I recently started getting daily alerts that my Lion Server's Code Signing Certificate would expire soon. Clicking on the 'Renew' button did nothing so I dug around a bit.
I came across an article from Apple (http://support.apple.com/kb/HT5358) pertaining to Lion Server and had to make some adjustments to the terminal command to renew the license. Specifically, that parts that didn't work from the Lion example were this:
- The Lion example on Apple's page shows the full path to the 'certadmin' command, which must not be located in the same directory as it is now in Mountain Lion because it worked for me without specifying the full path.
- The other part that was causing me errors was the use of capitalized letters after converting the base 10 serial number to hex. Even though the calculator displayed the alpha characters as caps, it would error on me until I switched to lower case alpha in the actual command to renew.
So, in order to renew, I had to open the existing certificate information via Keychain Access (/Applications/Utilities/Keychain Access), obtain the exact certificate name, the common name, and the serial number. Then you have to use the calculator in Programmer mode to convert if to hex (unless you can do it in your head). Once you have that, you can run the following command (substituting your information of course):
sudo certadmin --recreate-CA-signed-certificate "servername.domain Code Signing Certificate" "IntermediateCA_SERVERNAME.DOMAIN_1" x3c2jds8
No comments:
Post a Comment