Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Wildcard Certificates - Do they work?

On 28.7.2009, at 18.44, <email@hidden> wrote:


On Tue, 28 Jul 2009 07:00:29 -0500, Dave Schroeder <email@hidden>
wrote:

On Jul 28, 2009, at 4:50 AM, email@hidden wrote:


Dear Fellow Server Wranglers,

We use a variety of OS X server services and my users are getting
tired of "invalid certificate" messages.

Having not purchased certs in a while, I went to go buy some and
noted
the new "wildcard" certs that claim to be able to secure multiple
hosts in one domain with one certificate.

ie "mail.foo.com, chat.foo.com, etc"

Does this work? Do they work with OS X Server?

How do you install it? The same cert on every server in question?

Anyone done this? 

Its correct that wildcard SSL certificates work with Mac OS X
Server, but
in case you use Server Admin to administrate your OS X Server, then
you
should make sure not to use a password when you generate your CSR
(Certificate Signing Request) since otherwise OS X server will be
unable to
correctly use the certificate.

Kind Regards
Pascal Geuns
QualitySSL

Actually, private keys with no passwords work fine via Server Admin.

Its correct that Server Admin works fine with private keys with no
password, but if you generate a CSR for a wildcard certificate with a
password, then Server Admin is unable to use the correct private key. Only
if the private key does not use a password then it will work. (this does
not apply to regular certificates, as there it does not matter if you use a
password or not)

We use wildcard certs with 10.5 and private keys with passwords. I think you just have to use the "Custom Configuration…" option for each service.

But you can also generate private key with a password in the CSR and then use the openssl command to strip the password to use it in Server Admin.


All the best,
-filipp

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden
References: 
 >Re: Wildcard Certificates - Do they work? (From: <email@hidden>)
 >Re: Wildcard Certificates - Do they work? (From: Dave Schroeder <email@hidden>)
 >Re: Wildcard Certificates - Do they work? (From: <email@hidden>)



Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.