Mac OS X Server v10.6: Using SSL for Server Admin Connections

Summary

Server Admin provides a method for securing communications between the Server Admin application and the servermgrd process running on Mac OS X Server.

In order to use an SSL connection, you must first configure the Mac OS X Server com.apple.servermgrd identity preference in Keychain Access to use a trusted certificate. This can be achieved by either changing the trust on the self-signed com.apple.servermgrd certificate that is assigned to the com.apple.servermgrd identity preference by default, or by changing the com.apple.servermgrd identity preference to point to an existing trusted certificate.

Products Affected

Mac OS X Server 10.6

  1. In Mac OS X Server, open Keychain Access.
  2. Select the System keychain.
  3. Double click the com.apple.servermgrd identity preference.
  4. Select an available trusted certificate. If you do not have a trusted certificate available, you may need to trust the self-signed com.apple.servermgrd certificate issued by default by the Mac OS X Server installation.
  5. Authenticate as an administrator if prompted.
  6. As root, restart servermgrd for the changes in Keychain Access to take effect--use this Terminal command:
    sudo killall servermgrd
  7. Authenticate with your administrator password if prompted.

In order to use the trusted certificate for SSL in Server Admin, you must configure Server Admin to require a valid digital signature:

  1. Open Server Admin.
  2. From the Application menu choose Preferences.
  3. Enable "Require valid digital signature (SSL)".

Additional Information

You can test a secure connection to servermgrd by accessing Server Admin's web interface via a web browser.  The following steps use Safari.

  1. Open Safari.
  2. Navigate to your server’s fully-qualified domain name via https on port 311 (for example, https://server.example.com:311 ).

    If your certificate is configured correctly, you will not be prompted about trusting a certificate.
     
  3. If the connection to servermgrd is using SSL, a lock icon appears in the the upper-right corner of the Safari window. Click the lock icon to verify the certificate used for SSL matches the certificate configured in the com.apple.server identity preference in Keychain Access.
Not helpful Somewhat helpful Helpful Very helpful Solved my problem