-
All replies
-
Helpful answers
-
-
May 13, 2013 8:52 AM in response to SparkyArttby griff w,Hello there.
You may want to take a look at the article "OS X Server: Renewing Profile Manager's code signing certificate"
Here's the bit that adresses Mountain Lion Server:
With OS X Mountain Lion, you receive an alert in Server.app 30 days before the certificate expires. Afterwards, an alert is shown in Server.app once a day until the certificate is renewed. The alert includes a Renew button that allows you to renew the certificate.
Hope that helps,
Griff W.
-
Jul 12, 2013 4:09 AM in response to griff wby Mr J Smith,Hey there griff w, I followed the Renew process, but I'm still getting a server alert saying my Code Cert is due to expire soon and I get a "Replace" Button rather than Renew, but clicking that doesnt seem to do anything.
Any ideas on that one?
Kind regards,
Chris
-
Jul 13, 2013 5:47 AM in response to Mr J Smithby joopie99,Having smae problem as you.. Replace does nothing... followed intsructions at: http://support.apple.com/kb/HT5358 but does not work. had to adapt as the certadmin is in a different directory for me. If i check for it with which cert admin I get /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin.
Have you had any luck since? also got bunch of devices
-
Jul 14, 2013 5:43 AM in response to joopie99by Alan Hill,Did manual as per instructions for 10.7 at (even though have 10.8) at http://support.apple.com/kb/HT5358 worked for me with joopie99's cert admin path (also seen here http://swytechnotes.wordpress.com/2013/02/14/mdm-code-signing-certificate-renewa l/) :-
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin --recreate-CA-signed-certificate "
myserver.mydomain.com Code Signing Certificate" "IntermediateCA_MYSERVER.MYDOMAIN.COM_1
" 192173c1c
with the details gathered earlier of course.
-
Sep 1, 2013 4:07 AM in response to SparkyArttby BrettLHolmes,Thanks,
This definatley works, Just remember the serial number code must be lowercase as described otherwise you get a cannot find certificate message which is misleading
-
Sep 2, 2013 10:06 AM in response to SparkyArttby jpawelchak,Alan Hill & BrettHolmes,
Can you kindly confirm if after following these enstructions you had to remove the trust profile and re-enroll the devices or not?
Thank you in advance.
-
Dec 16, 2013 10:04 AM in response to jpawelchakby dankgus,I know this thread is old but I too am wondering, did you have to remove the trust profile and enrollment profile and re-enroll the devices?
THANKS!
--Dan -
Jan 5, 2014 3:57 AM in response to dankgusby BrettLHolmes,Hi Dan
I beleive if you renew if before is expires then you do not have to re-enroll them, but if renewed after it expires, then yes, I renewed before so did not appear to have any issues.
Brett
-
Jan 14, 2014 12:03 AM in response to SparkyArttby Ton Krol,Thanks!
sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin --recreate-CA-signed-certificate "
myserver.mydomain.com Code Signing Certificate" "IntermediateCA_MYSERVER.MYDOMAIN.COM_1
" 192173c1c
This worked for me!
-
Jan 20, 2014 3:05 PM in response to Ton Krolby beststart,When I put this in I am just getting the following response
Usage: certadmin
--get-private-key-passphrase [path]
Retrieve the passphrase for the private key at [path] from the keychain
--default-certificate-path
Retrieve the full path for the default certificate
--default-certificate-authority-chain-path
Retrieve the full path for the default certificate authority chain
--default-private-key-path
Retrieve the full path for the default private key
--default-concatenation-path
Retrieve the full path for the default certificate + private key concatenation
--create-default-self-signed-identity
Creates a default self signed identity (certificate + private key) using the hostname
--recreate-self-signed-certificate subject serial_number
Recreate an existing self signed certificate
--recreate-CA-signed-certificate subject issuer serial_number
Recreate an existing certificate signed by an OpenDirectory CA
where you have "192173c1c is this meant to be the serial number?
-
Jan 20, 2014 5:07 PM in response to beststartby beststart,Went and read the other thread as well, didn't have it as a hexadecimal serial number.
-
Jul 20, 2014 12:29 PM in response to beststartby mgabriel1,I think all original posters have resolved this problem, but I am posting so if others have the same problem they know what to look for...
Watch for the smart quotes and dashes when entering into terminal...most text editing programs, including TextEdit, will replace the double dash with a single, longer dash and the straight quotes with smart quotes. This does not seem to happen if you type directly into the Terminal window instead of copying and pasting.
-
Nov 24, 2014 9:32 AM in response to mgabriel1by Paul Vail,I had the same errors pop up recently. Every day, there would be a new alert from the server.
My solution turned out a bit different. First we confirmed the drive was ok (disk utility verify disk, run the permissions repair). Then opened the Server Admin. I turned off the profile manager (as well as all services that use the cert such as calendar, contacts, messaging), waited out the spinner until it stopped, went back to the alert, used the simplistic Renew button. Waited for all the spinning to stop. Went back to the Profile Manager. Even though we don't use the Device management services, the 'Sign configuration profiles' box does appear. Selected it, hit Edit, and selected the cert from the pulldown select menu. Turned on the Profile Manager, made sure the Default configuration profile had the Include configuration for services checked. Turned on the services we turned off earlier.
On each account for each device (iPhone, mbp, mba, iPad), we had to check the service, accept and trust the self-signed cert. After that, we appear to be out of the woods.