Os x server active directory
Remember, the goal here is replace my OS X server certificate. I'm never one to abandon an interesting problem - finally got back to this one - but have not come to success yet. If I do it after I push out ADCS certs to the clients (via Profile Manager), then the clients would at least trust that new OD server cert, since it can be chained back to the ADCS root. I don't know if the binding somehow made this cert trusted and the change will break that or not. communicating with a server with an untrusted cert. There doesn't seem to be a trust established for this certificate, so if I replace it with one from ADCS the clients will be in the same situation. I guess it is simply using it as an SSL certificate for in-transit encryption. I don't see the OD server certificate installed in my client's Keychain. If I do it before, I'm not sure how that will affect the binding to OD. I have to decide if I should do this before or after I push out a profile to my Mac clients with the ADCS root certificate. Eventually, I would want to replace my self-signed Open Directory server certificate with one issued by my ADCS CA. Once that is done, I have to make a choice. This involves adding the root certificate to Keychain. I suppose the first thing I need to do is make this OS X server trust the ADCS root. Well, I guess there is not a single expert on this out there watching, so I'll wing it. I know a good bit about handling certs in Windows, but I'm not on firm footing with the Mac server. How do I get the new cert into Mac Server? (I'm thinking "Import a certificate identity", but I've seen apps like Exchange that want certs pulled in via the pending CSR.) How do I submit the request to ADCS? (I'm thinking "MMC > Cert Authority > Submit a new request"?)Ĥ. How do I go about creating a CSR that my ADCS CA will accept? (I'm thinking "Get a trusted certificate" in Server > Certificates?) Is there a specific format I should save the request in?ģ. Do I need to load my ADCS root certificate into Keychain before I request a certificate? What is the best way to do so?Ģ.
#OS X SERVER ACTIVE DIRECTORY HOW TO#
I have a couple of questions about how to do this:ġ. The plan is to set up Profile Manager to let my Mac clients request certificates from ADCS automatically. I've recently rolled out Active Directory Certificate Services in the network, and I'd like to replace the self-signed certificates on Mac server with trusted certificates from ADCS. It has been running for some years now without issue using a self-signed certificate.
#OS X SERVER ACTIVE DIRECTORY MAC OS X#
I've got a Mac mini running Mac OS X High Sierra set up as my Open Directory server.