Like the majority of server systems you will install your SSL certificate on the same server where your CSR was created. SSL Installation for Mac OS X 10.11. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate. The Linux and Windows sync clients work fine and all three platforms (Ubuntu, Windows 8 and Mac OS X) work fine with the web front end but using the latest version of the Mac OS X sync client (the only one I've ever tried) produces the same results as the above screen shot.
How can I re-enable TLS 1.1 and 1.0 on server 5.3 with macOS 10.12.4 in the short term while I evaluate all the clients that aren't ready for TLS 1.2? If you jump to the bottom, attempts to change comfiguration files have failed so far to restore backwards compatibility SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 After having updated our server to macOS 12.4 and the Server app to version 5.3, using curl to connect to a macOS server https site from a Linux machine ceased to work, issuing the following messages on the client side: $ curl -v -insecure -o 'output.file'.
About to connect to myserver.domain port 443 (#0). Trying 192.168.xxx.xxx. Connected.
Connected to myserver.domain (192.168.xxx.xxx) port 443 (#0). successfully set certificate verify locations:. CAfile: none CApath: /etc/ssl/certs/. SSLv3, TLS handshake, Client hello (1): data not shown. error:1407742E:SSL routines:SSL23GETSERVERHELLO:tlsv1 alert protocol version.
Closing connection #0 The connection worked well before the update of the macOS server. So it seems that the update switched off a connection option which curl relies on. I googled a lot, but I am still uncertain about what exactly the cause is.
The same curlcommand works when issued from another Mac. OpenSSL/0.9.8h This is a very old (and unsupported) version of OpenSSL you are using here which has no support for modern protocols like TLS 1.2 and modern ECDHE ciphers. Chances are high that after the upgrade your server now requires such protocol and/or cipher and thus connecting with your old OpenSSL version will fail. SSLv3, TLS handshake, Client hello (1): This might also indicate that your client is trying to use SSL 3.0, which is usually disabled today because it is an insecure protocol.
You might try to enforce to use TLS 1.0 (which is supported by OpenSSL 0.9.8) by using curl -1 or curl -tls1 in the hope that the server still supports TLS 1.0 and has ciphers configured to be usable by the old OpenSSL version. There are no messages in the apache log. The server isn't public. I tried openssl sclient -connect myserver.domain:443 from my Mac, but it results in CONNECTED(00000003) 16140:error:140790E5:SSL routines:SSL23WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-64.50.6/src/ssl/s23lib.c:185.
And if I add -tls1, then I get 31629:error:1409442E:SSL routines:SSL3READBYTES:tlsv1 alert protocol version:s3pkt.c:1053:SSL alert number 70 in addition to above messages. – Apr 9 '17 at 16:01. I also need to enable TLS 1.1 on Sienna Server 5.3 There are a few emails that aren't getting through due to it. /library/server/web/config/apache2/sites/0000127.0.0.134543myserver.domain.conf /library/server/web/config/apache2/httpd.conf FILE NOT ON MY SERVER /library/server/web/config/apache2/httpdserverapp.conf editing (in bold) and restarting did nothing IfModule modssl.c SSLProtocol -all +TLSv1.1 +TLSv1.2 -DIDNT WORK SSLProtocol All -DIDNT WORK /library/server/web/config/proxy/apacheserviceproxy.conf (multiple instances here) sorry I'm not using this right, but hopefully when I am done it will be an actual answer.