Apple Intelligence now features Image Playground, Genmoji, Writing Tools enhancements, seamless support for ChatGPT, and visual intelligence.

Apple Intelligence has also begun language expansion with localized English support for Australia, Canada, Ireland, New Zealand, South Africa, and the U.K. Learn more >

You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Importing certificates into MacOS Server

Yeah, I know this is antique software. But we use it to run a shared household calendar server on an antique Mini running Sierra (the last release Server runs on), and it still works fine. Maybe a fellow antique user can help me out.


I spent like six hours tonight trying to generate a formal (not self-signed) security certificate from Let's Encrypt. (The calendar server is open to the Internet because we use it while on the road.) Much time wasted because the process needed brew, brew no longer works on Sierra, etc., etc. Finally ran the certificate generation process from a more modern machine, and copied the resulting files over to the old Mini. This ---> <--- close to success, right?


I can't get Server to import the private key.


When I drag the "privkey1.pem" file into the box that says "Drag a file containing your private key here," I get an error dialog box saying that the contents are unrecognizable. It surely looks well-formed to me in Text Edit.


Do I perhaps have a suffix issue? I see a lot of hints on the web that talk about installing files to OS Server that end in .crt and .p12 . I did notice that although Server doesn't outright reject the other three files, it bundles them in as "extra non-identity certificates" and doesn't recognize the public certificate file for what it is.


As a test, I dragged all these files into Keychain Access. The cert1.pem file seemed to create a well-formed certificate, and the other two at least weren't rejected, though I'm not sure where they went, if anywhere... but the privkey1.pem file got rejected. For giggles, I exported the certificate, which created a .crt file (hm!). I tried feeding that into Server, but it stuck it under "extra non-identity certificates" again.


I'm bumfuzzled, bleary-eyed, and going to bed.


Appreciate any assistance.





Mac mini

Posted on Feb 12, 2023 6:26 AM

Reply
Question marked as Top-ranking reply

Posted on Feb 12, 2023 4:03 PM


The folks at Let's Encrypt diagnosed this problem overnight.

Mac OS Server is too old to digest the newer ECDSA certificates, which are now generated by default.

Adding "--key-type rsa" to the certificate creation command generates the old style that it likes.

Up and working now.

Similar questions

1 reply
Question marked as Top-ranking reply

Feb 12, 2023 4:03 PM in response to macswe


The folks at Let's Encrypt diagnosed this problem overnight.

Mac OS Server is too old to digest the newer ECDSA certificates, which are now generated by default.

Adding "--key-type rsa" to the certificate creation command generates the old style that it likes.

Up and working now.

Importing certificates into MacOS Server

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.