Having a ton of trouble with the new 2.2 Server Application and trying to import a GoDaddy SSL Wildcard Cert

Its a bit different now..

In the left-column of Server 2.2, choose 'Certificates'

With the gear at the bottom-right, choose 'Show All Certificates'

By choosing Show All Certificates, the + button now presents additional options including the import feature.

Its the same from here.

Drag:

1. Key

2. Signed cert from godaddy

3. Godaddy intermediate

Note- If you simply copied the key from your old server, its probably RSA encrypted.

Sounds like you've done this before, but just had trouble enabling the option in 2.2, so I wont take them time to detail how to import your existing RSA key,

Hope that helps.

Jeff

You need the key from the old server, or any other server which has the wildcart cert running.

For OS X Server's native services, Server Admin keeps Certs/Keys in /private/etc/certificates.

The key is stored RSA Encrypted.

The passphrase to decrypt is stored in the keychain of that computer.

You'll need to copy the key from the old computer and if you get it from /private/etc/certficates, you will need the passphrase to decrypt it.

You can decrypt a key with

sudo openssl RSA -in /private/etc/certificates/domain.com.key] -out ~/Desktop/domain.com-no-pass.key

you will be asked for the passphrase, you can find this in the system keychain of that computer, you will notice the keyfile has a long string of nunbers/letters, search for that string in keychain, view it and choose Show Password.

If you run any non-apple services (rumps, kerio, etc) the key may be stored somewhere not encrypted.

It may be easier to re-key with godaddy. Godaddy makes rekeying simple, just generate a new CSR on your new server.

NOTE: Any servers running from the old cert/key will no longer be valid if you do this.

Best Practice Tip: Make it a habit of ALWAYS copying the complete package of:

Non-encrypted key

Signed Cert

Intermediate Cert

in a safe place as a zip with the cert name and expire date as the filename (SSL domain.com exp-2013-10-31)

storing the cert without RSA encryption makes is simple to load the cert somewhere else when needed.

In addition to what UptimeJeff said above. Your certificate cannot work without the originally generated key. Another way to backup your cert and key is to use Keychain Access.

• Choose the "System" keychain.
• Select "Certificates" from the Category section
• Certificates that have a disclosure triangle to the left of them are ones that have a private key. You can see this by clicking the triangle.
• Select the certificate and choose "Export Items..."
• You will be prompted to create a filename and choose the file format. You want the "Personal Information Exchange" P12 format.
• You will then be asked to create a password to encrypt the key.
• You can now take this file to another computer, Apple or Windows and import the certificate with the key.
• You will be prompted for the password you created when importing.