Jeffrey West

Q: Open Directory CA vs 3rd Party Certificate

I'm using Server 5.1.x on a mac mini server with El Capitan. I have purchased a third party SSL certificate, and in the Server app, I've set Open Directory to use this certificate.

 

Why do my client machines ask to trust a self-signed Open Directory Certificate Authority instead of using the 3rd party (trusted) certificate?

 

Thanks,

Jeff

iMac, OS X El Capitan (10.11.6)

Posted on Oct 2, 2016 3:50 PM

Close

Q: Open Directory CA vs 3rd Party Certificate

  • All replies
  • Helpful answers

  • by Antonio Rocco,

    Antonio Rocco Antonio Rocco Oct 7, 2016 4:23 AM in response to Jeffrey West
    Level 6 (10,616 points)
    Desktops
    Oct 7, 2016 4:23 AM in response to Jeffrey West

    A self-signed certificate is always going to be untrusted by devices that are asked to 'trust it' because there's no way they can have prior knowledge of its trustworthiness or use an external authorising server that can vouch for the trustworthiness of that certificate. If the devices that are going to use it are part of the same organisation then the organisation's server/network administrator should either: Inform users using the server to trust and install the certificate when prompted or pre-install and trust the self-signed certificate on the devices prior to handing them out. Seeing as it's your server and the users using it are also part of the same organisation there's no reason to mistrust it is there?

  • by Jeffrey West,

    Jeffrey West Jeffrey West Oct 10, 2016 6:59 AM in response to Antonio Rocco
    Level 1 (39 points)
    Mac OS X
    Oct 10, 2016 6:59 AM in response to Antonio Rocco

    Yes, I understand that a self-signed certificate will be untrusted. My question is more around why is Open Directory creating a CA when I have a trusted 3rd party certificate assigned to Open Directory in the server certificates panel?

     

    And no, there's no issue of mistrust; I just don't understand what's happening.