, second is the registrant and organization, separated by a "|". If this doesn't work, try creating a new certificate, and this time enable "Let me override defaults", and it'll let you put in the Organization you want.
  • MrHoffman Level 6 (14,849 points)
    Or use a different certificate vendor, or call up the current certificate vendor and tell them to look at and resolve this, or (for your own systems and affiliated systems' use) use your own (free) certificate chain.

    Somewhat surprisingly, swapping certificate vendors isn't flagged by most web browsers, and that's arguably a risk itself.

    If you're not doing remote commercial access and if you have a trusted path to load the root certificate into your clients, then your own certificate is an option.
  • Tim Bloom1 Level 1 (110 points)
    I was able to do the "override" and put in the organization name manually and get the certificate issued properly via NetworkSolutions. I decided not to change the organization name manually after talking with an Apple engineer on the phone who stated that it's tied in with registration in their system. So I decided it was best to not mess with that if possible.