[MacTUG] Installing SHA-256 certs on a 10.9.5 server

[Donald Duff-McCracken]

The following may only be of interest to those that use signed certificates:

I had not installed certs for a while on a mac server, and a few things have changed since then. One is that SHA-256 certs are now being used and that I had not done it to a 10.9.5 server (and everything seems harder in 10.9.5 haha).

Firstly, a few changes with SHA-256. You are not emailed the intermediate certificate, you download it from the globalsign site. If anything this may be easier but it is different.

Regarding installing the intermediate cert and the public key, I ran into some issues. I used to follow IST’s excellent steps outlining how to create a private key and a CSR<https://uwaterloo.ca/information-systems-technology/services/certificate-authority-support/certificate-authority-details/globalsign-signed-x5093-certificates/self-service-globalsign-ssl-certificates#openssl>. This method was fine for getting the info to globalsign (and generating the public key and intermediate certificate), I ran into problems importing these in to the OS. Usually I select “Import a security identity” (under Certificates in the Server App) and drag the private key, public key and intermediate cert to it. For some reason it was just not working this time. It was not recognizing the public key (and I was creating it the same way I always have of copying it from the email into a text editor like TextWrangler).

After trying to resolve this issue (trying a few ways of saving the public key), I decided to try a second route which worked fine. I used “Create a certificate identity” to have the Server app generate the private key and the CSR. This identity was then labled as ‘pending’ until globalsign sent my the public key. I could then click on this pending certificate identity and import in the public key and the downloaded intermediate cert. This all worked quite well


------------------------------------
Donald Duff-McCracken
Technical Services Manager
Mapping, Analysis & Design
Faculty of Environment
University of Waterloo
(519) 888-4567 x32151
https://uwaterloo.ca/environment-computing/about/people
------------------------------------
This email communication is intended as a private communication for the sole use of the primary addressee and those individuals listed for copies in the original message. The information contained in this email is private and confidential and If you are not an intended recipient you are hereby notified that copying, forwarding or other dissemination or distribution of this communication by any means is prohibited.  If you are not specifically authorized to receive this email and if you believe that you received it in error please notify the original sender immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.uwaterloo.ca/pipermail/mactug/attachments/20141209/c51c7a14/attachment.html>