OS X Server: Cannot enroll devices with Profile Manager after changing server's hostname
When using a self-signed certificate, a new certificate must be created to enroll devices with Profile Manager after changing the server's host name.
To create a new certificate for the new host name:
- In Lion Server only: On the server, enable the root user, then log in as root.
- Open the server.app.
- In Lion only: Sign in as the System Administrator (root) user.
- Go into the Settings for this server via the Hardware section.
- Next to SSL Certificate, click the Edit... button.
- Choose "Manage Certificates..." from the action menu.
- Choose "Create a Certificate Identity..." from the + menu; this opens Certificate Assistant.
- In the Name field, enter the server's new host name.
- From the Identity Type pop-up menu, choose Leaf.
- From the Certificate Type pop-up menu, choose SSL Server.
- Click Create.
- When prompted to Choose An Issuer, select the Intermediate Certificate Authority for the existing Open Directory.
- Click Create.
- After the certificate is created, click Done.
- A prompt will appear requesting permission to export the key for the certificate from the keychain into the Server.app. Choose Always Allow.
- In the Server.app, select the new certificate for the web service. This certificate can be used for other services as desired.
- For Lion Server only: Log out of the root user, then disable the root user.
- Enroll or re-enroll devices with Profile Manager.
Changing a server's host name may adversely affect the services running on the server and the clients that use those services. Some services may be unavailable or only partially functional after changing the hostname. All devices already enrolled with profile manager will have to be removed from the Profile Manager administration website and then re-enrolled after following the above steps.
Before changing the hostname, consider making a full backup of the server.