How do I get com.apple.servermgrd to use a non-self-signed SSL certificate?
Apple KB article HT3930 explains how to configure SSL for servermgrd
, the Server Admin web interface.
It applies to Mac OS X Server 10.6 so until Apple updates this article part of the steps are confusing / obsolete.
Luckily, on Mountain Lion Server (10.8) servermgrd
's certificate is stored in the same location as on Mac OS X Server Snow Leopard: in the System keychain of Aplications>Utilities>Keychain Access.
Here is what is needed on Mountain Lion (taken from the article)
- While logged into the OS X where Server is set up to run services, open Keychain Access.
- Select the System keychain.
Double click the
com.apple.servermgrd
identity preference (credit: picture borrowed from here):Select your valid SSL certificate. You will have to import your SSL certificate first as explained in KB article PH7297.
- Authenticate as an administrator if prompted.
- As root, restart servermgrd for the changes in Keychain Access to take effect with this Terminal command:
sudo killall servermgrd
(authenticate with your administrator password if prompted).
I have confirmed this technique also works for a Mac running OS X 10.9.0 Mavericks with Server app version 3.0.1 (after renewing an SSL fallback certificate which renewal process was self-signed, I had to toggle it to a valid certificate signed by a trusted CA).
From another (administrative Mac) on the same subnet which is running OS X 10.9.1, I can launch Server app 3.0.2, then select "Other Mac", then select the Mac mentioned above as the target Mac to log into and administrate. Doing so works fine (the certificate is trusted and there is no alert panel generated warning about distrusting com.apple.servermgrd etc.).