Currently Being ModeratedAug 26, 2013 4:38 PM (in response to jlboan)
OK so I gave up today and did a clean install of Mountain Lion. This time all the cert installation procedures went smoothly. However, when I try to enroll a device from profile manager, I get a message stating that the installation failed for an unknown error. I checked the console log and this is what I see. (redacted the server name) Any ideas?
8/26/13 4:23:51.082 PM System Preferences: *** ERROR *** [CPInstallerUI:501] Profile installation (Remote Management (com.apple.config.***********.org.mdm)) (<NSOSStatusErrorDomain:-25299> The operation couldn’t be completed. (OSStatus error -25299.)
CallStackSymbols = (
"0 SCEP 0x0000000107c1d2f3 SCEP + 8947",
"1 SCEP 0x0000000107c27eec SCEP + 52972",
"2 SCEP 0x0000000107c208b7 SCEP + 22711",
"3 ConfigurationProfiles 0x000000010635006f -[ProfileDomainPluginController installProfileWithPlugin:replacingProfile:outActions:] + 1473",
"4 ConfigurationProfiles 0x0000000106348b53 -[CPProfileManager installProfile:forUser:] + 4126",
"5 mdmclient 0x00000001062f48ce mdmclient + 80078",
"6 mdmclient 0x00000001062fae9f mdmclient + 106143",
"7 mdmclient 0x00000001062f7e45 mdmclient + 93765",
"8 mdmclient 0x00000001062faa6f mdmclient + 105071",
"9 mdmclient 0x00000001062f8a5f mdmclient + 96863",
"10 mdmclient 0x00000001062f8dfa mdmclient + 97786",
"11 libxpc.dylib 0x00007fff8fbf54a2 _xpc_connection_recv_message + 699",
"12 libxpc.dylib 0x00007fff8fbf5594 _xpc_connection_recv_message + 941",
"13 libxpc.dylib 0x00007fff8fbf516d _xpc_connection_wakeup_recv + 165",
"14 libxpc.dylib 0x00007fff8fbf38b4 _xpc_connection_wakeup2 + 1799",
"15 libxpc.dylib 0x00007fff8fbf317c _xpc_connection_wakeup + 145",
"16 libdispatch.dylib 0x00007fff8cc110b6 _dispatch_client_callout + 8",
"17 libdispatch.dylib 0x00007fff8cc1329b _dispatch_source_invoke + 691",
"18 libdispatch.dylib 0x00007fff8cc12305 _dispatch_queue_invoke + 72",
"19 libdispatch.dylib 0x00007fff8cc12448 _dispatch_queue_drain + 180",
"20 libdispatch.dylib 0x00007fff8cc122f1 _dispatch_queue_invoke + 52",
"21 libdispatch.dylib 0x00007fff8cc121c3 _dispatch_worker_thread2 + 249",
"22 libsystem_c.dylib 0x00007fff986abd0b _pthread_wqthread + 404",
"23 libsystem_c.dylib 0x00007fff986961d1 start_wqthread + 13"
IsInternalError = 1;
Currently Being ModeratedOct 30, 2013 10:57 AM (in response to jlboan)
I was able to accomplish getting a code signing certificate from GoDaddy by using FireFox. FireFox will automatically create the CSR and associated keys.
Do the following:
1. Login to GoDaddy and purchase your Code Signing Certificate (it will take a few days for them to verify you)
2. Once you are able to submit a CSR for the Certificate make sure you are using FireFox (I used Version 25.0)
3. When you go to re-key the certificate you will see that under "CSR Generation Method" it defaults to Automatic. Leave it on this setting and all the other settings defaulted.
4. After the certificate has been re-keyed click the Download button and the process will be automatic. There will be several certificates it attempts to install. Some may already be present and you will be warned, just continue to the next certificate.
5. Now, depending on what version of FireFox you are running the next step may be in a different area. For V25, go to the FireFox menu --> Preferences --> Advanced Tab --> Certificates Tab --> View Certificates Tab --> Your Certificates. Unless you have installed other certificates you should only see the GoDaddy Certificate. Select the certificate that has "Software Security Device" in it. Click the Backup... button. Give the backup a name and save it as PKSC12.
6. Now go to the Server.app and select Certificates (10.9 Mavericks Server brought back a dedicated certificates area!!) Click the gear icon and select "Show all certificates" then click the + icon, select "Import Certificate Identity" and choose your exported PKSC12 file that will have the extension of .pfx
As long as you didn't get any errors along the way you should now have successfully imported a valid Code Signing Certificate!
Currently Being ModeratedOct 30, 2013 11:28 AM (in response to Nick Kaihoi)
Step 6 - The extension of the file will be .p12
Currently Being ModeratedJan 30, 2014 4:59 PM (in response to Nick Kaihoi)
Thanks for your thread guys. I am facing the same issue. Nick, your method looks promising, but before I proceed, I am hopign you could confirm that this works properly for a Profile Manager code-signing certificate? I have already created my code-signing certificate incorrectly once, and GoDaddy Support was gracious enough to let me delete it, and has give me an opportunity to recreate it without penalty.
To ensure I understand, once I have performed your steps through Firefox and Keychain, I assume when I go to "Profile Manager" in OSX Mavericks "Server.app", and click to check-on the "Sign configuration profiles" option and am prompted to select a certificate, I will see the code-signing cert I have imported from Firefox as per your instructions?
Thanks again for your assistance. I have been beating my head against the wall trying to get this right. Surprisingly few resources online regarding this process.