In the Server App window, under Choose a Mac, do one of the following options to select the server on which to create your CSR: Note: You should select the server on which you are going to eventually install this SSL Certificate.This is another scratchpad post for folks who run an OXS Server and want to use a multi-domain UC (unified communications) SSL certificate. Now when you read about refurbishing my car, or fixing a seed drill, you’ll be doing it over an encrypted connection.In the Finder window, under Favorites, click Applications and then double-click Server. The online equivalent of moving a lemonade stand inside a bank vault.Somewhere along there they added SSL to all the connections from end-users to their servers but that left the link from Cloudflare to my sites unencrypted.They now support several ways to secure that connection – most of which are free. If you haven’t come across them, I heartily recommend you take a look — they’re a pretty nifty gang. UPDATE – May 2016 – Cloudflare Origin Cert on an OSX Server:This section describes using Cloudflare Origin Certificates, the following section is the original post where I was installing a Godaddy cert.I’ve taken to using Cloudflare for all my sites. Login to the desired server your wish. Launch Server.app from the Applications folder. Let's take a closer look at how to configure a self-hosted website.
![]() ![]() Server Create Cerificate For Email Install This SSLCreate one certificate signing request (CSR) in the OSX Server app, no matter how many domains are going to be covered by the UC cert. To verify its installation, you should see your certificate’s common name listed in the Settings menu.Multi-domain Unified Communications (UC) certThere are two things that are different when using a UC cert.Change #1) Use one CSR to request the cert Click and drag the certificate and bundle files into the Certificate Files section.This installs the certificate on your server. Double-click the common name of the certificate you requested. That cert appears in OSX Server’s list of Trusted Certificates as “server.cloudmikey.com” — that name came from the CSR I generated in OSX Server. The picture below is an example of the Godaddy management interface looking at a (prior version of) the cert that secures this page. This is the apex of the hierarchy of the cert and is the only one that will appear if site-visitors view the cert. This will be the “common name” on the cert and is the only domain name that cannot change later. Take care in choosing the domain name when creating the CSR. All of the domains added through Godaddy’s “manage Subject Alternative Names (SAN)” process will work once the cert is installed. ![]() I surprised myself by installing this cert under a “haven2.com” CSR — it installed just fine, but it’s name changed to “server.cloudmikey.com” on the list of Trusted Certificates in OSX Server. But it will always be appear under the common name on the cert, which confused me. Create a new CSR on OSX Server – again, this is just a socket into which the cert will install.Note: The cert will install correctly as long as the domain in the new CSR matches one of the domains covered by the cert. Return to Godaddy and modify the Subject Alternative Names (SANs) to get the domains right Openmp mac os x 2017Renew the cert at the cert-provider, using the newly-generated CSR (this is a copy/paste operation at Godaddy) Launch the Server app, open the cert that is coming up for renewal, click the “renew” button, generate a CSR. This web page is running under a later version of that cert — you can see what it looks like by double-clicking the “lock” in the URL bar of your browser.A year has passed and it’s time to renew the cert. It doesn’t matter that the common name of the cert (server.cloudmikey.com in this case) doesn’t match the domain of the web page (haven2.com).That concludes my report. Web pages and services will operate correctly as long as the domain of the web-page or service matches one of the domains on the cert. Update the cert configuration to point at the newly-renewed cert. There should now be two certs in the Server app list — the current one and the new one. Open up the “pending” cert again in the Server app and drag the newly-downloaded cert files from the vendor into the box that’s displayed.
0 Comments
Leave a Reply. |
AuthorAntonio ArchivesCategories |