Renew the Code Signing Certificate on Os X Server 10.8.x

Server app warns me I have to renew the code signing certificate soon.
It tells me everyday. It will do so until I do renew it…but nothing happens when I clic in the Server GUI….

Ok according to this Apple KB : http://support.apple.com/kb/HT5358 this is done via command line .

1) identify certificate :

myserv.mydomain.com Code Signing Certificate

2) get Subject Name ( Common Name ) :

myserv.mydomain.com Code Signing Certificate

3) get issuer name (Common Name):

IntermediateCA_MYSERVER.MYDOMAIN.COM_1

4) Serial Number :

Note the serial number, convert it in hexadecimal and remove the 0x at the beginning.
either you follow the Apple KB and use the Calculator.app.

  • STANDARD decimal serial number (10) : 2529263939
  • HEXA hexadecimal converted (16) : 0x96C18143
  • final HEXA without beginning 0x (and we need it in lowercase) : 96c18143

Or you can use this one liner :

python -c "print hex(2525483279)" | sed s/0x//g

result

9687d10f

It was in lowercase for me but just double check it is your case too.

5) Final Terminal Command to change the Certificate

— in 10.8 :

sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin --recreate-CA-signed-certificate "myserv.mydomain.com Code Signing Certificate" "IntermediateCA_MYSERVER.MYDOMAIN.COM_1" 9687d10f

— in 10.7 :

sudo /usr/sbin/certadmin --recreate-CA-signed-certificate "myserver.mydomain.com Code Signing Certificate" "IntermediateCA_MYSERVER.MYDOMAIN.COM_1" 9687d10f
Olivier
About

Product and graphic designer turned to be a Mac SysAdmin.

Posted in Admin, Mac, tips tricks scripts Tagged with: , , , , , , , , ,
One comment on “Renew the Code Signing Certificate on Os X Server 10.8.x
  1. Daniel says:

    This should take care of the entire crap for 10.8 in one line:

    sudo /Applications/Server.app/Contents/ServerRoot/usr/sbin/certadmin –recreate-CA-signed-certificate “`hostname` Code Signing Certificate” “IntermediateCA_`hostname | tr ‘a-z’ ‘A-Z’`_1″ `security find-certificate -c “\`hostname\` Code Signing Certificate” | grep snbr | cut -d “x” -f 2 | cut -d ” ” -f 1 | tr ‘A-Z’ ‘a-z’ | sed ‘s/^0*//’`

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>