10.8 – Page 4 – topicdesk.com

How to verify that an SSL key, certificate and CSR match

February 11, 2013/in General and Support/by Jeff Johnson

These commands will output a short string of characters.
If the characters match, then they belong together.

openssl x509 -noout -modulus -in mydomain.crt | openssl md5
 openssl rsa -noout -modulus -in mydomain.key | openssl md5
 openssl req -noout -modulus -in mydomain.csr | openssl md5

How to to decrypt an SSL Key

February 10, 2013/in General and Support/by Jeff Johnson

When you setup SSL in Server Admin, the ‘key’ is stored RSA encrypted.

If you want to use your certificate outside of Server Admin, you’ll need the passphrase or a non-encrypted copy of the key.

There are a few approaches, here’s one:

The certificates are stored in /etc/certificates, so lets go there:

cd /etc/certficates

Take a look at all the keys/certs in this directory:

ls

For every cert you created, you will see several files [cert key concat & chain] You might even see more than one set for your certificate. Each set has a unique ID in the name of each file in the set.

If you want to decrypt the key for mail.example.com, and you see more than one set, you can see which is the latest by viewing the list sorted by date.

ls -alt

Now you know which key you would like to decrypt. We’ll need the passphrase, here’s how we get it:

Copy the unique ID to your clipboard.
Open the Keychain Access application from your Utilities folder.
Search for the unique ID, and double-click it to view the details.
Click the Show password button (enter your credentials)
Copy the password to your clipboard, this is the RSA passphrase

Now lets make a non-encrypted copy of the key.

sudo openssl rsa -in mail.example.com.3EB9B8B7D8114ECFD01BD4B5C7BB221FE1754180.key -out ~/Desktop/mail.example.com.no-pass.key

When asked, paste the passphrase you copied to your clipboard earlier.

Thats it.
The non-encrypted key is now on your desktop now.

How to enable/disable greylisting [10.7 – 10.8]

February 2, 2013/in OS X Server Mail Services/by Jeff Johnson

Click here to learn more about greylisting

To disable greylisting

sudo serveradmin settings mail:postfix:greylist_disable = yes

sudo postfix reload

To enable greylisting

sudo serveradmin settings mail:postfix:greylist_disable = no

sudo postfix reload

How to lookup a user GUID

February 2, 2013/in General and Support/by Jeff Johnson

You can lookup a users’s GUID using WorkGroup Manager, but what fun is that?

Here are just a few ways you can lookup a GUID

Lookup a single user: 10.7 & 10.8 Only:

sudo /Applications/Server.app/Contents/ServerRoot/usr/bin/cvt_mail_data -i bobsmith

How handy it would be to have a list of all users and their GUID?

dscl /Search -list /Users GeneratedUID

Above returns all of the sytem users, its cleaner if we omit them:

dscl /Search -list /Users GeneratedUID | grep -v '^_'

Is spamtrainer compatible with OS X 10.8.x Mountain Lion Server?

December 3, 2012/in spamtrainer/by Athanasios Alexandrides

Yes, starting with version 1.9.8, spamtrainer is compatible with OS X 10.8.x Mountain Lion Server.

Posts