Updating SSL certs via ServerAdmin on Tiger server

[mdomenici]

Hello,

I am having a really bad time updating the SSL cert on my Tiger server. My existing cert expires in a little over a month, so I decided to go ahead and renew it ASAP.

I had the cert authority regenerate the cert file, and my original thought was to punch it all in via the server admin GUI. However, after supplying the required info, Server Admin barfs on it, saying “Certificate Import Failed.”

My next thought is that perhaps both could not be active at once. I jumped onto the server itself, fired up Keychain Access, and did a manual import of the certificate. Keychain Access reports the cert is good, so I delete the old one. I go back into Server Admin, and now it shows NO certs installed other than the Apple default.

Back into Keychain Access, I delete the new cert, add the old one back, and refresh, everything seems to regenerate ok in Server Admin. Being bold, I reenable the new cert in Keychain Access, and Keychain Access updates and shows both as active, but again, nothing in Server Admin.

So what exactly does someone have to do to get Server Admin to cooperate and import the certs? I changed nothing in the renewal, so the passphrase, intermediate cert, and private key should be the same. Is there some test process on the command line I could use with the new credentials to be sure I’ve got everything right, or is this some sort of odd Server Admin problem?

– Matt

[mdomenici]

One item I should note…

I never fully deleted the configuration in Server Admin for my old cert, just in Keychain Access. For the heck of it, I went ahead and tried to create a new cert with the same name thinking it would fail (it did) — so it makes me wonder if I need to delete the old cert and then import the new one.

I’m somewhat leery of doing this given the error message, but perhaps that is the problem, do you have any thoughts on this?

– Matt

[Author]

Posts