-
All replies
-
Helpful answers
-
Jan 18, 2015 9:49 AM in response to Bryan Schrammby robertoraskovsky,Hi all.
So, I have spent the best part of several weeks looking into this annoying issue.
I have tried the following SSL's:
123-REG 123-SSL (£9.99/yr)
Future Hosting Standard SSL ($24.94/yr)
GoDaddy Protect One Website SSL (£39.19/yr)
NameCheap Comodo PositiveSSL (£5.93/yr)
They all failed to work for OD, then I purchased
RapidSSL ($49/yr)
This worked flawlessly first time! It seems there is something specific about this SSL that makes OD work. Anyway, thought I would share my fix for this. Will now try and cancel all of the above SSL's!
-
Jan 18, 2015 11:50 AM in response to robertoraskovskyby essandess,I'm hoping that OD will work seamlessly with the EFF's, Mozilla's etc. Let's Encrypt free CA, coming this year. <https://www.eff.org/deeplinks/2014/11/certificate-authority-encrypt-entire-web>
-
Jan 19, 2015 7:36 PM in response to Alex Narveyby essandess,I was able to get a code signing certificate from backups into Profile Manager. Here are the steps.
-
Jan 24, 2015 9:22 AM in response to Bryan Schrammby Alex Narvey,Bryan,
This may help you regarding the 3rd party cert issues.
I was having problems with a legit GoDaddy cert I was trying to use for a web site in Server.app 4 (Yosemite) but I believe this also applies to Mavericks Server.app 3:
I found that the Web Services Site creation panel would always default to port 80 when I chose my cert. It is a good and valid cert and it trusted and intermediate certs are installed.
But when I chose an Apple default cert it would get the proper port 443.
If I tried using my GoDaddy cert and changed the port to 443 and tried to save I would get the message:
"Port 443 can't be used without an SSL certificate"
"You must choose an SSL certificate to use port 443. If you don't want to choose an SSL certificate you must use a different port"
But the cert looks perfect KeyChain Access.
Although Keychain Access would not show the problem, the problem COULD be detected by examing /etc/certificates where I found that unlike the Apple default certs, my GoDaddy cert was missing the fourth member of its set (the private key one ending in ".key.pem")
1) mysite.example.com.CAGobbledygooknumbersandletters.cert.pem
2) mysite.example.com.CAGobbledygooknumbersandletters.chain.pem
3) mysite.example.com.CAGobbledygooknumbersandletters.concat.pem
4) mysite.example.com.CAGobbledygooknumbersandletters.key.pem THIS WAS MISSING
Finally, I found this Apple tech note which resolved the problem:
http://support.apple.com/en-ca/HT203731
After using the Access Control fix listed in the above knowledgebase article and restarting the computer the fourth member of the set magically appeared in /etc/certificates and I when I chose my GoDaddy cert in the Web Services site creator the port magically defaulted to the proper "443".
Everything working fine now!
Eureka!