Open Radar

 
Summary:
Server.app fails to create private key file upon .key and .pem (certificate) import. 

Steps to Reproduce:
In Server.app go to Certificates section, klick the + button to import a trusted identy.
Import an RSA .key private key file, and a certificate in .pem format.
Also drag the intermediate certificate of your signing CA into the import dialog.
Klick import.

check if there are four entries in /etc/certificates.

Expected Results:
The certificate and private key should be fully imported and in a usable manner to be activeated for somewhat securing services with Apple's hideously crappy TLS 1.0 to avoid plaintext.

These files should exist in /etc/certificates
-rw-r--r--    1 root  wheel      2849 Sep 29 23:11 hostname.example.com.36BE48F8059567B81C4CC3B41B33B237D4EF4702.cert.pem
-rw-r--r--    1 root  wheel      7821 Sep 29 23:11 hostname.example.com.36BE48F8059567B81C4CC3B41B33B237D4EF4702.chain.pem
-rw-r-----    1 root  certusers  2849 Sep 29 23:11 hostname.example.com.36BE48F8059567B81C4CC3B41B33B237D4EF4702.concat.pem
-rw-r-----    1 root  certusers  3272 Sep 29 23:11 hostname.example.com.36BE48F8059567B81C4CC3B41B33B237D4EF4702.key.pem

The .concat.key file should consist of a certificate and an encrypted RSA private key PEM part.


Actual Results:
The .key.pem file is not created by Server.app.
The concat file does not contain the private key part.
This certificate can't be used to secure services even though Server.app shows it as being selected.




Regression:
This did work in 4.1.5 it'c completely broken in Server 5.
Server 5 is unusable due to lack of working encryption if you still dare to call Apple's crappy TLS 1.0 cipher suites encryption.



Notes:
Can not be fixed manually since I can't generate an encrypted private key file that Server.app actually will understand and use.
Result: It's not possible to secure services with TLS in a so called OS X “Server”.