Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wildcard Certificates - Do they work?

On Tue, 28 Jul 2009 07:00:29 -0500, Dave Schroeder <email@hidden>
wrote:
> On Jul 28, 2009, at 4:50 AM, email@hidden wrote:
> 
>>
>>> Dear Fellow Server Wranglers,
>>>
>>> We use a variety of OS X server services and my users are getting
>>> tired of "invalid certificate" messages.
>>>
>>> Having not purchased certs in a while, I went to go buy some and  
>>> noted
>>> the new "wildcard" certs that claim to be able to secure multiple
>>> hosts in one domain with one certificate.
>>>
>>> ie "mail.foo.com, chat.foo.com, etc"
>>>
>>> Does this work? Do they work with OS X Server?
>>>
>>> How do you install it? The same cert on every server in question?
>>>
>>> Anyone done this?
>>
>> Its correct that wildcard SSL certificates work with Mac OS X  
>> Server, but
>> in case you use Server Admin to administrate your OS X Server, then  
>> you
>> should make sure not to use a password when you generate your CSR
>> (Certificate Signing Request) since otherwise OS X server will be  
>> unable to
>> correctly use the certificate.
>>
>> Kind Regards
>> Pascal Geuns
>> QualitySSL
> 
> Actually, private keys with no passwords work fine via Server Admin.

Its correct that Server Admin works fine with private keys with no
password, but if you generate a CSR for a wildcard certificate with a
password, then Server Admin is unable to use the correct private key. Only
if the private key does not use a password then it will work. (this does
not apply to regular certificates, as there it does not matter if you use a
password or not)

I guess the problem lies in the routine that finds the password for each
private key, which gets confused due to the private key uses a wildcard in
its name...

Maybe Apple can fix this in 10.6....

Kind Regards
Pascal Geuns
QualitySSL

------------------------------------------------------------------------
SSL Certificates at Low Prices with Mac support
Visit us at http://www.qualityssl.com/
------------------------------------------------------------------------
 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Re: Wildcard Certificates - Do they work? (From: <email@hidden>)
 >Re: Wildcard Certificates - Do they work? (From: Dave Schroeder <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.