MacOS – OS X Maverick 10.9 Import SSL Cert from Windows Server 2008


I created Open Directory and ProfileManager with self-signed certificate. Now I try to replace the self-signed certificate with the already Signed Certificated currently use on our Active Directory 2008. I do an Export .pfx cert from this link

When I try "Import a Certificate Identity" from Certificate Menu on Left Sidebar of the application is hang.

I also use the keychain to import .pfx by follow this link but it also not available in Certificate

So Is there any command line that could help or a better way to add a private key + cert to

Best Answer

You need to import the cert via; that'll add it to the System keychain and several other locations that allow non-keychain-aware services to use it. I'm not sure why it'd be hanging, but I can think of a few things to try:

  • If it's not a self-signed certificate, you probably need to import the appropriate intermediate certificate(s) by dragging them into the "Drag extra non-identity certificates here" section of the import dialog. If it's a DigiCert certificate, you can find their intermediate certs here. There's probably also a way to export this from the Windows server, but I'm not familiar enough with it.

  • It's possible is getting confused by the file extension. Try renaming it from .pfx to .p12 (they both refer to the same file format, PKCS #12).

  • There might also be something odd about the file contents. Since it sounds like it imports ok via Keychain Access, try importing it with that, then re-exporting it to .p12 (see the instructions you linked), then delete it from the keychain (to avoid a conflict) and re-import it with It's possible importing and exporting with Keychain Access will clean up the file and make it work properly in as well.