[MacTUG] OS X Server and Importing Security Certificates

Ian Turner iturner at uwaterloo.ca
Fri Nov 16 09:29:07 EST 2007 

on our system, there is already a Thawte installed as X509 - it should 
be a  default along with all the other public root certificates (99% 
sure that I didn't install that one), but since we're using UW signed 
certificates, I installed the UW "root" as both an X509, and System

Just noticed that the "generated" local system keys resulting from the 
import also show up in keychain app as System Certs

Jeff Dunnett wrote:
> Ian,
> 
> Thanks for the information.  Would I make that a System or X509Anchor 
> certificate?  When I try it as a X509Anchor certificate I get an error 
> saying an item like that already exists in the chain.
> 
> Regards,
> Jeff
> 
> 
> 
> On 15-Nov-07, at 11:21 AM, Ian Turner wrote:
> 
>> it's even simpler, just have the stuff on your desktop and do the 
>> "import" - it will create the files it wants in /etc/
>> Possible issues are permissions, and that if you have the "original" 
>> already in etc, it will maybe try to overwrite
>>
>> and make sure there is a Thawte "master" already in your certificate 
>> stores - I think you check that with Keychain app
>>
>> see
>> https://www.cs.uwaterloo.ca/twiki/view/CF/ADMacInteg
>>
>> the section on configuring Secure LDAP
>>
>> Jeff Dunnett wrote:
>>> Hello,
>>> I was wondering if I might be able to call upon the collective 
>>> expertise of the group.  I am having problems installing a Thwate 
>>> security certificate obtained through IST on our Tiger server.  Maybe 
>>> it is because of my inexperience with this sys admin operation.  
>>> Maybe I am doing something wrong.  Maybe it is some kind of problem I 
>>> am not seeing.
>>> I have in /private/etc/certificates three files:
>>> cemc.math.uwaterloo.ca.crt (which contains the cert 
>>> http://ist.uwaterloo.ca/security/IST-CA/certs/59315.7.60540.7.pem)
>>> cemc.math.uwwaterloo.ca.key (which contains the private key)
>>> cemc.math.uwaterloo.ca.chcrt (which is the security authority file)
>>> I have tried a number of ways for installing the certificate:
>>> 1) Manually adding a new cert by going into Server Admin tools by 
>>> clicking on the 'plus button'.  Then typing in the information 
>>> contained in the certificate (.crt file) manually (i.e. Common Name, 
>>> City etc).  Then clicking on adding signed certificate then cutting 
>>> and pasting the information between the (start certificate and end 
>>> certificate) from the .crt file.  The problem is that it says there 
>>> is an error writing the settings and then shows the authority as 
>>> self-signed.
>>> 2) I have tried imporitng the certificate by clicking on the 'import' 
>>> button.  Then giving the Certificate File as 
>>> /private/etc/certificate/cemc.math.uwaterloo.crt.   The Private Key 
>>> File as /private/etc/certificate/cemc.math.uwaterloo.key and the 
>>> Certificate Authority File as 
>>> /private/etc/certificate/cemc.math.uwaterloo.chcrt.  I leave the 
>>> Private Key Passphrase as blank because I am pretty sure there isn't 
>>> one.  I get a message saying "Certificate Import Failed make sure 
>>> that the values you entered are correct and that the certificate 
>>> files on the server are valid."
>>> Does it seem like I am doing anything wrong?  I am a little stumped 
>>> at this point.
>>> Regards,
>>> Jeff
>>> _______________________________________________
>>> MacTUG mailing list
>>> MacTUG at lists.uwaterloo.ca
>>> https://lists.uwaterloo.ca/mailman/listinfo/mactug

More information about the MacTUG mailing list