SSL Certificate Advanced Administration - How Does It Work?
Is there any documentation for advanced administration of SSL certificates on Lion Server? I see that Apple's documentation page Lion Server: Advanced Administration covers SSL certs, but makes no mention creating/signing new certificates with Open Directory in use. I've run into a host of annoyingly simple SSL cert problems that arise from using Apple's defaults -- with apparently no documentation to fix them.
- Is it necessary that the server's [LAN FQDN server.computer.private] SSL cert be signed by the automatically created Intermediate CA "server.computer.private OD Intermediate CA"? This CA is created by the Server app Mange>Manage Network Accounts...
- How do I create a SSL cert that works for both my computer's LAN FQDN server.computer.private and its internet FQDN mydomainname.com?
- If I create a new self-signed certificate when OD is already set up, what must I do?
- How do I sign my server's SSL cert using my own root CA?
Whenever I try to change any SSL certs on my own, everything breaks. I have an Apple support account, but Enterprise Support says that these basic questions go beyond the support agreement. Is there documentation anywhere that explains any of these issues? Surely someone has figured out how to set up Lion Server to work securely both on the LAN and the internet, or to use their own root CA.
Mac mini, Mac OS X (10.7.1), 8 GB