Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Engender
Engender Author
User level: Level 1
22 points

Where can I get a new MACOSX OpenDirectory Intermediate CA certificate?

So, in my attempt to get Open Directory working, I deleted all of the certificates related to my server. Initially, I had the set up my server as a .com, but I finally admitted defeat and revised it to a .private server. In the process of revising the scope of my server, I deleted all the certificates related to server.myserver.com, so that I could create fresh server.myserver.private certificates.


Well, I do not see an MACOSX OpenDirectory Intermediate CA certificate anywhere in my keychain. Is that something that Apple sends you after you create a MACOSX OpenDirectory Root CA?


However, the Open Directory logs report that there is no "IntCAIdentity" when it fails to create a new Open Directory Master. I think this is related to the lack of an Open Dirctory Intermediate CA, but I'm not sure.


Is there a way, short of resintalling Mountain Lion, that would refresh all of my certificates in case I removed from other certificates that I shouldn't have?


Also, the Open Directory logs show that Open Directory is trying to bind to the default IP address of 127.0.0.1, but my server is set up using a *real* internal IP address. I have confirmed that the server's DNS service is on and that the server.myserver.private name is properly resolving to the real internal IP address.


Thoughs?

Mac Pro, OS X Server, 2009 2.66 Ghz Quad-Core Intel Xeon

Posted on Apr 15, 2013 3:07 PM

Reply
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
115,947 points

Posted on Apr 15, 2013 5:17 PM

If it was a self-signed certificate, there's no intermediate cert needed nor necessary nor present.


Start reading here and here for some recent discussion on OD certs, as well as an OD reset sequence.


127.0.0.1 is also known as localhost; it's the IP version of a self-reference. 127.0.0.1 (and localhost) are how a host can reference itself, without requiring knowledge of whichever IP addresses it is configured at.


I would recommend against using "private" or any other unregistered DNS domain. Definitely not .local, too. It's better to spend the ~US$10 per year and register a real and registered domain, or use a subdomain of a real and registered domain. This for various reasons.

View in context
1 reply
Question marked as Best reply
User profile for user: MrHoffman
MrHoffman
Community+ 2024
User level: Level 10
115,947 points

Apr 15, 2013 5:17 PM in response to Engender

If it was a self-signed certificate, there's no intermediate cert needed nor necessary nor present.


Start reading here and here for some recent discussion on OD certs, as well as an OD reset sequence.


127.0.0.1 is also known as localhost; it's the IP version of a self-reference. 127.0.0.1 (and localhost) are how a host can reference itself, without requiring knowledge of whichever IP addresses it is configured at.


I would recommend against using "private" or any other unregistered DNS domain. Definitely not .local, too. It's better to spend the ~US$10 per year and register a real and registered domain, or use a subdomain of a real and registered domain. This for various reasons.

Reply

Where can I get a new MACOSX OpenDirectory Intermediate CA certificate?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up