[MacTUG] OS X Server and Importing Security Certificates
Jeff Dunnett
jdunnett at math.uwaterloo.ca
Thu Nov 15 16:25:47 EST 2007
Ian,
Thanks for the information. Would I make that a System or X509Anchor
certificate? When I try it as a X509Anchor certificate I get an
error saying an item like that already exists in the chain.
Regards,
Jeff
On 15-Nov-07, at 11:21 AM, Ian Turner wrote:
> it's even simpler, just have the stuff on your desktop and do the
> "import" - it will create the files it wants in /etc/
> Possible issues are permissions, and that if you have the
> "original" already in etc, it will maybe try to overwrite
>
> and make sure there is a Thawte "master" already in your
> certificate stores - I think you check that with Keychain app
>
> see
> https://www.cs.uwaterloo.ca/twiki/view/CF/ADMacInteg
>
> the section on configuring Secure LDAP
>
> Jeff Dunnett wrote:
>> Hello,
>> I was wondering if I might be able to call upon the collective
>> expertise of the group. I am having problems installing a Thwate
>> security certificate obtained through IST on our Tiger server.
>> Maybe it is because of my inexperience with this sys admin
>> operation. Maybe I am doing something wrong. Maybe it is some
>> kind of problem I am not seeing.
>> I have in /private/etc/certificates three files:
>> cemc.math.uwaterloo.ca.crt (which contains the cert http://
>> ist.uwaterloo.ca/security/IST-CA/certs/59315.7.60540.7.pem)
>> cemc.math.uwwaterloo.ca.key (which contains the private key)
>> cemc.math.uwaterloo.ca.chcrt (which is the security authority file)
>> I have tried a number of ways for installing the certificate:
>> 1) Manually adding a new cert by going into Server Admin tools by
>> clicking on the 'plus button'. Then typing in the information
>> contained in the certificate (.crt file) manually (i.e. Common
>> Name, City etc). Then clicking on adding signed certificate then
>> cutting and pasting the information between the (start certificate
>> and end certificate) from the .crt file. The problem is that it
>> says there is an error writing the settings and then shows the
>> authority as self-signed.
>> 2) I have tried imporitng the certificate by clicking on the
>> 'import' button. Then giving the Certificate File as /private/etc/
>> certificate/cemc.math.uwaterloo.crt. The Private Key File as /
>> private/etc/certificate/cemc.math.uwaterloo.key and the
>> Certificate Authority File as /private/etc/certificate/
>> cemc.math.uwaterloo.chcrt. I leave the Private Key Passphrase as
>> blank because I am pretty sure there isn't one. I get a message
>> saying "Certificate Import Failed make sure that the values you
>> entered are correct and that the certificate files on the server
>> are valid."
>> Does it seem like I am doing anything wrong? I am a little
>> stumped at this point.
>> Regards,
>> Jeff
>> _______________________________________________
>> MacTUG mailing list
>> MacTUG at lists.uwaterloo.ca
>> https://lists.uwaterloo.ca/mailman/listinfo/mactug
More information about the MacTUG
mailing list