Moving Certificates Between OS X Server Installs

Recently I have started looking into moving some of the more important pieces of this server into a Virtual Machine environment for ease of backup and restoration in the event of something going very wrong.

One of those items I needed to investigate was moving my SSL certificates over. Here’s an example of moving over my www certificates. Don’t worry, this is a set I’m not actively using and have deleted, so nothing sensitive posted.

First, get a copy of the certificates, located in /etc/certificates and move them to your new server install. Mine were named this:

Move these over to your new server install. Note the part of the file names that are shown in red here.

Next, open Server.app and go to the Certificates section. Click the + sign and choose to Import a Certificate Identity…

In the dialog box, drag all the items into the certificates window, once you do you’ll see this:

CertMove1This is because on the original server when they are first imported, Certificate Manager encrypts the files with a random passphrase. It puts the passphrase in the System keychain, so we can easily find that.

Open up Keychain Access on the original server. In the search box, start typing the part of the filename (red in our example above) until only one item shows.

CertMove2Double-click it and click the show password box.

CertMove3

There is it! Carefully type that into the passphrase box on your new server and the certificate will import and be ready for use.

One caveat with doing this. During your initial certificate request, if you used the hostname of your server, which is likely, the server you migrate to must also have the hostname in addition to the dns name of the cert you are moving. If they differ, the client connecting to your system will fail with a hostname mismatch error.

This entry was posted in macOS Server. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *