- Jamf Nation Community
- Products
- Jamf Pro
- Re: Use existing wildcard cert for JSS
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 07:08 AM
Has anybody had any luck getting this to work? If I already have the certificate installed on my OS X server, can I just point Tomcat to it?
I spent all day on the phone yesterday w/ JAMF and RapidSSL and couldn't get it working.
Solved! Go to Solution.
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 09:07 AM
John,
That is the trick is you don't. The simple solution is copy your wildcard SSL to your system keychain. Login as root, Launch Keychain Access. Select your wildcard, root CA and any Intermediate CA and export them all to a .p12 file. Then use
keystoreFile="/Library/Tomcat/.keystore"
keystorePass="your_password"
keystoreType="PKCS12"
in your server.xml file in Tomcat as described above.
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 07:46 AM
I've been using a wilcard cert for years with our JSS. I never used it as an existing cert installed in the OS, however. I use openssl command line to create a keystore. I then put the keystore in /Library/Tomcat. Finally, I add the following to server.xml in the SSL Connector tag...
keystoreFile="/Library/Tomcat/.keystore"
keystorePass="your_password"
keystoreType="PKCS12"
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 08:12 AM
Its a head ache, but yeah we also have our wildcard ssl cert enabled here
installed windows? mac? linux?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 08:14 AM
I guess what I'm running into trouble with is how do I import our existing wildcard SSL cert into the keystore?
All instructions I find have me create a keystore, generate a CSR, and have a new certificate issued. This won't work for our situation as the certificate has already been installed on other machines and services.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 09:07 AM
John,
That is the trick is you don't. The simple solution is copy your wildcard SSL to your system keychain. Login as root, Launch Keychain Access. Select your wildcard, root CA and any Intermediate CA and export them all to a .p12 file. Then use
keystoreFile="/Library/Tomcat/.keystore"
keystorePass="your_password"
keystoreType="PKCS12"
in your server.xml file in Tomcat as described above.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 10:33 AM
we have our wildcart cert for the JSS as well. It was a major headache for us. We actually were only able to get it working with the help of a 3rd party consultant that i work with on other issues. I think jamf really needs to implement an easier way to install a wildcart cert.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 10-04-2012 11:25 AM
Justin! Yes! You nailed it! Thank you!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-01-2012 10:37 AM
I'm hitting a wall. I'm in 10.8 Server, logged in a root. I've imported my wildcard cert, GoDaddy's root cert, and GoDaddy's intermediate cert. I select all three, right click on "Export Three Items", but the p12 option is grayed out.
Any ideas? TIA.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-01-2012 10:37 AM
I'm hitting a wall. I'm in 10.8 Server, logged in a root. I've imported my wildcard cert, GoDaddy's root cert, and GoDaddy's intermediate cert. I select all three, right click on "Export Three Items", but the p12 option is grayed out.
Any ideas? TIA.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 11-13-2012 07:25 AM
In order to export all three you have to be logged in as root or use the following command.
sudo /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 07-19-2013 03:16 PM
Just ran into this issue, no matter what I select in Keychain Access the .p12 option was disabled/"greyed out". Be sure you have the Private Key selected - then, and only then, can you export as a .p12 file.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-04-2014 09:33 AM
Sorry to post on such an old thread, but I have a wildcard cert that I've been trying to use for my JSS as well but I'm running Windows Server 2008 R2. Has anyone accomplished using a wildcard cert for JSS on a Windows box?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-04-2014 10:28 AM
Yes, the one I set up last July was on Windows… sadly I don't remember the details, without sitting in front of a Windows VM, but it's certainly do-able. I think I used Keychain Access on the Mac just to create the "combined" .p12 file...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 04-04-2014 10:30 AM
Ah, thank you very much. I'll experiment with that.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 09-13-2016 08:40 AM
Hello Guys,
I seem to only be able to export to a .p7b and I'm then unsure where this file goes before editing the server.xml file. Any ideas?
