Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Profilemanager ignores certificate

Hello forum users,


i've installed latest OS X Server (10.9) and configured everything with my signed SSL certificates.

So far everything works perfect except the profile manager. My code sign certificate is signed by StartCom and succesfully imported. I can select the certificate but after a while the checkbox for "Sign configuration profiles" unchecks and i have the following error in my log files:



1:: [149] [2013/10/22 23:55:33.769] Incoming request: readSettings

1:: [149] [2013/10/22 23:55:34.045] Incoming request: readAppDistributionSettings

1:: [149] [2013/10/22 23:55:42.752] Incoming request: readSettings

1:: [149] [2013/10/22 23:55:42.924] Incoming request: readAppDistributionSettings

0:: [149] [2013/10/22 23:57:53.868] Delete node removed from search policy: /LDAPv3/127.0.0.1

1:: [149] [2013/10/22 23:57:53.868] -[DMODSyncRunner haltSync]

-9:: [149] [2013/10/22 23:57:54.134] [0x7fabadf37ad0/<DMDevicemgrd:0x7faba9754600>] -[DMDevicemgrd sendPendingEmailNotifications]

1:: [149] [2013/10/22 23:57:54.206] -[DMODSyncRunner _syncUserODRecords:returningGUIDs:]: Synced 2 users

1:: [149] [2013/10/22 23:57:54.229] +[DMODQueries syncUserGroupWithODRecord:updateTxnBlock:]: Querying OD for new users and groups

1:: [149] [2013/10/22 23:57:54.244] +[DMODQueries syncUserGroupWithODRecord:updateTxnBlock:]: Querying OD for new users and groups

1:: [149] [2013/10/22 23:57:54.262] -[DMODSyncRunner _syncGroupODRecords:returningGUIDs:]: Synced 4 groups

1:: [149] [2013/10/22 23:57:54.265] +[DMODQueries syncUserGroupWithODRecord:updateTxnBlock:]: Querying OD for new users and groups

1:: [149] [2013/10/22 23:57:54.280] -[DMODSyncRunner _syncGroupODRecords:returningGUIDs:]: Synced 1 groups

1:: [149] [2013/10/22 23:57:54.283] +[DMODQueries syncUserGroupWithODRecord:updateTxnBlock:]: Querying OD for new users and groups

1:: [149] [2013/10/22 23:57:54.293] -[DMODSyncRunner _syncGroupODRecords:returningGUIDs:]: Synced 1 groups

1:: [149] [2013/10/22 23:57:54.297] -[DMODSyncRunner _syncGroupODRecords:returningGUIDs:]: Synced 1 groups

0:: [149] [2013/10/22 23:57:54.324] Full sync of bound directory services completed in 0.195 seconds.

0:: [149] [2013/10/22 23:57:55.935] Added node to search policy: /LDAPv3/127.0.0.1

1:: [149] [2013/10/22 23:57:55.935] -[DMODSyncRunner haltSync]

1:: [149] [2013/10/22 23:57:55.936] Ignoring request for OD full sync as it hasn't been long enough since the last full sync.

1:: [149] [2013/10/22 23:58:04.683] Incoming request: readSettings

1:: [149] [2013/10/22 23:58:04.735] Incoming request: readAppDistributionSettings

1:: [149] [2013/10/22 23:58:10.981] Incoming request: writeSettings

0:: [149] [2013/10/22 23:58:10.992] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

0:: [149] [2013/10/22 23:58:10.993] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

USERINFO: {

NSLocalizedDescription = "Carbon error -1";

}

BACKTRACE:

? | 4341430875

? | 4343347588

? | 4340886336

? | 4343524870

? | 4343402391

? | 4340886061

? | 4341371120

? | 4341371028

? | 4340872383

? | 4340768806

? | 4341369584

? | 140735645536341

? | 140735645402513

? | 140735645401659

? | 140735710843565

0:: [149] [2013/10/22 23:58:10.994] Caught unhandled exception -[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1"

1:: [149] [2013/10/22 23:58:25.268] Incoming request: writeSettings

0:: [149] [2013/10/22 23:58:25.279] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

0:: [149] [2013/10/22 23:58:25.280] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

USERINFO: {

NSLocalizedDescription = "Carbon error -1";

}

BACKTRACE:

? | 4341430875

? | 4343347588

? | 4340886336

? | 4343524870

? | 4343402391

? | 4340886061

? | 4341371120

? | 4341371028

? | 4340872383

? | 4340768806

? | 4341369584

? | 140735645536341

? | 140735645402513

? | 140735645401659

? | 140735710843565

0:: [149] [2013/10/22 23:58:25.280] Caught unhandled exception -[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1"

1:: [149] [2013/10/22 23:58:26.895] Incoming request: writeSettings

0:: [149] [2013/10/22 23:58:26.906] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

0:: [149] [2013/10/22 23:58:26.907] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

USERINFO: {

NSLocalizedDescription = "Carbon error -1";

}

BACKTRACE:

? | 4341430875

? | 4343347588

? | 4340886336

? | 4343524870

? | 4343402391

? | 4340886061

? | 4341371120

? | 4341371028

? | 4340872383

? | 4340768806

? | 4341369584

? | 140735645536341

? | 140735645402513

? | 140735645401659

? | 140735710843565

0:: [149] [2013/10/22 23:58:26.907] Caught unhandled exception -[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1"

1:: [149] [2013/10/22 23:58:32.415] Incoming request: writeSettings

0:: [149] [2013/10/22 23:58:32.426] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

0:: [149] [2013/10/22 23:58:32.427] EXCEPTION: Error <-[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1">

USERINFO: {

NSLocalizedDescription = "Carbon error -1";

}

BACKTRACE:

? | 4341430875

? | 4343347588

? | 4340886336

? | 4343524870

? | 4343402391

? | 4340886061

? | 4341371120

? | 4341371028

? | 4340872383

? | 4340768806

? | 4341369584

? | 140735645536341

? | 140735645402513

? | 140735645401659

? | 140735710843565

0:: [149] [2013/10/22 23:58:32.427] Caught unhandled exception -[SCEPHelper getSigningOrganizationNameForCertPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:226): "'((SCEPHELPER_GetSigningOrganizationName(self.connection, certPath, certPathCnt, &orgName, &orgNameCnt)))' error -1"



Here is the selection box which shows my certificate in the server manager manager:


User uploaded file


Validation status from key chain:


User uploaded file


I also checked /etc/certificates/ if the certs are missing. The certificates are generated correctly and every file has the content it should have. Here is the certificate overview in /etc/certificates.


User uploaded file


I am really wondered about the error message in my log files. Its pretty useless to me, cause i dont know what i could do or check. Maybe someone had a similar problem and could help me 🙂


Greetings from Munich,

Stefan

OS X Server

Posted on Oct 22, 2013 3:17 PM

Reply
67 replies

Oct 22, 2013 10:36 PM in response to fuxx

Hi Stefan,


I have a similar problem with the Code sign certificate, instead I use the self generated and self signed certificate from Server.app. The Checkbox for "Sign configuration profiles" stays checked, but if I enroll a device/computer the configration profiles will not be signed and log-files show following:


profilemanager.log



1297] [2013/10/23 06:58:57.140] I: Processing ProfileController#get_ssl_cert_profile (for 192.168.232.100 at 2013-10-23 06:58:57) [GET]

[1297] [2013/10/23 06:58:57.289] [1;7;31mEXCEPTION: [0;31m Error <-[SCEPHelper getCMSSignedData:certPath:keyPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:181): "'((SCEPHELPER_GetCMSSignedData(self.connection, data, dataCnt, certPath, certPathCnt, keyPath, keyPathCnt, &signedData, &signedDataCnt)))' error -50"> [0m [0m

[1297] [2013/10/23 06:58:57.291] [1;7;31mEXCEPTION: [0;31m Error <-[SCEPHelper getCMSSignedData:certPath:keyPath:] (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/Fra mework-Base/Support/SCEPHelper.m:181): "'((SCEPHELPER_GetCMSSignedData(self.connection, data, dataCnt, certPath, certPathCnt, keyPath, keyPathCnt, &signedData, &signedDataCnt)))' error -50">

USERINFO: {

NSLocalizedDescription = "Carbon error -50";

}

[4;31mBACKTRACE: [0m

[0;31m? | 4432336486

? | 4431930104

? | 4427528332

? | 4427473088

? | 4427507335

? | 4427504662

? | 4426674402

? | 4427528332

? | 4427473088

? | 4427507335

? | 4427519691

? | 4427501509

? | 4427503327

? | 4427528332

? | 4427473088

[0m [0m

[1297] [2013/10/23 06:58:57.291] W: Signing failed, exporting a raw profile file instead.



scep_helper.log


0:: [556] [2013/10/23 06:58:57.284] EXCEPTION: Error <SecIdentityRef copyIdentityFromPaths(NSString *__strong, NSString *__strong, SecKeychainRef) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/sce p_helper/main.m:336): "'((SecItemImport((__bridge CFDataRef)data, ((void*)0), ((void*)0), ((void*)0), 0, &params, tempKeychain, &items)))' error -67673">

0:: [556] [2013/10/23 06:58:57.285] EXCEPTION: Error <SecIdentityRef copyIdentityFromPaths(NSString *__strong, NSString *__strong, SecKeychainRef) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/sce p_helper/main.m:336): "'((SecItemImport((__bridge CFDataRef)data, ((void*)0), ((void*)0), ((void*)0), 0, &params, tempKeychain, &items)))' error -67673">

USERINFO: {

NSLocalizedDescription = "Carbon error -67673";

}

BACKTRACE:

? | 4345436324

? | 4345455648

? | 4345458904

? | 4345454319

? | 140735627986329

? | 4345416615

? | 140735609161213

? | 1

0:: [556] [2013/10/23 06:58:57.285] EXCEPTION: Error <kern_return_t SCEPHELPERS_GetCMSSignedData(mach_port_t, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, audit_token_t) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/sce p_helper/main.m:913): "'((status = CMSEncode(signingIdentity, ((void*)0), 0, 0, kCMSAttrNone, ((const void*)(data)), ((size_t)(dataCnt)), &result)))' error -50">

0:: [556] [2013/10/23 06:58:57.286] EXCEPTION: Error <kern_return_t SCEPHELPERS_GetCMSSignedData(mach_port_t, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, audit_token_t) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/sce p_helper/main.m:913): "'((status = CMSEncode(signingIdentity, ((void*)0), 0, 0, kCMSAttrNone, ((const void*)(data)), ((size_t)(dataCnt)), &result)))' error -50">

USERINFO: {

NSLocalizedDescription = "Carbon error -50";

}

BACKTRACE:

? | 4345438128

? | 4345455648

? | 4345458904

? | 4345454319

? | 140735627986329

? | 4345416615

? | 140735609161213

? | 1

0:: [556] [2013/10/23 06:58:57.288] ERROR: SCEPHELPERS_GetCMSSignedData: One or more parameters passed to a function were not valid.




I'm not very familiar with digging into log files, so I did not realy see the point. Somthing with scep_helper seems to be wrong.....


Hope someone get help for us.


Rhodan


Message was edited by: Rhodan_0x10

Oct 23, 2013 9:58 AM in response to fuxx

I tried a little, building the server from ground, install Mavericks, checked hostname, ip and so on, everything fine, but with starting Profilemanager, automaticly setup OpenDirectory service and generating the needed certificate the first error emerged in scep_helper.log:



[1670] [2013/10/23 18:11:25.316] -[SULogFileCollection setGlobalLogLevelPrefix:]: YES
0:: [1670] [2013/10/23 18:11:25.320] 
    #############################################################################
    scep_helper-848.17 (PID:1670, OS:13A603, SERVER:13S440, ARCH:x86_64) starting
    Log verbosity level = 1
    UID = 0, EUID = 0
    #############################################################################
0:: [1670] [2013/10/23 18:11:25.327] EXCEPTION:  Error <SecCertificateRef copyODRootCert() (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/scep_helper/main.m:231): "'((status = SecIdentityCopyPreference(((CFStringRef) __builtin___CFStringMakeConstantString ("" "OPENDIRECTORY_ROOT_CA_IDENTITY" "")), 0, ((void*)0), &systemIdentity)))' error -25300">
0:: [1670] [2013/10/23 18:11:25.328] EXCEPTION:  Error <SecCertificateRef copyODRootCert() (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/scep_helper/main.m:231): "'((status = SecIdentityCopyPreference(((CFStringRef) __builtin___CFStringMakeConstantString ("" "OPENDIRECTORY_ROOT_CA_IDENTITY" "")), 0, ((void*)0), &systemIdentity)))' error -25300">
    USERINFO: {
        NSLocalizedDescription = "Carbon error -25300";
    }
    BACKTRACE:
    ? | 4373656603
    ? | 4373673740
    ? | 4373676248
    ? | 4373671663
    ? | 140735504569753
    ? | 4373633959
    ? | 140735475594749


Then I tried to enroll a device through the server webpage ..../mydevices, installing the trusted profiles which again are not signed by the code signing certificate, scep_helper.log shows:



0:: [587] [2013/10/23 18:36:07.328] EXCEPTION:  Error <SecIdentityRef copyIdentityFromPaths(NSString *__strong, NSString *__strong, SecKeychainRef) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/scep_helper/main.m:336): "'((SecItemImport((__bridge CFDataRef)data, ((void*)0), ((void*)0), ((void*)0), 0, &params, tempKeychain, &items)))' error -67673">
0:: [587] [2013/10/23 18:36:07.329] EXCEPTION:  Error <SecIdentityRef copyIdentityFromPaths(NSString *__strong, NSString *__strong, SecKeychainRef) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/scep_helper/main.m:336): "'((SecItemImport((__bridge CFDataRef)data, ((void*)0), ((void*)0), ((void*)0), 0, &params, tempKeychain, &items)))' error -67673">
    USERINFO: {
        NSLocalizedDescription = "Carbon error -67673";
    }
    BACKTRACE:
    ? | 4413241508
    ? | 4413260832
    ? | 4413264088
    ? | 4413259503
    ? | 140735701239193
    ? | 4413221799
    ? | 140735672264189
0:: [587] [2013/10/23 18:36:07.329] EXCEPTION:  Error <kern_return_t SCEPHELPERS_GetCMSSignedData(mach_port_t, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, audit_token_t) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/scep_helper/main.m:913): "'((status = CMSEncode(signingIdentity, ((void*)0), 0, 0, kCMSAttrNone, ((const void*)(data)), ((size_t)(dataCnt)), &result)))' error -50">
0:: [587] [2013/10/23 18:36:07.330] EXCEPTION:  Error <kern_return_t SCEPHELPERS_GetCMSSignedData(mach_port_t, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, vm_offset_t *, mach_msg_type_number_t *, audit_token_t) (/SourceCache/RemoteDeviceManagement/RemoteDeviceManagement-848.17/Compiled/scep_helper/main.m:913): "'((status = CMSEncode(signingIdentity, ((void*)0), 0, 0, kCMSAttrNone, ((const void*)(data)), ((size_t)(dataCnt)), &result)))' error -50">
    USERINFO: {
        NSLocalizedDescription = "Carbon error -50";
    }
    BACKTRACE:
    ? | 4413243312
    ? | 4413260832
    ? | 4413264088
    ? | 4413259503
    ? | 140735701239193
    ? | 4413221799
    ? | 140735672264189
0:: [587] [2013/10/23 18:36:07.331] ERROR: SCEPHELPERS_GetCMSSignedData: One or more parameters passed to a function were not valid.


These are the only errors I can identify in the log files, for me it seems to be something broken in the procedure, which profilemanager use to access the certificates.

It seems that the problem is not depends from automated self generated or imported certificates, wondering that others don't get the same problem, didn't read anything about this, except one or two cases where the enrolled profiles are signed normaly.


Optionally I will fill later a bug and hope Apple will respond.

Oct 24, 2013 9:56 PM in response to - Krzysztof -

Hi folks,


have fill a bug and a DTS, hope they will answer quick. I will not have to have build my system from scratch after the next update neither from 10.9 nor server 3.0.


I didnt't get the point, something really broken with scep module, the first error in scep_Helper.log is related to the CA OpenDirectory Root certificate....


Rhodan


PS: Are you both from Germany? I's me.

Oct 24, 2013 10:42 PM in response to - Krzysztof -

Thats interesting, my main goal exactly the same, use S/MIME in configprofiles. I've seen there's an option to activate S/MIME in payloads now, but didn't try out yet. You say this option doesn't work???


Maybe this problem with not signed certificates is a language related thing? I mean, I didn't read from anyone other about these certificate problems....

Oct 24, 2013 11:18 PM in response to Rhodan_0x10

Maybe it is. When I create a certificate payload with the profile manager, I get a error massage, that the certificate seems to be invalid. When create it with the apple configurator it works.

Same options different results.

Then I read that payloads, that need user interaction like passwords, can't be pushed. And every push with a certificate fails. But the manual installation also fails. So I think also it is bind to the signing problem. Because you can type in a password for the certificate. And the payloads from the configurator are marked as not proofed and not as unsigned.

Oct 26, 2013 3:00 AM in response to - Krzysztof -

short status update about this issue:

-make a bug report to apple, didn't get response until now;

-make a TSI at Apples Technical Support, but sure this one was rejected;

-since yesterday i have a ticket at AppleCare, send all LogFiles etc to a server-specialist, but also no feedback until now.


@Krzysztof: I think this one doesn't lead to Apache rather to the certificates itselfs. when I verify my server-certificate (the one with FQDN) openssl gives this error-message:



server:certificates admin$ openssl verify server.name.name1.net.285.....94607C.cert.pem
server.name.name1.net.946.....07C.cert.pem: /CN=server.name.name1.net/C=DE/emailAddress=admin@name.net
error 20 at 0 depth lookup:unable to get local issuer certificate
server:certificates admin$


I don't know exactly if I use this command corect, may I have to add the certificate-chain. Maybe I get time in the afternoon to evaluate this further.


As soon as I get feedback from Apple I will post it here



One point, maybe someone else who build the server 3.0 from scratch can post scep_helper.log and profilemanager.log??


Rhodan

Oct 26, 2013 4:29 AM in response to Rhodan_0x10

I solved the problem, now i can enroll devices as in server.app 2.xxx with signed profiles.


short summery what I done (will verify this on a new build from scratch later)


stop service profilemanager

destroy opendirectory (stop service, I don't rememeber, perhaps deactivated with destroying)

delete every certificate in keychain that belongs to server.name

sudo rm -R /var/root/Library/Application\ Support/Certificate\ Authority/


sometime server.app reported a not existing ssl-certificate for the server, at this point I affirmed to generate a new one


make this new certificate to the standard certificate under pane "certificate"


at pane opendirectory check if "signe profiles" attached to the new certificate


start service opendirectory

start service profilemanager


enroll client from beginning, delete all previous profiles, delete the device in profilemanager

on client-site fo to server.nam/mydevices

install trusted-profile

install remote-management


thats all, now the profiles marked at signed and you can enroll payloads from server that are also signed



seems something broken with initial certificate generating while setup the server.app

will later reporte my experience after setup my system from scratch


Rhodan

Oct 29, 2013 2:18 PM in response to fuxx

Hi guys,


I have exactly the same problem since I have updated to Mavericks with server v3. I had a similar problem under mountain lion and I solved it like Rhodan describes it before. But now I am tired to go again thru the resetup and to reconfigure everything. It looks like this is a known bug, I found a lot of other users struggling with certificates even if they are self signed or signed by an official authority.


Apple please help us


Thx


Dirk


PS: I am from Germany too

Profilemanager ignores certificate

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.