OS X 10.8.5 Server 2.2.5/Keychain Access certificates question
I'm having trouble getting my certificate renewal pushed through on my OS X 10.8.5 Server 2.2.5 system (it'll be replaced with a latest version setup this spring but the certificates will expire before that can be undertaken).
I am running my own Certificate Authority. The CA's certificate is installed on iOS devices and OSX devices that connect to my server. See Creating my own Certificate Authority, signed certificates, and using these where I explain how I am doing this (with scripts I use to create this) and what I ran into first when trying to update my wildcard certificate.
I now know that I need to get my certificate into the system Keychain before I can use it in Server.app. Server.app also has its own import mechanism. To get either one working would be fine and I think when I did this the first time 3 years ago I did it via the System Keychain. But somehow, this doesn't work anymore. When I try to get the .pem file into the System Keychain, what happens is that one element is not added to the System Keychain: the key file.
In /etc/certificates I have:
*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.cert.pem
*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.chain.pem
*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.concat.pem
*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.key.pem
But a new certificate for *.rna.nl I add has only the first three parts. There is no .key.pem file.
Alternatively, I might be able to add the certificate via Server.app's Import mechanism. But if I add the certificate their it will be added as a 'No Identity' certificate. Maybe for the same reason? Anyway, I need the certificate in /etc/certificates with .key.pem or I will not be able to secure my SMTP with it.
I am trying to fond out what exactly is going wrong. I am also wondering what exactly is needed to add in the Server.app's Import mechanism. What does it expect as certificate and key? There is no documentation.
Help would be very much appreciated. How, for instance, can I properly check what is in my .crt/.pem/.p12 file?
Mac mini, OS X Mountain Lion (10.8.5), OS X Server