Previous 1 2 Next 21 Replies Latest reply: Aug 27, 2015 9:03 AM by Holonsys
eysfilm Level 1 Level 1

So our company has a Wildcard SSL Certificate that we use for most of our websites, and I've just setup a new 10.8 server for the use of profile manager.  I've added our Wildcard SSL certificate to the systems keychain and trusted in but for the life of me I can't get the SSL Cert to take.  I see it listed in the Server manager and select it and save the changes, but then I open up the SSL Cert again and there is nothing selected.


Any ideas?


Thanks in advance.

Mac mini, OS X Mountain Lion (10.8.2)
  • stephen.willis.smith Level 1 Level 1

    I use a wild card for mine..


    Where did you get your cert?  If its from Go daddy you need a intermediate cert.

  • stephen.willis.smith Level 1 Level 1

    So in server app go to


    Hardware>Settings then click edit beside SSL certificate


    Click manage certs and hit the + and create certificate identity


    On the first page of the wizard you want to check "override defaults"  step through the rest of the wizard (pretty straight forward) until you get to the Subject Alternate Name extension.  in the dNSName you want to enter *  Finish the wizard and allow it access to your keychain.


    Then use that cert and "generate certificate signing request (CSR) and use that to create your SSL.  Download your certs.  Go back into server app

    Hardware>Settings then click edit beside SSL certificate

    Select the cert you made and click on the gear "Replace Certicate with signed or renewed Cert"  and drag in your cert (the one you downloaded).


    Next open up keychain access app and select:




    then drag in the intermediate cert (need to enter your local admin password)


    That should link your cert up


    Let me know if that makes sense

  • eysfilm Level 1 Level 1

    Thanks Stephen for the information.  It is a GoDaddy cert and I did import their intermediate cert too.

    Still no luck.


    The additional steps you provided are for requesting a new cert, but I can't do this as we use the wildcard on a bunch of other servers.  I've just eported our main wildcard cert and import that into our required web hosts.

    It imports fine on to the Mac, but for whatever reason it's not taking in the server setting (Hardware > Settings > SSL).


    Any other suggestions?


  • stephen.willis.smith Level 1 Level 1

    Unfortunately that is the extent of my limited knowledge....

    I have not had any issues as long as I follow the steps.


    Are you getting any kind of an error?

  • eysfilm Level 1 Level 1

    No error message, which is the strange this.  I select the Wilcard SSL, Apply it and then open it back up and 'none' is selected.


    Stragne stuff....  Only thing I can think of is that the SSL name starts with *  (*  Maybe Apple doesn't like that?

  • Mark23 Level 3 Level 3

    A certificate is a certificate, wildcard or not, Apple takes it all. Although I did have problems with a certificate not installing.


    Try restarting the server. I think the Comodo Wildcard certificates work best in my case.

  • stephen.willis.smith Level 1 Level 1

    My SSL Cert is * and I have no issues. 



    You might try clicking on edit by the SSL select the cert and go down to custom and select each service individually and see if that works. 

  • eysfilm Level 1 Level 1

    Thanks for the tips.  I was doing the custom options.  The wildcard SSL actually works for the other options, but just not the websites.  I'm not too sure what's going on.


    I'm kind of abonding ship with this.  I'll just use our company's internal signed certs for now. Stops the errors internally atleast, but extrnal use still has the errors.


    Thanks everyone for the help.

  • davidbpirie Level 1 Level 1

    I had the same issue but got it resolved. The problem was that I had added my wildcard certificate to the keychain before installing Server. This meant that the key file wasn't present in /etc/certificates - if you look in /etc/certificates you will see only 3 files for your wildcard cert (cert, chain and concat) but no 4th (key) file.

    Here's how I fixed it:


    Reverse the bad import:

    1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> select wildcard certificate -> Remove

    2. Open Keychain and remove the matching Private key


    Import again correctly:

    1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> Import a Certificate Identity -> drag in certificate file(s)


    Now when you look in /etc/certificates you will see 4 files for your wildcard cert and will happily assign it to all services.

  • Angus Fox Level 1 Level 1

    I had to get Server Manager back to 'Not Configured' before it would accept my Wildcard Cert for all services. iChat service was 'stuck' using my self signed certificate. I had to manually set iChat to 'None' then enable and disable iChat to clear it. Note that I was not using iChat before. I still had to enable and disable it to clear its certificate.


    I could not get my wildcard certificate to work until I did this.

  • DSHJ Level 1 Level 1

    So... Did things change in Server 2.2? I don't see what you're referring to in the Certificates area. It's as though Apple has completely disabled the ability to issue a wildcard request.

  • Miggl Level 1 Level 1

    Double-click on your certificate that you want to create a CSR for, then click the Renew button. I was flumoxed by this at first as well. There appears to be a bug where you are required to enter the Department name in the form, I just entered "n/a", and everything went through fine.



  • DSHJ Level 1 Level 1

    I tried to renew, and it still won't let me enter an * for the subdomain. Everything else is filled out in the form. Any ideas?

  • aw_mpls Level 1 Level 1

    Mac OS X Server 10.8 GUI does not support creation of wildcard CSRs. The workaround is to create one through the terminal using openssl as described here:


Previous 1 2 Next