User profile for user: tom lynch2
tom lynch2 Author
User level: Level 1
26 points

Where is my private key located after using certificate assistant

My server certificate is expiring. When I tried to create a CSR using the current certificate, my new CA authority would not accept it. So I used certificate assistant to generate a new CSR. This CSR was accepted by the CA and I received a new certificate. When I try to replace the expiring certificate in Server Admin, I get a dialogue stating that the new certificate does not match the private key. If I try to add the new certificate, the dialogue box asks for a file containing my private keys. Where did certificate assistant store the private key that it used to create the CSR?


I can add the certificate to the server keychain using keychain assistant and it shows that it is valid - certificate assistant verifies that the certificate is valid.


Any help would be appreciated.


Thanks

Posted on Jul 23, 2011 9:07 AM

Reply
5 replies
User profile for user: MrHoffman
MrHoffman
User level: Level 10
146,671 points

Nov 23, 2011 1:24 PM in response to cardiacmink

This looks to be a different question.


In no particular order...


Please start your own thread. Please include details of your configuration, including your Mac OS X Server version.


What did Apple recommend you try? (And that apparently didn't work?) Did they provide you with any additional steps or suggestions or diagnoses - maybe suggesting a recovery from backup or a reinstallation?


There are some existing discussions of that error sequence; see this - servermgrd is probably tangled up, and your keychain may be tangled.


If this is 10.6, I've had better luck using Certificate Assistant and related tools, and then working with Server Admin.

Reply
User profile for user: MrHoffman
MrHoffman
User level: Level 10
146,671 points

Jul 23, 2011 10:18 AM in response to tom lynch2

You're not updating the cert, you're replacing it with a different certificate.


Server Admin can get somewhat confused here.


Try using Keychain, transfer both the private certificate and the CSR and the newly-loaded signed certificate into the system keychain, then wander over to Server Admin and select the certificate, and you should find things working.

Reply
User profile for user: cardiacmink
cardiacmink
User level: Level 1
5 points

Nov 23, 2011 12:09 AM in response to tom lynch2

i've been having loads of issues with the certificate. I created a new certificate deleted the old ( after turning off SSL on all services) then selected the new one. All services seem to choose the certificate except open directory. Whenever I select use SSL, and select the certificate I get the following error:


Uncaught exception raised in Open Directory client-side plugin.

Sorry but the feature you tried to access cannot be used. Exception is:


In updateDescriptionFromConfigurationView: NSInvalidArgumentException -[_NSCFDictionarysetObject:forKey:] attempt to insert nil value (key: locales).


I checked the keychain, my old expired cert is still there with its keys, while no new keys have been generated.

I Apple on the phone and they weren't very helpful


Any suggestions


j

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Where is my private key located after using certificate assistant

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up