wildcard ssl

I use a wild card for mine..

Where did you get your cert? If its from Go daddy you need a intermediate cert.

So in server app go to

Hardware>Settings then click edit beside SSL certificate

Click manage certs and hit the + and create certificate identity

On the first page of the wizard you want to check "override defaults" step through the rest of the wizard (pretty straight forward) until you get to the Subject Alternate Name extension. in the dNSName you want to enter *.mydomain.com. Finish the wizard and allow it access to your keychain.

Then use that cert and "generate certificate signing request (CSR) and use that to create your SSL. Download your certs. Go back into server app

Hardware>Settings then click edit beside SSL certificate

Select the cert you made and click on the gear "Replace Certicate with signed or renewed Cert" and drag in your server.mydomain.com.crt cert (the one you downloaded).

Next open up keychain access app and select:

System

Certificates

then drag in the intermediate cert (need to enter your local admin password)

That should link your cert up

Let me know if that makes sense

Unfortunately that is the extent of my limited knowledge....

I have not had any issues as long as I follow the steps.

Are you getting any kind of an error?

A certificate is a certificate, wildcard or not, Apple takes it all. Although I did have problems with a certificate not installing.

Try restarting the server. I think the Comodo Wildcard certificates work best in my case.

My SSL Cert is *.mydomain.com and I have no issues.

You might try clicking on edit by the SSL select the cert and go down to custom and select each service individually and see if that works.

I had the same issue but got it resolved. The problem was that I had added my wildcard certificate to the keychain before installing Server. This meant that the key file wasn't present in /etc/certificates - if you look in /etc/certificates you will see only 3 files for your wildcard cert (cert, chain and concat) but no 4th (key) file.

Here's how I fixed it:

Reverse the bad import:

1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> select wildcard certificate -> Remove

2. Open Keychain and remove the matching Private key

Import again correctly:

1. Server -> Hardware -> Settings -> SSL Certificate: Edit -> Manage Certificates -> Import a Certificate Identity -> drag in certificate file(s)

Now when you look in /etc/certificates you will see 4 files for your wildcard cert and Server.app will happily assign it to all services.

I had to get Server Manager back to 'Not Configured' before it would accept my Wildcard Cert for all services. iChat service was 'stuck' using my self signed certificate. I had to manually set iChat to 'None' then enable and disable iChat to clear it. Note that I was not using iChat before. I still had to enable and disable it to clear its certificate.

I could not get my wildcard certificate to work until I did this.

So... Did things change in Server 2.2? I don't see what you're referring to in the Certificates area. It's as though Apple has completely disabled the ability to issue a wildcard request.

Double-click on your certificate that you want to create a CSR for, then click the Renew button. I was flumoxed by this at first as well. There appears to be a bug where you are required to enter the Department name in the form, I just entered "n/a", and everything went through fine.

~Mike

I tried to renew, and it still won't let me enter an * for the subdomain. Everything else is filled out in the form. Any ideas?

Mac OS X Server 10.8 GUI does not support creation of wildcard CSRs. The workaround is to create one through the terminal using openssl as described here:

http://www.digicert.com/csr-creation-apache.htm

I had the same problem today.

Turns out that the '+' sign in the certificates tab of server app has a menu.

This menu allows you to import the certificate.

Then it works.

The problem is:

Server app 2.2.1 has a bug.

The menu will not show up most of the time...