I created Open Directory and ProfileManager with self-signed certificate. Now I try to replace the self-signed certificate with the already Signed Certificated currently use on our Active Directory 2008. I do an Export .pfx cert from this link http://www.digicert.com/ssl-support/pfx-import-export-iis-7.htm
When I try "Import a Certificate Identity" from Certificate Menu on Left Sidebar of Server.app the application is hang.
I also use the keychain to import .pfx by follow this link http://www.digicert.com/ssl-support/p12-import-export-mac-server.htm but it also not available in Server.app Certificate
So Is there any command line that could help or a better way to add a private key + cert to Server.app
Best Answer
You need to import the cert via Server.app; that'll add it to the System keychain and several other locations that allow non-keychain-aware services to use it. I'm not sure why it'd be hanging, but I can think of a few things to try:
If it's not a self-signed certificate, you probably need to import the appropriate intermediate certificate(s) by dragging them into the "Drag extra non-identity certificates here" section of the import dialog. If it's a DigiCert certificate, you can find their intermediate certs here. There's probably also a way to export this from the Windows server, but I'm not familiar enough with it.
It's possible Server.app is getting confused by the file extension. Try renaming it from .pfx to .p12 (they both refer to the same file format, PKCS #12).
There might also be something odd about the file contents. Since it sounds like it imports ok via Keychain Access, try importing it with that, then re-exporting it to .p12 (see the instructions you linked), then delete it from the keychain (to avoid a conflict) and re-import it with Server.app. It's possible importing and exporting with Keychain Access will clean up the file and make it work properly in Server.app as well.