You are not logged in.

Announcement

[2017.09.08] DeployStudio build v1.7.8 (checksum, release note).
[2016.08.26] DeployStudio build v1.6.19 (release note).
[2013.02.23] DeployStudio last universal build v1.5.17 (release note).

#1 2009-12-29 12:15:59

bjornbf
Member
Registered: 2009-12-29

use ca signed ssl cert in deploystudio admin

I wish to use my company's ca signed ssl cert in deplystudio admin, but can not find any documentation on how it is done.

If anyone know how to accomplish this I would be grateful.

Regards Bjorn Fodstad
Oslo University College

Offline

#2 2009-12-30 12:22:42

geniusbar
DeployStudio Team
Registered: 2008-11-20

Re: use ca signed ssl cert in deploystudio admin

You cannot do this by now, please move your post to the future section.

Last edited by geniusbar (2009-12-30 12:23:43)

Offline

#3 2010-01-04 19:42:28

bpenglase
Member
From: ::1
Registered: 2009-02-04
Website

Re: use ca signed ssl cert in deploystudio admin

> bjornbf wrote:

> I wish to use my company's ca signed ssl cert in deplystudio admin, but can not find any documentation on how it is done.

If anyone know how to accomplish this I would be grateful.

Regards Bjorn Fodstad
Oslo University College


I'm wondering why you need it to be other then the stock self-signed, as typically you're only having the DS apps access it. Unless you're writing utilities to modify the database, in which case I understand... SSL Certs are a pain :P

Offline

#4 2010-01-06 00:57:21

geniusbar
DeployStudio Team
Registered: 2008-11-20

Re: use ca signed ssl cert in deploystudio admin

Next DeployStudio Assistant build will allow you to select one of the ssl certificates available in the server's keychain.

Hope it helps.

Offline

#5 2010-01-07 00:31:58

admin
Administrator
Registered: 2007-03-29
Website

Re: use ca signed ssl cert in deploystudio admin

Please may you try last nightly with your certificate?

Offline

#6 2010-01-20 22:46:42

admin
Administrator
Registered: 2007-03-29
Website

Re: use ca signed ssl cert in deploystudio admin

Please try rc17.

Offline

#7 2010-01-25 16:36:37

bpenglase
Member
From: ::1
Registered: 2009-02-04
Website

Re: use ca signed ssl cert in deploystudio admin

I upgraded both to the nightly and the RC, and hen I goto select the cert, I'm only offered the choices of "No SSL Cert" and "com.deploystudio.server", not the our *.domain.edu cert, which is in the System keychain. For myself it isn't a big deal, but for other, it wouldn't allow the selection of the cert to use.

Offline

#8 2010-01-25 21:29:52

admin
Administrator
Registered: 2007-03-29
Website

Re: use ca signed ssl cert in deploystudio admin

DSS looks for identities (cert + private keys) available for any usage.
Others are ignored (restricted usage private keys).

Offline

#9 2010-01-25 22:28:49

bpenglase
Member
From: ::1
Registered: 2009-02-04
Website

Re: use ca signed ssl cert in deploystudio admin

So in my case (and I'm sure others), I imported the cert via Server Admin -> Certificates -> Import Certificate. The cert is listed there, and is valid.
When I look in Keychain Access, and click on the system Keychain, I see the certificate and private key for that cert.
The only different I see between it and the DS one, is the additional Public key.

Offline

#10 2010-01-25 22:52:59

admin
Administrator
Registered: 2007-03-29
Website

Re: use ca signed ssl cert in deploystudio admin

What's the usage type of the private key? must be any.

Offline

#11 2010-01-27 16:46:16

bpenglase
Member
From: ::1
Registered: 2009-02-04
Website

Re: use ca signed ssl cert in deploystudio admin

Ok, when I open "Get Info" on the private key, I see usage of "Decrypt, Sign, Unwrap", and I can't seem to find a place to change it. Maybe this is setup when it's imported?

Offline

#12 2010-01-27 17:23:25

admin
Administrator
Registered: 2007-03-29
Website

Re: use ca signed ssl cert in deploystudio admin

You can create a new private key signed with your certificate, using keychain access.

Offline

#13 2010-01-27 18:12:55

bpenglase
Member
From: ::1
Registered: 2009-02-04
Website

Re: use ca signed ssl cert in deploystudio admin

> admin wrote:

> You can create a new private key signed with your certificate, using keychain access.


Hmm, When I right click on the private key, and click "Generate certificate with..."  I go through all the prompts, then I get "Unable to display this certificate. The data does not appear to be a valid certificate". I've tried changing almost all the settings, to no avail.

Any hints?

(If this gets too offtopic, please say so, although this might be needed by everyone to actually create a usable cert).

Edit: I did notice if I don't check "Let me override defaults" I get "Sorry, there are no valid issuers available to sign certificates". This certificate is from Comodo, and I don't think it gives us the ability to sign certs with it, just use it for services (altho I guess the details say otherwise..).

Last edited by bpenglase (2010-01-27 18:16:19)

Offline

#14 2014-08-04 21:00:34

computeronix
Member
Registered: 2014-06-27

Re: use ca signed ssl cert in deploystudio admin

I am also running into this. I imported our company's CA Wildcard cert *.company.com and after I did this in the Server app I do not see it as an option for DeployStudio in the assistant setup.

Any ideas?

What is Server Fallback SSL certificate?

Offline

#15 2014-08-06 14:31:49

computeronix
Member
Registered: 2014-06-27

Re: use ca signed ssl cert in deploystudio admin

Answered my own question :)

So if I open the Server app and import my *.companyname.com wildcard certificate and then go through DeployStudio Assistant.  When it gets to the SSL part tell it to use Imported Private Key and it will utilize that certificate :)

I verified it by going to the web address from safari and it shows the wildcard ssl certificate

Offline

#16 2017-09-13 07:03:36

Dorian
Member
Registered: 2017-09-13

Re: use ca signed ssl cert in deploystudio admin

also unable to get the desired certificate to show up on the drop-down list on the ds_Assistant security page ... from where is this list derived (is there an edit somewhere to get the certificate on the list) ... how can a valid certificate be discovered to populate the drop down list?  Does the certificate need to be created with a specific modulas/algorithm...if so, what exactly are the criteria/attributes to match for doing this? 

note:  imported the certificate to Keychain Access and/or Mac OS Server (tried every combination of everything imaginable at the time ... even copying over the DS certs & editing com.deploystudio.server.plist to point to desired certificate) ... certificate is working properly for other services, so there doesn't appear to be anything wrong with the cert .. cert desired is RSA-modulas 2048 , SHA-2 , usage any ... can this work or does it need to match the rsa-1024 sha-1 or other ?

tried creating new cert to no avail - even with "Let me override defaults" selected the resultants do not populate the list ..TIA

fyi: the only choices seen on the drop down list are "com.deploystudio.server" or greyed-out "No SSL encryption"

Offline

#17 2017-09-13 15:09:52

mjsanders
Member
From: Schiedam, Netherlands
Registered: 2008-09-02
Website

Re: use ca signed ssl cert in deploystudio admin

I checked on my server (10.12.5/server.5.3.1) and I have several certs.
I have 3 certs I can use for https website in server.app, only 2 are usable for Deploystudio setup assistant.

Inspecting the differences: The ones that work for DeployStudio have Key Usage to 'Any', Purpose  several, one 'Any Extended Key Usage'
while the one that does NOT show up in DS setup assistant has only Key Usage "Encrypt, Verifiy, Wrap, Derive" and Purpose only "Server Authentication'

So check your certs again....
(note: I created my own certs all signed by my own self-signed CA cert, so your imported certs my be different. You checked a few settings of the certs, but let me try to tell you mine)

Certs should be in the System Keychain to be usable for Deploystudio.

Last edited by mjsanders (2017-09-13 15:11:44)

Offline

Board footer

Powered by FluxBB