Bryan Schramm

Q: OSX Yosemite Server 4.0 - webapps & SSL issues

As always, whenever Apple, updates their OS or the server, things break.  This time, not only are they still hosing PostgreSQL, but also, webapps and SSL certificates.

 

When I try to enable apache webapps, that were working on the previous release, I am able to check them, but after clicking OK and going into look again, they're not enabled.  In addition, when I change the SSL certificate to the 3rd party certificate, server keeps reverting to the self assigned certificate.

 

Complete garbage.  I've lost my energy to deal with this.  I love Apple, products and expect so much more.  I give up and am moving to a different solution.

MAC MINI SERVER (LATE 2012), OS X Server, Mountain Lion Server

Posted on Oct 17, 2014 11:15 AM

Close

Q: OSX Yosemite Server 4.0 - webapps & SSL issues

  • All replies
  • Helpful answers

Previous Page 2
  • by robertoraskovsky,

    robertoraskovsky robertoraskovsky Jan 18, 2015 9:49 AM in response to Bryan Schramm
    Level 1 (0 points)
    Jan 18, 2015 9:49 AM in response to Bryan Schramm

    Hi all.

     

    So, I have spent the best part of several weeks looking into this annoying issue.

    I have tried the following SSL's:

    123-REG 123-SSL (£9.99/yr)

    Future Hosting Standard SSL ($24.94/yr)

    GoDaddy Protect One Website SSL (£39.19/yr)

    NameCheap Comodo PositiveSSL (£5.93/yr)

     

    They all failed to work for OD, then I purchased

    RapidSSL ($49/yr)

    This worked flawlessly first time! It seems there is something specific about this SSL that makes OD work. Anyway, thought I would share my fix for this. Will now try and cancel all of the above SSL's!

  • by essandess,

    essandess essandess Jan 18, 2015 11:50 AM in response to robertoraskovsky
    Level 1 (28 points)
    Applications
    Jan 18, 2015 11:50 AM in response to robertoraskovsky

    I'm hoping that OD will work seamlessly with the EFF's, Mozilla's etc. Let's Encrypt free CA, coming this year. <https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web>

  • by essandess,

    essandess essandess Jan 19, 2015 7:36 PM in response to Alex Narvey
    Level 1 (28 points)
    Applications
    Jan 19, 2015 7:36 PM in response to Alex Narvey

    I was able to get a code signing certificate from backups into Profile Manager.  Here are the steps.

  • by Alex Narvey,

    Alex Narvey Alex Narvey Jan 24, 2015 9:22 AM in response to Bryan Schramm
    Level 1 (8 points)
    Servers Enterprise
    Jan 24, 2015 9:22 AM in response to Bryan Schramm

    Bryan,

     

    This may help you regarding the 3rd party cert issues.

     

    I was having problems with a legit GoDaddy cert I was trying to use for a web site in Server.app 4 (Yosemite) but I believe this also applies to Mavericks Server.app 3:

     

    I found that the Web Services Site creation panel would always default to port 80 when I chose my cert. It is a good and valid cert and it trusted and intermediate certs are installed.

    But when I chose an Apple default cert it would get the proper port 443.

    If I tried using my GoDaddy cert and changed the port to 443 and tried to save I would get the message:

    "Port 443 can't be used without an SSL certificate"

    "You must choose an SSL certificate to use port 443. If you don't want to choose an SSL certificate you must use a different port"

     

    But the cert looks perfect KeyChain Access.

     

    Although Keychain Access would not show the problem, the problem COULD be detected by examing /etc/certificates where I found that unlike the Apple default certs, my GoDaddy cert was missing the fourth member of its set (the private key one ending in ".key.pem")

     

    1) mysite.example.com.CAGobbledygooknumbersandletters.cert.pem

    2) mysite.example.com.CAGobbledygooknumbersandletters.chain.pem

    3) mysite.example.com.CAGobbledygooknumbersandletters.concat.pem

    4) mysite.example.com.CAGobbledygooknumbersandletters.key.pem  THIS WAS MISSING

     

    Finally, I found this Apple tech note which resolved the problem:

    http://support.apple.com/en-ca/HT203731

    OS X Server: Access Controls might prevent a certificate identity from working with Server services - Apple Support

     

    After using the Access Control fix listed in the above knowledgebase article and restarting the computer the fourth member of the set magically appeared in /etc/certificates and I when I chose my GoDaddy cert in the Web Services site creator the port magically defaulted to the proper "443".

     

    Everything working fine now!

     

    Eureka!

Previous Page 2