Open Directory refusing to use the server's certificate

We have an SSL certificate signed by a 3rd party (Digicert) and our Maverick's server refuses to accept it for use with Open Directory (though other services appear to be using it).
Here is a related thread discussing the problem.
We need SSL to work with Open Directory in our environment so I'd like to try whiping out the Open Directory data and set up our Maverick's Server as an OD master from scratch now that the certificate has been added to the server (it wasn't there when OD was originally turned on). What I don't want to do is re-install the entire OS.
Any tips on how to do this? 

I am having this exact same problem, and just noticed it. The certs we use here (Office of Information Technology at University of Massachusetts Amherst) are most often issued by InCommon.org so there shouldn't be a problem with this.
I am now wondering if this is causing a related problem with Profile Manager.
This is happening on Server v3.0.3.

Similar Messages

  • Help needed to log into an Open Directory account which has the same username as the local account

    Hello,
    I have successfully setup a Mac OS X Lion Server and it is an Open Directory Master. On the server Ihave created an account with the name 'Connor'. I have numerous Macs (allrunning OS X 10.7 Lion) connected to this server but on one of the Macs thereis a local account with the name 'Connor' too (the local and networked accountshave different passwords). I want to log into the Open Directory account onthat mac. So, I have done an authenticated bind to the server, but when I go tolog in the password box shakes. I think the computer thinks I am trying to loginto the local account and not the Open Directory account. On Windows, I canlog into either the local accounts or the networked accounts by typing\LOCAL-COMPUTER-NAME\Connor. So, I was wondering if there was a similar commandto do this on Mac.
    I don't think I haveworded this very well, so if someone doesn't understand please ask me somequestion about the problem and I will try and explain it better.
    Any help would be greatlyappreciated,
    Connor

    Maybe I didn't make myself clear. I have used directory utility to do an authenticated bind to my server. I also have no problem logging into other accounts in the Open Directory. But, I just can't log into the account which has the same name both in the Open Directory and locally.
    Was there something I missed in Directory Utility? Could you please help me if this is so.
    Thanks for replying so quickly

  • GB won't open- This is what I get... Path does not exist: /Library/Audio/Apple Loops Index  st: /Library/Audio/Apple Loops Index w/out this directory you cannot use the Loop Browser

    Path does not exist: /Library/Audio/Apple Loops Index  st: /Library/Audio/Apple Loops Index w/out this directory you cannot use the Loop Browser.  Then I get this message...
    Instrument Library Invalid
    GarageBand Ecpects a valid instrument foledr in /Libraty/Application Support/GarageBand
    Please choose a valid instrument Library folder or quit and re-install GB
    Any solutions?

    Is this a new installation of GarageBand or has it worked before on the same computer?
    Or have you transferrred your GarageBand from a different computer?
    The error message is saying, that your GarageBand installation is incomplete. There are essential foldrs missing in your system library. 
    Check, if indeed both folders are missing or if only the permissions are set incorrectly.
    Your system library (the folder "System" directly on your system drive) should have the following folders inside the folder "Audio", and they need to be readable by the system and by administrators.
    And in the folder /Library/Application Support there should be the Instrument Library.
    If these folders do not exist (or no longer exist), restore them from your backup-  If your GarageBand version is a new installation, the application may not hve been downloaded or installed completely, then reinstall GarageBand.
    What is your GarageBAnd version, and how did you install it originally?
    Regards
    Léonie

  • When I login to my bank, I get the message: 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied. Have new MacBook Air with Yosemite. How to solve this problem?

    When I try to login to the website of my bank, I get the following error message:
    403 - Forbidden: Access is denied.
    You do not have permission to view this directory or page using the credentials that you supplied.
    I have a new MacBook Air with OS Yosemite installed.
    What is the problem and how can I solve it?

    Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
    Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
    The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
    Back up all data.
    Double-click anywhere in the line below on this page to select it:
    com.apple.idms.appleid.prd
    Copy the selected text to the Clipboard by pressing the key combination command-C.
    Launch the Keychain Access application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
    Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
    Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
    The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
    Credit for this idea to Christian Braukmueller of SAP.

  • "Cannot send message using the server....."

    Hi all,
    Considering the nature of the problem I am about to relate I would have to say at the outset that I would be very very surprised if other people have not come across this problem, so here goes...
    We have around 60 users of Apple Mail from both 10.4 and 10.5, so varying degrees of versions of Apple Mail however most if not all are updated to 10.4.11 and 10.5.2.
    We have been plagued with people being frustrated about emails bouncing back with an immediate error which is basically the following...
    "Cannot send message using the server smtp.xxx.com:user
    Sending the message content to the server failed.
    Select a different outgoing mail server from the list below etc etc"
    I am sure a lot of you have seen this error.
    However, it is totally random but I am at the end of my tether with it. It generally revolves around emails with attachments and can be totally random. I was trying to send a screenshot today, very small screenshot, using the Apple-Shift-4 technique, sent the .png file, then saved it out as a .jpg, nothing. Tiny file, around 5k. Got the error above, took it out, sent no problem. Other similar files on the desktop refused to send but a .pdf did. I then thought it might be our server, so sent teh same attachments using my .mac account. Same result and failed to send. Reports from other users in our group show that they too get random results, maybe moving the attachment in the email makes it go, sometimes putting it before your signature, sometimes putting your signature copied and pasted in so many times makes it work, all sorts of methods but all resulting in the same conclusion, Apple Mail can be very unreliable.
    We have even migrated some users to Entourage and the problem disappears. Even to Thunderbird, but those users miss the search capability as it is quicker and more reliable. So they want to go back.
    Considering I have been struggling with this issue back in the day when we were on the Apple Mail related version in 10.4 I was hoping that the version released in 10.5 would remedy the problems. Sometimes I feel it has just got worse.
    Is anyone else experiencing this sort of difficulty in Apple Mail, I really feel isolated and at a loss with how to remedy this for so many users.
    If anyone can share their experiences and how they have got around similar issues in Mail I am all ears and open to any suggestions.
    Thanks everyone for taking the time to read through this. There is more but the experiences are so random it is not worth trying to put it all down.
    Thanks again.
    Gerry McCoy

    I went in to Connection Doctor and. oddly enough, for this Mac account it said I was on Port 25. Si I changed it to Port 587 and saved the changes.
    Still, I have the same problem with the same error messages.
    I go back to the mail preferences > Accounts > Advanced and it shows Port 143 still there grayed out.
    What about SSL - it's not checked.
    Odd that this problem only seems to be from one .mac account emailing to another .mac account. Could the server be down?

  • You do not have permission to view this directory or page using the credentials that you supplied.You do not have permission to view this directory or page using the credentials that you supplied.

    Hi,
    I update recently my OS to Yosemite and decided to use Safari again as my web browser (I was using Chrome). Some of the sites I need to access for professional reasons are not available with safari. I receive the message: "403 - Forbidden: Access is denied.You do not have permission to view this directory or page using the credentials that you supplied.". I believe there is a pattern here, they are all sites publish with IIS with SSL and build with ASP.NET.
    I can access them with Chrome (on OS X) or with Internet Explorer (with my Windows VMs).
    I've already cleared all saved passwords, cookies, history, etc...the problem remains. I'm sure this is a known problem, but all the answers I've found on the internet were for things like DNS and unavailability of the site. The sites are working fine and I can access them with Chrome.
    Can anybody help me? An explanation would also be nice :-) Something to do with Microsoft Authentication methods ?
    Thanks,

    Some websites require a special client certficate for access. If you don't have that certficate, you'll have to contact the site operator to find out how to get one.
    Sometimes the problem is caused by a web server that is configured to request an optional client certificate. Safari treats the request as mandatory. In that case, other browsers such as Firefox and Chrome may be able to connect to the site, because they ignore the request.
    The first time you were prompted for a certificate, you may have clicked through a dialog that requested access to the Apple certificate in your keychain that is used to secure the iMessage service. In that case, you may be able to regain access to the site in Safari by doing as follows.
    Back up all data.
    Double-click anywhere in the line below on this page to select it:
    com.apple.idms.appleid.prd
    Copy the selected text to the Clipboard by pressing the key combination command-C.
    Launch the Keychain Access application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
    Paste into the search field in the Keychain Access window by clicking in it and pressing the key combination command-V. An item may appear in the list of keychain items. The Name will begin with string you searched for, and the Kind will be "certificate."
    Delete the item by selecting it and pressing the delete key. It will be recreated automatically the next time you launch the Messages or FaceTime application.
    The next time you visit a site that prompts for an optional client certificate, cancel out of the prompt. You may have to do this several times before the server stops asking.
    Credit for this idea to Christian Braukmueller of SAP.

  • How to open a file created at the server through form/report at client end

    How to open a file created at the server through form/report at client end
    Dear Sir/Madame,
    I am creating a exception report at the server-end using utl file utility. I want to display this report at the client end. A user doesn't have any access to server. Will u please write me the solution and oblige me.
    Thanks
    Rajesh Jain

    One way of doing this is to write a PL/SQL procedure that uses UTL_FILE to read the file and DBMS_OUTPUT to display the contents to the users.
    Cheers, APC

  • Unable to set Open Directory master on brand new server

    I have a brand new Mac Mini server running 10.6.2 which I am unable to set as an OD master, receiving the error "There was a configuration error when configuring your server as an Open Directory Master. See the Configuration Log for more information about the failure."
    The log reads as follows...
    2010-01-10 10:34:31 +1100 - slapconfig -createldapmasterandadmin
    2010-01-10 10:34:31 +1100 - Creating password server slot
    2010-01-10 10:34:31 +1100 - command: /usr/sbin/mkpassdb -a -u diradmin -p -q
    2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -a -u root -p -q
    2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -a -u paisleypark.local$ -p -q
    2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -setcomputeraccount 0x4b4912886b8b45670000001b0000001b
    2010-01-10 10:34:32 +1100 - Setting SASL realm to <OpenDirectory.pIxrV9>
    2010-01-10 10:34:32 +1100 - command: /usr/sbin/mkpassdb -setrealm OpenDirectory.pIxrV9
    2010-01-10 10:34:32 +1100 - Copied file from /etc/openldap/slapd.conf to /etc/openldap/slapd.conf.backup.
    2010-01-10 10:34:34 +1100 - command: /usr/bin/net getlocalsid
    2010-01-10 10:34:34 +1100 - Removed file at path /var/db/openldap/openldap-data/DB_CONFIG.
    2010-01-10 10:34:34 +1100 - Starting LDAP server (slapd)
    2010-01-10 10:34:54 +1100 - Error: The slapd process did not start.
    2010-01-10 10:34:54 +1100 - Stopping LDAP server (slapd)
    2010-01-10 10:34:54 +1100 - Removed file at path /var/run/slapconfig.lock.
    ... but I am unable to locate any reference to the specific error in these forums or via my friendly neighbourhood Google.
    Any ideas greatly appreciated.

    Well, like I mentioned, if DNS is not properly configured, all bets are off. And again, if you start services before making it an OD master, you could be asking for trouble. You may be able to fix the installation, but I'd seriously consider starting over.
    You might be able to fix what you have well enough to make it work, but what happens in 6 months when it gets flaky about something. You may end up wondering of there was something wrong to begin with.
    So yes, I'd start over.

  • Intermittent "Cannnot send message using the server" error

    I've been getting an intermittent "Cannnot send message using the server" error for a couple of months now. It happens every 3 or 4 e-mails I try to send or reply to. I select "Try Again Later" and then open the message from the Outbox and resend with no problem.
    My setup is;
    Mail 2.1.1
    OSX 10.4.9
    MacBookPro
    CableVision is my provider
    It's a POP account
    My incoming server is pop.secureserver.net
    My outgoing server is smtpout.secureserver.net
    Server port 3535
    Authentication - Password
    SSL is off
    Any help would be appreciated

    Hi Dave, and a warm welcome to the forums!
    No expert on this, but I wonder since your using the secureserver, if SSL might not work better.
    Or maybe try...
    Incoming Mail Server Name (POP3): pop3.optonline.net
    Outgoing Mail server Name (SMTP): smtp.optonline.net
    or mail.optonline.com for both!?
    Nearly impossible to find any help on Cablevision's site.
    Also, I wonder if this might have something to do with Tiger's Mail also...
    http://discussions.apple.com/thread.jspa?threadID=1372763

  • "cannot send email message using the server icloud" on 10.6.8

    I use mail from my desktop, not from iCloud on the Internet. I have a MacBook Pro with 10.6.8 Snow Leopard. My mail was working fine until yesterday.
    It says "Cannot send message using the server iCloud. connections to the server smtp.me.com on the default ports timed out. Select a different outgoing mail server from the list below.
    The list has:
       ICloud offline
       and Icloud
    Neither of them work.
    What has Apple changed regarding this in September?
    (I know others have posted similar message, but they were on 10.7)

    Same problem here.
    Recently an @icloud.com version (alias) of my existing @me.com email address appeared on my account. I can still send messages form the OSX build in Mail client as long as I am using the @me.com version of my email, but I do get this message when I try to use the new @icloud.com account.
    My account with iCloud states that both @me.com and @icloud.com versions of my email are active.
    Would be nice to know if this is a temporary problem of if this is a permanent one.
    The settings on the outgoing mail server are default as retrieved from apple when I configured the @me.com email for the first time. I went through the troubleshooting suggestions as provided on Apple website, double checking all the settings, no joy. At the very list I can still use the old @me.com alias with no problem (for now)
    MacBook Pro / Mountain Lion 10.8.2

  • Cannot send message using the server (null)

    i use mail 2.1.
    i have a .mac account and have three other email accounts attached to my mail account.
    lately, i cannot send any email.
    the switchiing ports fix hasn't helped either.
    this is the error message:
    CANNOT SEND MESSAGE USING THE SERVER (null)
    The server response was: 5.1.0 <email [email protected]>...
    From address does not match authentication.
    Use the pop-up menu below to try a different outgoing mail server. All messages will use this server until you quit Mail or change your network settings.
    Message from: email <[email protected]>
    Send message using: [there is a combo box here with all the four accounts servers listed]
    no matter which one i pick it doesn't work and no email is sent.
    anyone have this error before? or now how to fix it?
    i'd be appreciative.
    thanks
    1.67 GHz Power PC PowerBook G4   Mac OS X (10.4.6)   Sony HDR HC3 HD HandyCam MiniDV

    I was having a similar problem (don't feel like typing all the details)
    I was about to to delete my com.apple.mail.plist, when finally it hit me.
    I ran ethereal (again, I'm sorry, but learning how to use ethereal is a topic unto itself). Following the TCP stream (ie. looking at the smtp messages being sent back and forth) I came across two problems. For some reason my port number was set to 567 or something like that, when it's supposed to be 25, as I had originally set it to.
    Once I corrected the port number I started receiving an error message from the smtp server. It said the return email address could not be authenticated. (using xyz.com as an example) The correct return email address was supposed to be [email protected], but for some reason it was changed to john@xyz in the account settings.
    Anyway, to get to the point, another thing to check is that your return address has been set correctly, and if all else fails, make sure you have X11 installed and use fink to install and run ethereal. This will let you know if you are actually connecting to the server, and will show you any error messages.
    PS. I think this problem started occurring with the last update made to mail. I believe it somehow corrupted my settings. This would explain how my port number could have been changed to the default port number of .mac mail.

  • Cannot Send Messages Using  the Server

    I am dependent (during the day) on a wireless connection to the Minneapolis Wi-Fi system (U.S. Wireless).
    I've got an e-mail account with comcast and I have successfully interfaced this with the Apple Mail application that came with OS X 10.5.4 and for many weeks have been happily sending and receiving e-mails. But....
    I've been on the road and had to connect with Hotel internet services and I was picking up free WiFi in NYC when I was there.
    I first noticed the problem when I was staying at a hotel in Vermont.
    I would try to send e-mails and I would get the message:
    CANNOT SEND MESSGE USING THE SERVER __________.
    Select a different outgoing mail server....
    Now, I am back home and using my U.S. Wireless connection (which has been really bad lately).
    I keep getting these blasted messages and my mail sometimes goes through but more than often, I get these "cannot send message.." notices and my e-mail just sits there going nowhere in the outbox.
    How can I solve this problem?

    Beside the SMTP name -- smtp.comcast.net -- there is a pair of arrows, with one pointing up and one pointing down. If you click on those arrows you will be presented with a list of all SMTP ever enter (you may only have one), and also the command to Edit Server List. If you choose Edit Server List, you will be presented with a completely new setup window, dealing only with SMTP servers, and that window will have two tabs, one of which is also Advanced.
    From the name, smtp.comcast.net, without your Username appended, would indicate that an Authentication of None is currently in effect. With changes that Comcast has made recently, whether you use Port 25 or Port 587, I believe you would have to use Password Authentication, most certainly if the latter Port 587 is chosen.
    If you click on the link below, although not for Comcast, you will nevertheless see in section 12 through 15, screenshots that cover the SMTP setup that I am describing above.
    http://wildblueworld.com/dishmail.net/howdoi-applemail.php#2
    Ernie

  • OSX Mail - Cannot send message using the server ....

    Hi there,
    Mac Pro with OSX 10.6.
    *Can receive mail, but can no longer send email* using the program Mail.
    Been getting the popup "Cannot send message using the server [shawmail.vc.shawcable.net] for the past 3 days. I hadn't changed anything about my computer, and have had the Mac for 2+ years. So this just started doing it on it's own.
    I had a technical support guy from my service provider even interface with my computer, where he could see my desktop right over the internet, and he couldn't get it fixed either.
    I googled this problem, and found solutions like:
    1. Uncheck "Use SSL" (Done that, and it was never checked "on" to begin with)
    2. Make sure Authentication is set to none, with no password (done that, and it wasn't set with a password to begin with)
    3. Delete [user]/Library/Preferences/com.apple.mail.plist (done that, didn't do anything)
    4. We even totally deleted my account, and started a new fresh one. Didn't work
    The tech support guy did show me a way to email online, using the same email account. That worked, but it's a hassle to go onto a web-based email program -- it's not my preference. So, with great certainty, it's not my service provider, because I was able to send emails on this web-based email program using my email account.
    So there, I'm stumped.
    Hopefully someone can help. What's bizarre is that googling this problem, I have found many other people that say it happens arbitrarily, out of nowhere.

    I can't believe how ridiculous this issue is. i have been searching for days for a solution to this. i have tried EVERY recommendation on these forums and nothing works. It appears that this issue dates back to TIGER. I had this problem back in January and just bagged figuring it had something to do with iweb. I bought a new html program and was able to send out my newsletter last month no problem. Suddenly, one month later- here i am again, unable to send out my newsletter with no help from Apple or verizon, or these forims, or anyone else. To think that a company that I have stood behind and loved so much can't be be bothered fixing such a simple issue that has been going on now through  5 OS's (I am using Lion but I had the issue using leopard as well)  is a disgrace.

  • I'm running Pages version 5.2 on a Desktop Mac version 10.9.2. with the Pages app open how do I use the Time Machine to go back five hours to see the work?

    I'm running Pages version 5.2 on a Desktop Mac version 10.9.2. With the Pages app open how do I use the Time Machine to go back five hours to see my page? Can I access Time Machine within an app like Pages? How do I enter Time Machine within the application? It always takes me to the Finder. I apolgise for the mumbo jumbo. I simply do not know how to use Time Machine. It makes sense when I follow the Tutorial but then I lose it.

    OK. You've kind of skipped over the reason why you want to go back five hours, but my assumption would be that you've made changes to a Pages file that you want to revert.
    There are two ways to tackle this. From Pages itself, open the current version of your document, and from the File menu, click Revert To, and Browse All Versions. You'll then be in the Time Machine interface for that file, and can browse back to the version you want.
    Or, outside of Pages, you can select the file (or the folder it was originally in, if you've since deleted it) and enter Time Machine from the TM menu (it sounds like you've already tried this?)
    best
    Matt

  • 403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied

    I got this message when trying to checkout from a site store:
    403 - Forbidden: Access is denied.
    You do not have permission to view this directory or page using the credentials that you supplied.
    Any ideas how can I solve it?

    Ask the people running the store; that error generally means that you tried to do something they don't allow or something's wrong on their end.
    (89086)

Maybe you are looking for