Xcode 9 Server certificate overwrites Server.app website certificates on system restart.

Number:rdar://36835365 Date Originated:2018-01-24
Status:Open Resolved:
Product:Developer Tools (Xcode) Product Version:9.2
Classification:Bug Reproducible:Always
When hosting SSL websites using the macOS Server.app websites feature, the SSL certificate presented with the website can be overwritten with the Xcode Server automated SSL certificate after a system restart.

With the Xcode Server service migrating to the Xcode.app from Server.app in Xcode 9, the ability to use a custom SSL certificate for the service was removed. Now, when activating the Xcode Server service, it creates it's own, locally signed SSL certificate to secure the service.

If the Xcode Server service is active, and the system is restarted, all SSL websites hosted are then presented with the locally signed certificate. Whereas if the Xcode Server service is disable, and the system is restarted, the SSL websites are presented with the correctly assigned certificates.

If the system is restarted, previously having the Xcode Server Service on, disabling and re-enabling the service, will correct the situation presenting the right certificates for each website and service.

Steps to Reproduce:
• Install Server.app.
• Setup a website with an SSL certificate.
• Install Xcode.app
• Setup/Start the Xcode Server service.
• Restart macOS.

Expected Results:
The website presented through the macOS Server.app should continue to be presented with the correct SSL certificate.

Actual Results:
The website presents with the Xcode Server automatic certificate causing a hostname mismatch and security warning.

macOS High Sierra 10.13.3 (17D47)
Server.app 5.5 (17S1220)
Xcode 9.2 (9C40b)


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!