Xcode Server that comes with Xcode 9 now automatically generates SSL certificates for communication between server and clients. It also uses this certificate when communicating with the Xcode Server REST API. Is there a way to specify or replace the autogenerated keys and use a certificate from a trusted third party (like LetsEncrypt)?
The apache configuration file located at
/Library/Developer/XcodeServer/Configuration/httpd_os_xcs.confcontains this information:
Listen 443
<VirtualHost *:443>
# Xcode Server uses its own self-signed certificates
# only if no other SSL configurations for Apache have been found
<IfModule !ssl_module>
LoadModule ssl_module libexec/apache2/mod_ssl.so
SSLEngine on
SSLCertificateFile /Library/Developer/XcodeServer/Certificates/apache.crt
SSLCertificateKeyFile /Library/Developer/XcodeServer/Certificates/apache.key
</IfModule>
[...]
<IfModule mod_proxy.c>
SSLProxyEngine On
SSLProxyCheckPeerCN Off
ProxyPass /xcode/internal/api https://127.0.0.1:20343/api retry=0 timeout=30
ProxyPassReverse /xcode/internal/api https://127.0.0.1:20343/api
ProxyPass /xcode/internal/socket.io https://127.0.0.1:20343/socket.io retry=0 timeout=30
ProxyPassReverse /xcode/internal/socket.io https://127.0.0.1:20343/socket.io
</IfModule>
[...]
</VirtualHost>I believe the certificate is also part of the apache.keychain file found at
/Library/Developer/XcodeServer/Keychains/apache.keychainbut I haven't been able to verify that.
Every time the Xcode Server service is started in Xcode, the apache.{crt/key} files as well as the httpd_os_xcs.conf files are overwritten, so simple replacing/modifying these files does not appear to be an option.
The only way forward I can see is to implement some other SSL configuration as suggested in the http_os_xcs.conf file, but I can't seem to get that to work either.
Any suggestions or solutions are greatly appreciated.
