How to Install CA Code Signing Certificate for Profile Manager

You probably don't have the private key. If you have a cert file with a .p12 ending that should contain the key as well as the cert. It may be in the Keychain Access app on your server or maybe the original guys machine that requested it. The key is also probably password protected so you will need that password. It's bad practice but sometimes people don't put a password on the key, you might get lucky.

I haven't used GoDaddy they may have tools on their site to redownload the cert in the format you want. .p12 works best on the Mac but any cert format can be converted to what you want.

I've also found this site to be invaluable while learning how to convert and deal with certs. http://www.sslshopper.com/ssl-certificate-tools.html

I'm having the EXACT same issue. Right down to a GoDaddy Code signing SSL. Did you find a solution for this?

Thanks,

Luke

This might answer your questions. http://krypted.com/tag/code-signing-certificate/

Also make sure you have the private key that was generated when you made the request for the code signing cert?

This Apple support doc might also help. http://support.apple.com/kb/HT5358 it covers the self signed cert but the install procedure would be related to having a real cert.

Thank you for your reply, Marc. I appreciate that you are trying to assist me.

Unfortunately, I had read both of these resources before posting. Although the Krypted article is great, and I have been using it as a guideline for my installation thus far, when it comes to installing a 3rd party Code Signing Certificate, there are no details in the article: "At this point, if you’re using a 3rd party Code Signing certificate you will want to have installed it as well."

As for the Apple article, it outlines how to renew a certificate, which relies heavily on using the existing certificate to proceed, which means another dead-end for me.

I was hoping the OP might have some insight for me if he had solved his situation, because I'm in the same one. Alternatively, I have heard that signing up for the Apple iOS developper program may provide me with a code signing certificate that I can use for the purpose of Profile Manager. Can anyone confirm?

Thanks,

Luke

It has been a while since I've used code signing certs. It was a real pain when I did use one so we just use the self signed ones for now which isn't much better really. Mavericks probably makes it work better now.

I think we need to know where the failure is occurring. In the Server.app > Profile Manager > Sign configuration profiles > Edit, you have an option to Import the certs for code signing. You must have the private key for this to work. If your code signing cert is in .pk12 it should have the key in it but you will need the password to unlock that key.

I've seen permission issues on the certs in /etc/certificartes that can prevent server from seeing them to use them. I think there is an Apple KB on that. Mavericks should have that fixed thought. You can manually install the certs and key there but I wouldn't recommend it. Use the Server app or Keychain Access to import. If your cert is in there but you can't use it for Profile signing then compair permissions with other certs in that directory.

Having a useful cert depends on what machine you used when you requested the code signing cert. That machine will have the private key. From that machine find the private key and export it. You might install the code signing cert on the machine it was requested from then export it. If you are using Keychain Access just look for the code signing cert then find the private key and select that key and export it as .pk12 , the whole cert, chain etc should come with it. You should be able to use that .pk12 file and import it on the Mac server.