User profile for user: Morris Zwick
Morris Zwick Author
User level: Level 1
6 points

Can't install a wildcard SSL certificate

Running ML Server. I have a GoDaddy issued wildcard SSL certificate to *.mydomain.com. The certificate is currently installed on a different (non-Mac OS) server. I am able to cut and paste the main certificate, private key and other chain certificates from that server's interface and paste into a text file using TextWrangler. On the OS X server I deleted all of the old certificates in KeyChain (this server had an old wildcard version of the certificate before), deleted the old wildcard cert in Server.app and deleted the corresponding files in /etc/certificates


I then created a new self-signed certificate for *.mydomain.com in Server.app, then selected it, went to Manage Certificates and tried up update the self-signed certifcate with the signed certificate using the Server.app interface. The interface enables you to drag and drop certifcate and chain files to add.


However, this is where it gets strange...


The first time I drag the certificate file to the interface, I get the green + symbol, let go and nothing happens. If I do it again, the interface lights up green again, but this time it adds it to the Non-identify certificate list. I am able to replicate this every time!


Why does the interface show me the first time that I can drag the file, but does nothing, and then the second time adds it as a non-identity certificate? Same behavior happens if I start with the chain certificate as well.


I can confirm that the four certificate files show up in /etc/certificates, but they appear to be generated by the self-signed certificate creation.


Any insights appreciated! TAA

Mac mini, OS X Server

Posted on Nov 20, 2012 4:37 PM

Reply
5 replies
User profile for user: Morris Zwick
Morris Zwick Author
User level: Level 1
6 points

Nov 21, 2012 6:28 AM in response to mkuehn

Thanks for your reply!


When I drop the certificate file and the chain file into Keychain, everything seems to go just fine. However, when I try to drop the Private Key file, I get "An Error Has Occured. Cannot Import Item. The contents of this item cannot be retrieved.". The private key file was a cut and paste into a text file just like the other two. Does it somehow need to be converted to another form? Also, should I have deleted the self-signed key for the same wildcard domain that is already in Server.app first?

Reply
User profile for user: mkuehn
mkuehn
User level: Level 1
18 points

Nov 21, 2012 6:44 AM in response to Morris Zwick

In fact i had the same issue last week and i could only solve it by exporting the key with the certificate in a PCKS12 file. Fortunately this is supported by the windows certificate manager where the certificate was originally installed.


You could take your key and certificate files and merge them into a PKCS12 file using openssl (go to terminal, it is installed on an OSX box) and fire the following command (and change the filenames ;-)):


openssl pkcs12 -export -inkey openssl_key.pem -in openssl_crt.pem -out openssl_key_crt.p12 -name openssl_key_crt


The openssl tool requests a passphrase for the created file that you will need to provide again when the key is imported into the keychain.


Good luck with it

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Can't install a wildcard SSL certificate

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up