Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
285 points

OS X 10.8.5 Server 2.2.5/Keychain Access certificates question

I'm having trouble getting my certificate renewal pushed through on my OS X 10.8.5 Server 2.2.5 system (it'll be replaced with a latest version setup this spring but the certificates will expire before that can be undertaken).


I am running my own Certificate Authority. The CA's certificate is installed on iOS devices and OSX devices that connect to my server. See Creating my own Certificate Authority, signed certificates, and using these where I explain how I am doing this (with scripts I use to create this) and what I ran into first when trying to update my wildcard certificate.


I now know that I need to get my certificate into the system Keychain before I can use it in Server.app. Server.app also has its own import mechanism. To get either one working would be fine and I think when I did this the first time 3 years ago I did it via the System Keychain. But somehow, this doesn't work anymore. When I try to get the .pem file into the System Keychain, what happens is that one element is not added to the System Keychain: the key file.


In /etc/certificates I have:

*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.cert.pem

*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.chain.pem

*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.concat.pem

*.rna.nl.A10E0E1DDF1AC21C0C6E338BFF25349D82A1CC75.key.pem


But a new certificate for *.rna.nl I add has only the first three parts. There is no .key.pem file.


Alternatively, I might be able to add the certificate via Server.app's Import mechanism. But if I add the certificate their it will be added as a 'No Identity' certificate. Maybe for the same reason? Anyway, I need the certificate in /etc/certificates with .key.pem or I will not be able to secure my SMTP with it.


I am trying to fond out what exactly is going wrong. I am also wondering what exactly is needed to add in the Server.app's Import mechanism. What does it expect as certificate and key? There is no documentation.


Help would be very much appreciated. How, for instance, can I properly check what is in my .crt/.pem/.p12 file?

Mac mini, OS X Mountain Lion (10.8.5), OS X Server

Posted on Mar 20, 2016 3:21 AM

Reply
Question marked as Best reply
User profile for user: Gerben Wierda
Gerben Wierda Author
User level: Level 2
285 points

Posted on Mar 21, 2016 7:28 AM

I was wrong to assume I first had to put it in the System Keychain via Keychain Access. It turns out it must be done via Server.app's Import panel, but in a very specific way. See Creating my own Certificate Authority, signed certificates, and using these

View in context
1 reply

OS X 10.8.5 Server 2.2.5/Keychain Access certificates question

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up