[MacTUG] OS X Server and Importing Security Certificates

Jeff Dunnett jdunnett at math.uwaterloo.ca
Thu Nov 15 16:25:47 EST 2007 

Ian,

Thanks for the information.  Would I make that a System or X509Anchor  
certificate?  When I try it as a X509Anchor certificate I get an  
error saying an item like that already exists in the chain.

Regards,
Jeff



On 15-Nov-07, at 11:21 AM, Ian Turner wrote:

> it's even simpler, just have the stuff on your desktop and do the  
> "import" - it will create the files it wants in /etc/
> Possible issues are permissions, and that if you have the  
> "original" already in etc, it will maybe try to overwrite
>
> and make sure there is a Thawte "master" already in your  
> certificate stores - I think you check that with Keychain app
>
> see
> https://www.cs.uwaterloo.ca/twiki/view/CF/ADMacInteg
>
> the section on configuring Secure LDAP
>
> Jeff Dunnett wrote:
>> Hello,
>> I was wondering if I might be able to call upon the collective  
>> expertise of the group.  I am having problems installing a Thwate  
>> security certificate obtained through IST on our Tiger server.   
>> Maybe it is because of my inexperience with this sys admin  
>> operation.  Maybe I am doing something wrong.  Maybe it is some  
>> kind of problem I am not seeing.
>> I have in /private/etc/certificates three files:
>> cemc.math.uwaterloo.ca.crt (which contains the cert http:// 
>> ist.uwaterloo.ca/security/IST-CA/certs/59315.7.60540.7.pem)
>> cemc.math.uwwaterloo.ca.key (which contains the private key)
>> cemc.math.uwaterloo.ca.chcrt (which is the security authority file)
>> I have tried a number of ways for installing the certificate:
>> 1) Manually adding a new cert by going into Server Admin tools by  
>> clicking on the 'plus button'.  Then typing in the information  
>> contained in the certificate (.crt file) manually (i.e. Common  
>> Name, City etc).  Then clicking on adding signed certificate then  
>> cutting and pasting the information between the (start certificate  
>> and end certificate) from the .crt file.  The problem is that it  
>> says there is an error writing the settings and then shows the  
>> authority as self-signed.
>> 2) I have tried imporitng the certificate by clicking on the  
>> 'import' button.  Then giving the Certificate File as /private/etc/ 
>> certificate/cemc.math.uwaterloo.crt.   The Private Key File as / 
>> private/etc/certificate/cemc.math.uwaterloo.key and the  
>> Certificate Authority File as /private/etc/certificate/ 
>> cemc.math.uwaterloo.chcrt.  I leave the Private Key Passphrase as  
>> blank because I am pretty sure there isn't one.  I get a message  
>> saying "Certificate Import Failed make sure that the values you  
>> entered are correct and that the certificate files on the server  
>> are valid."
>> Does it seem like I am doing anything wrong?  I am a little  
>> stumped at this point.
>> Regards,
>> Jeff
>> _______________________________________________
>> MacTUG mailing list
>> MacTUG at lists.uwaterloo.ca
>> https://lists.uwaterloo.ca/mailman/listinfo/mactug

More information about the MacTUG mailing list