Author Topic: Open Directory CA vs 3rd Party Certificate  (Read 456 times)

isthatyourbag

  • Newbie
  • *
  • Posts: 7
    • View Profile
Open Directory CA vs 3rd Party Certificate
« on: October 10, 2016, 10:01:57 AM »
I'm using Server 5.1.x on a mac mini server with El Capitan. I have purchased a third party SSL certificate, and in the Server app certificates section, I've set Open Directory to use this certificate.
 
Why do my client machines ask to trust a self-signed Open Directory Certificate Authority instead of using the 3rd party (trusted) certificate?

Why is Open Directory creating a CA to use?

Reid Bundonis

  • Administrator
  • Full Member
  • *****
  • Posts: 107
    • View Profile
Re: Open Directory CA vs 3rd Party Certificate
« Reply #1 on: October 14, 2016, 12:20:30 AM »
Where are you seeing the self-signed?  Are you seeing this during device bind?  How are you binding? 

I can not say I've seen this yet.  I will run some tests this weekend and post back.




isthatyourbag

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Open Directory CA vs 3rd Party Certificate
« Reply #2 on: October 17, 2016, 04:07:15 PM »
I've bound a Sierra client and it shows the offending certificate - the one that's not trusted and that's where the Open Directory shows up. It's at the top of the chain.
« Last Edit: October 17, 2016, 04:14:41 PM by isthatyourbag »

isthatyourbag

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Open Directory CA vs 3rd Party Certificate
« Reply #3 on: October 17, 2016, 04:23:50 PM »
I did a test with a different machine running El Capitan 10.5.6 and joined it to my network. The process asked me if I wanted to trust the certificates, and when I said Yes, the Open Directory CA and code signing certificate appeared in my key chain.

The server machine is running Server 5.2 on top of Sierra.

« Last Edit: October 17, 2016, 04:38:17 PM by isthatyourbag »