OSX Yosemite Server 4.0 - webapps & SSL issues

I can continue. PHP can be checked, but it uncheks in some minutes Networked users are not editable. Mail not working for virtual domains. I'm tired for today, will try to downgrade tommorrow...

I'm also having SSL issues. I posted a question here (no responses yet): Server: CFNetwork SSLHandshake failed (-9806)

I managed to get the Websites service to run by re-imported my CA certs, but I still can't use Server.app to connect to my server remotely.

I'm tired of scouring for information now so I am giving it a last ditched effort and reissuing my certs and reinstalling server. If that fails, I'll probably go as far as just wiping my server and starting over - which is ridiculous but it's either that or waste more time banging my head against the wall. I'll let you know if anything I do fixes it.

Honestly, it's not usually this bad. I upgraded from Mountain Lion to Mavericks and it was a no brainer. I have rebuilt the server since then for different reasons, so this isn't a twice upgrade. But this time it's a mess.

Migration to Mavericks was a nightmare for me. I had to wipe clean and do a fresh install. In case they're useful, here are some notes, <How to Migrate, Rebuild, and Fix OS X Server>. I'll hold off on the Yosemite/Server.app 4 upgrade until some of these bugs are fixed.

YEl got the entire server running perfectly, bit of pain to do as you have to things in a certain order...

server name, domain then creates DNS , then purchase ssl and instal ,switch on file sharing then create directory, then import users

and swith on services as required

however grr. SSL is not happening!

anyone had news on this

Not sure if this would help you Brian since it does not cover migration but I have developed a tutorial which describes how to user Mavericks and Server.app 3 or Yosemite and Server.app 4 Web Services Advanced web app features to reverse proxy other services that utilize SSL like FileMaker Server 13, Kerio Connect 8.4 and Rumpus.

So far I have been able to set up a Mac with OS X Server and have things like Web, Wiki, and Profile Manager co-exist on the same machine with FileMaker Server 13, Kerio Connect 8.4 and Maxum Rumpus 8.

The tutorial is available from the Tutorials section at the RAIS page: http://rais.precursor.ca

NOTE: It is NOT best practices to have these other servers running on OS X server so you do so at your own risk.

Under Yosemite 10.10.x same issue or so it seams. Certificate from GoDaddy would apply easily to all services except Open Directory (OD). Thought nothing of it, server seemed to be running OK. OD service insisted on keeping one of the self signed certs. Not really though as I later found that I could neither create new network users nor change user's passwords and only got the error:

"existing connection is not authenticated or secure: password change denied"

Went through gytrations of turning off OD, selecting the GoDaddy cert, watching the Certificates interface revert back to the built in cert, Server app crashing, eventually OD selected "none" on its own. It eventually let me select the GoDaddy cert with OD off. Turned OD back on, it stayed. Then a little while later, OD reverted back.

Finally I reverted to the "servername..ocal - server name.local OD Intermediate CA" on everything. No use. Cannot change passwords, create users, set password policy. In fact, another bug because "Edit password policy" just fails to confirm, no error message, nothing. OK, OK, OK, give up, Cancel.

<rant mode>This is the kind of disconnect that happens when a bucket of command line tools are integrated using a GUI app, instead of developing a robust fully integrated app. iTunes is a great example of robust operations when a product is not a bucket of command line tools held together by baling wire and bubble gum. If iTunes failed like this, Microsoft would be running the music industry. Case in point, with these repeated fails of Apple server products, Microsoft is running the server industry... </rant mode>

Same problem here. Cant select my SSL for OD. Everything else is ok. Any ideas?

Forgot to mention, this is a fresh install of OS X server. The last one melted down to the point of not being able to login via screen sharing. Could not figure out what was going on and now it seems that it could have been related to this same problem.

It occurs to me now that, prior to the rebuild from scratch, the original server build went tango uniform on the authentication shortly after installing the certificate. Did not put 2 & 2 together on the failure of VNC/ARD to authenticate. On original build, added Remotix in and then could authenticate to share screen. Don't have remotix in now but may be a clue to where the problem resides.

ALso, probably not related but I did blow out all caches and run disk privilege fix. The latter maybe impacted OD like it used to kill MailMan? Dunno.

small update. I decided to trash the Open Directory master and start over as there was nothing to lose if I can't change a bloody password in the Server app. Then I remembered I had, just as an experiment, tried to use the Open Directory archive function to backup the prior Server config's OD master data. I frankly expected the OD Archive and maybe someday Restore to fail but thought what the heck... I tried to restore it...

Am amazed and delighted to report that the Archive and Restore of OD worked and more. Mind you, it was a tiny database and although a rather clunky interface and several tries, it worked. The key is that if you think that you are going to find some kind of archive by opening the disk image that OD creates during the archive process, think again. There is no archive in the OD disk image... the disk image itself is the archive. In other words, Open Directory land where they speak Open Directory, Archive is synonymous with Disk Image. (aka fix that GUI to say "Archive disk image" and it will make sense).

Now for the punch line, after I restored from the Open Directory Archive Disk Image (ODADI?, needs a "y" in front), the error went away! Yes, it now allows me to change passwords, add new users, etc and the error is gone. Not sure how or why.. Could have been the act of deleting the original OD database or could have been the act of importing an OD database archive or it could be that the original OS database as corrupted and the backup was not corrupted.

I will try and break it, fix it and figure out where the issue is (archive, restore, data) so more to come.

I "upgraded" to Yosemite and Server.app 4, and am experiencing a host of bugs associated with Profile Manager and postgres.

Profile Manager doesn't see my code signing certificate when I ask it to sign configuration profiles (see this discussion).

And "serveradmin start postgres" is completely broken because serveradmin doesn't know about the postgres service! I've managed to start postgres by hand with a backup of Server.app 3's plist, but this isn't working across reboots. See this discussion.

Any help telling serveradmin about postgres and getting a reliable database on OS X Server ⚠ would be a great help.

Hi all.

So, I have spent the best part of several weeks looking into this annoying issue.

I have tried the following SSL's:

123-REG 123-SSL (£9.99/yr)

Future Hosting Standard SSL ($24.94/yr)

GoDaddy Protect One Website SSL (£39.19/yr)

NameCheap Comodo PositiveSSL (£5.93/yr)

They all failed to work for OD, then I purchased

RapidSSL ($49/yr)

This worked flawlessly first time! It seems there is something specific about this SSL that makes OD work. Anyway, thought I would share my fix for this. Will now try and cancel all of the above SSL's!