Open Radar

 
Summary:
When connecting to the Xcode Server API it uses the certificate generated when the Server is setup rather than SSL certificates provided in the Certificates list.



Steps to Reproduce:

1. I have a Certificate Authority which I use for a couple of servers and have installed the CA cert on all my devices

2. In OS X Server's certificates pane I add a new certificate, choosing to “Get a Trusted Certificate” which gives me the certificate signing request

3. In Keychain I create a signed certificate from the CA using the CSR

4. I add the .pem file to the Certificate in OS X Server and select to use it for all the services

5. In Safari I load the Bots UI (https://server.local/xcode) and it shows my newly created SSL certificate

6. In Safari I load the Xcode Server API for Bots (https://server.local:20343/api/bots) and it prompts about an untrusted SSL certificate, which I believe is the one created when OS X Server is first set up



Expected Results:
The certificate used for the Bots API should be the newly added certificate and the same as the Bots UI certificate.



Actual Results:
I get an untrusted certificate warning about the self-signed (by OS X Server) certificate.


Notes:
I am trying to use the Xcode Server API for an iOS app and as such would have to disable ATS for any domain (as I wouldn’t know the domain users would need to connect to). Using the provided certificate would the user to trust that certificate in Safari or installing the certificate on the device before using my app.