How to erase all self signed certificates and force Server to use Signed SSL

Question

Level 1

24 points

How to erase all self signed certificates and force Server to use Signed SSL

I have been using a poorly managed combination of self-signed SSL certificates and a free one. I have purchased a good SSL from Digicert and am trying to configure the server to use it across the board. All of the services seem to be using it, but when I try to manage the server remotely, I seeing a self-signed certificate instead.

I look under the system keychain in K-Access and there are several self signed certificates there (including the one that I am seeing when I try to remote manage).

Can I replace those self-signed certs with the new one some how?

MacBook Pro (15-inch 2.4/2.2 GHz), OS X Server

Posted on Nov 26, 2013 2:03 PM

Reply

Answer 1

Nov 26, 2013 5:54 PM in response to Troy Pickett

I would stay away from Keychain. Use Server.app instead. Select Certificates from the side bar and make sure your valid one is listed. Then use the popup menu to make sure that the purchased one is set for all services. Once it is, select the self-signed one(s)and delete it (them). Usually a reboot is not required but sometimes helps if you have a real mess on your hands.

Reply

Answer 2

Troy Pickett Author

Level 1

24 points

Nov 26, 2013 8:55 PM in response to Strontium90

The server app only has the new certificate in it. The certificate that is showing up is com.apple.servermgrd, and it is only in the Keychain on the host computer.

I have rebooted, and done everything else...

Reply

Answer 3

Nov 27, 2013 2:39 AM in response to Troy Pickett

Don't delete those. However, you are on the right track. Follow these steps to resolve.

1: Launch Keychain Access

2: Select the System Keychain

3: Find the com.apple.servermgrd IDENTITY PREFERENCE (looks like a contact card) and double click to open it

4: In the Preferred Certificate popup, change com.apple.servermgrd to your purchased certificate

5: Press Save Changes to save.

6: Reboot the server or kill the servermgrd process to restart the service.

That should resolve your issue.

R-

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store

Reply

Answer 4

nick101

Level 5

5,150 points

Nov 30, 2013 2:30 AM in response to Strontium90

Hi

I'm trying to import a Godaddy multiple domain certificate. It's there in Keychain, but when I try to follow this porces to associate it with the servermgrd identity preference, it doesn't show up in the lst if available certificates.

Any thoughts?

Reply

Answer 5

Jan 15, 2014 2:29 PM in response to Strontium90

Is this valid for 10.8.5? I have the same problem as OP but I do not see an identity preference. Any help is greatly appreciated. Thanks!

Reply

Answer 6

Jan 15, 2014 3:41 PM in response to Frederic Pearl

This has been the same since I think 10.6. In your screen shot you have the System keychain selected but are filtering on just the certificates. Try clicking on All Items. Do you see it then?

R-

Apple Consultants Network

Apple Professional Services

Author "Mavericks Server – Foundation Services" :: Exclusively available on the iBooks store

Reply

Answer 7

Jan 16, 2014 12:04 AM in response to Strontium90

Yes that's it! Seems like it ought to be easier, but that did it. Thanks much.

Reply