Q: At a complete loss. OSX server replacing SSL certs on its own
Hey guys
I am at a complete loss over an issue I am experiencing with OSX server. The OS version is 10.11.2.
Symptoms: None of the services that the server runs that use an SSL cert work correctly because the public ssl cert it presents is invalid cert. If I replace the cert and it get it working correctly so everything is peachy again with no errors, exactly every hour, at the same time it breaks again.
What’s happening on the server:-
The server is replacing the SSL cert every hour with an invalid one. It seems to be trying to sign it itself which will obviously not work. I have never seen anything like this before. I am completely stumped. Why on earth this functionality even EXISTS is beyond me. I expect this is an automated process that tries to do things for you going horribly wrong. The first thing I see in the logs is profile manager starting a ruby process.
It started doing this last Thursday and no, no configuration changes were made on that day. This server is not internet facing and I have rolled it back to a backup from Wednesday and it started doing it again… somehow. Automatic updates are turned OFF. The only thing that did happen was there was a power cut that day but this server did not lose power, it was plugged into a UPS.
I have pasted a link to some logs and the public cert, what its supposed to look like and one that the apple server just makes up on its own, as you can see, the cert chain is completely broken. (this was done with openssl s_client –connect host:port
I have googled and googled this and found nothing.
I do not understand what I am seeing here.
Posted on May 9, 2016 7:22 AM