Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
installing a certificate
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

installing a certificate

I'm trying to install a wildcard certificate signed by startssl on my Leopard server (on a G5). I want to use it for https and smtp/imap.

I created a csr using server admin. A side effect of this was an untrusted, self-signed root certificate in the system keychain named "*". I used the CSR to get the signed certificate, and imported it using server admin again. This resulted in three more entries in the system keychain all named "*": a private key, a public key, and a signed, trusted certificate (I had previously added the CA's for startssl, which is why they were trused). I then set up a web site ( as https, using server admin again, and I specified the "*" certificate. This all went relatively smoothly.

The problem is that when I try to access the web page using https, my browsers complain about an untrusted certificate, and show me what looks exactly like the untrusted root certificate that was created when I generated the CSR. Yet when I examine certificates in server admin, it only shows the trusted, signed certificate from startssl for "*".

Clearly, I'm missing one or more steps in this process.

By the way, there are also four files in /etc/certificates named "*", with the suffixes .crt, .crtkey, .csr, and .key. The dates on those files appear to be in the ballpark for when I specified the "*" certificate for the web site. Also, in /etc/apache2, there are empty ssl.crt and ssl.key directories, and under /etc/ apache2/sites, there is a .conf
file called, and in the <IfModule mod_ssl.c> section, it specifies /etc/certificates/*{crt,key}.

So several things seem to be getting set up right, but something is missing.

Any suggestions? My skin is thick, I'm prepared to be scolded and sent to read the documentation, which I would already have done if I knew where it was.

Greg Shenaut
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden

Visit the Apple Store online or at retail locations.

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2011 Apple Inc. All rights reserved.