SSL Root Certifcate not installed

Question

SSL Root Certifcate not installed

When we want to add a trusted certificate to our server we use Comodo PossitveSSL.

When we added this certificate on our server running 10.11.6 / Server App 5.2 all worked fine. SSL check comes back green.

When we do the same thing on Server 5.2 and a MacOS Sierra server 10.12.3 we get that the root certificate is not trusted. And it is not working.

So we make a CSR, get the request back from comodo.

We open the CSR in the server app, drag the following certificates to is :

- domein certificate

- 3 root certificates. AddTrustExternalCARoot, COMODORSAAddTrustCA and COMODORSADomainValidationSecureServerCA.

If i do a SSL check the AddTrustExternalCARoot is not shown, and thus the SSL check fails.

Mac mini, OS X El Capitan (10.11.6), OS X Server 5.x

Posted on Mar 12, 2017 7:08 AM

Reply

Answer 1

cdhw

Level 4

3,594 points

Mar 12, 2017 11:45 AM in response to Patrick Savelberg (Private)

I have a feeling that since Sierra one can only delete, not add, certificates to the System Root Keychain. See:

https://support.apple.com/en-gb/HT207189

for a list of the currently allowed ones. The Comodo RSA2048/SHA-1 and RSA4096/SHA-384 root certificates are pre-installed so unless you've deleted these the problem should lie elsewhere.

The most recent installation instructions published by Comodo that I can find are:

https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/1108/37 /os-x-el-capitan-server-csr-generation-a…

If these don't work, try contacting:

support@comodogroup.com

and asking how to use their certificates with Sierra.

C.

Reply