Server 5.0.4 certificate use/selection completely broken and unusable for ANY TLS!

Number:rdar://22846014 Date Originated:24-Sep-2015 11:33 PM
Status:Open Resolved:
Product:OS X Server Product Version:5.0.4
Classification:Security Reproducible:Always
Server 5.0.4 certificate use/selection completely broken and unusable for ANY TLS!

Steps to Reproduce:
Do a completely clean install of OS X Yosemite, install all available updates from Apple.
Install private keys and certificate for the server's FQDN.
Verify and confirm that DNS is working for A and PTR.
Install Server 5.0.4.
Launch Server 5.0.4 and let it install its components.
In go to Certificates in the sidebar and see all your preinstalled certs readily available.
See that Server shows a “custom configuration” for TLS.
Try to change that config and assign the appropriate certificates for the services.

Expected Results:
All services that support TLS should be available for configuration.
Mail (IMAP, POP), Mail (SMTP), Messages (XMPP/Jabber), Web, CalDAV, CardDAV, OpenDirectory
I should be able to select the appropriate certs to use for services, save that config and end up with properly configures services that use exactly these keys/certs.

Actual Results:
Calendar (CalDAV) and Contacts (CardDAV) is completely missing from the selection. You can't assign a certificate to a service that is TLS ONLY. This makes this services completely unusabel. (After 5.0.3 already broke it completely.)

OpenDirectory is  is completely missing from the selection.

Selection for Web, Mail (IMAP and POP), Mail (SMTP) and Messages is absolutely impossible.

This was already in part broken by Server 5.0.3 making its use impossible. 5.0.4 improved on that breakage by making ANY TLS service impossible to use. This OS X Server is now a paperweight.

This is a _completely_ clean install of OS X Yosemite and No migration has taken place of any kind.
I've attached a screen recording of the behaviour.


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!