(Thanks Jenn)
Blogged with Flock
Friday, February 1, 2008
Wednesday, January 30, 2008
SSL you taunt me so....
So, with the bright idea of, "Isn't it easier just to get a wildcard certificate?" in hand, time to fight the server... once you get your head around what's actually required and work your way around a kindly added Apple "gotcha" wildcard SSL is actually possible.
So, wildcard SSLs are available from several people, but the one I was working with came from mactechdomains.com
When you get your certificate, you'll get a .crt and a intermediate key from the issuing CA. This is great for the machine that you started the request from (i.e., you went to Server Admin, filled in the details, and clicked the "Request certificate from a CA" and you had a handy csr to send them. You drop the test from your crt into the already self-signed certificate in server admin and you're away to the races.)
The fun begins when you want to use your wildcard certificate on other machines. First, make sure that the intermediary certificate (this may be called something like yourCA_intermediate_bundle.crt) is in the System keychain and the X.509 Anchors.
Now you don't have to make another request, but how to get that info in there. The key (pardon the pun) lives in /etc/certificates on the machine that your SSL cert is already up and running on. Copy over the *.youdomain.com files to your next server and put them into /etc/certificates. In Server Admin, chose import rather than a new certificate and you're going to use the *.yourdomain.com.crt in the certificate field, and the *.yourdomain.com.key in the key field. If you used a passphrase when you first generated your private key you'll have to enter it in the passphrase field. Leave the 3rd field blank, click import, and Bob should be your uncle.
Ah, now, you've restarted your web services after implementing your new certificate and Server Admin is now telling you that web cannot start... If this isn't your first certificate on this machine you may be running into a... uh, feature! There's a gotcha in the way that OS X Server is reading the keys of your certificates and it's causing an issue if you have two private keys both with pass phrases. The key (pardon the pub again!) here is to strip that passphrase out of your private key:
server:/etc/certificates root# cp \*.yourdomain.com.key \*.yourdomain.com.key.passphrase
server:/etc/certificates root# openssl rsa -in \*.yourdomain.com.key.passphrase -out \*.yourdomain.com.key
Enter pass phrase for *.yourdomain.com.key.passphrase:
writing RSA key
So with this, you'll be deleting the newly added cert from Server Admin, stripping the passphrase, re-importing the cert with it's newly naked passphrase, and then you can go back in and apply this certificate to your web services and be able to restart web services without it complaining at you.
And that my friends, is what comes out of a day of banging your head against a very solid brick wall with determination to break it down....
So, wildcard SSLs are available from several people, but the one I was working with came from mactechdomains.com
When you get your certificate, you'll get a .crt and a intermediate key from the issuing CA. This is great for the machine that you started the request from (i.e., you went to Server Admin, filled in the details, and clicked the "Request certificate from a CA" and you had a handy csr to send them. You drop the test from your crt into the already self-signed certificate in server admin and you're away to the races.)
The fun begins when you want to use your wildcard certificate on other machines. First, make sure that the intermediary certificate (this may be called something like yourCA_intermediate_bundle.crt) is in the System keychain and the X.509 Anchors.
Now you don't have to make another request, but how to get that info in there. The key (pardon the pun) lives in /etc/certificates on the machine that your SSL cert is already up and running on. Copy over the *.youdomain.com files to your next server and put them into /etc/certificates. In Server Admin, chose import rather than a new certificate and you're going to use the *.yourdomain.com.crt in the certificate field, and the *.yourdomain.com.key in the key field. If you used a passphrase when you first generated your private key you'll have to enter it in the passphrase field. Leave the 3rd field blank, click import, and Bob should be your uncle.
Ah, now, you've restarted your web services after implementing your new certificate and Server Admin is now telling you that web cannot start... If this isn't your first certificate on this machine you may be running into a... uh, feature! There's a gotcha in the way that OS X Server is reading the keys of your certificates and it's causing an issue if you have two private keys both with pass phrases. The key (pardon the pub again!) here is to strip that passphrase out of your private key:
server:/etc/certificates root# cp \*.yourdomain.com.key \*.yourdomain.com.key.passphrase
server:/etc/certificates root# openssl rsa -in \*.yourdomain.com.key.passphrase -out \*.yourdomain.com.key
Enter pass phrase for *.yourdomain.com.key.passphrase:
writing RSA key
So with this, you'll be deleting the newly added cert from Server Admin, stripping the passphrase, re-importing the cert with it's newly naked passphrase, and then you can go back in and apply this certificate to your web services and be able to restart web services without it complaining at you.
And that my friends, is what comes out of a day of banging your head against a very solid brick wall with determination to break it down....
Blogged with Flock
Monday, January 21, 2008
Distractions be gone!
Perhaps a bit over the top, and really only good for the firefox breed of browsers, but still amused me at it's simplicity and ingenuity - No Links Please! is implemented as a Greasemonkey script - course, if you've already installed it you can't see that I just linked to it... ;-)
Blogged with Flock
Tuesday, January 8, 2008
Procrastination...
I've been listening to this recently, and have been quite enlightened with the points he covers off - I'd advise it to anyone... http://theownerscircle.com/seminar-download.html
Blogged with Flock
Tuesday, December 11, 2007
Sometimes I'm dumb...
The exact quote would be "You can blog directly from Flock!?!"
As it turns out, yes, indeed you can... I've been looking for a nice simple piece of blogging software.. I started out the whole blogging thing when I'd been playing with Journler which I'd had introduced to me at this past year's WWDC, but it didn't post to blogger, so that was problem #1. Next I tried out MarsEdit which I do really like, but as I'm such a infrequent blogger it seemed a bit overkill, that and I'm superbly cheap, so after my free 30 days, I went looking for something lean mean and well, free... I came across Ecto which while not free, is *cheaper*, but still a bit overkill for me, I mean honestly, I only blog maybe 2-3 times a month? So that's where Flock comes along, bonus #1 is it's free, #2, it's already on my system as my alternative browser, and #3, uh, well, I'm writing this in it, which means it works and it's simple. So, 3 cheers for Flock!
As it turns out, yes, indeed you can... I've been looking for a nice simple piece of blogging software.. I started out the whole blogging thing when I'd been playing with Journler which I'd had introduced to me at this past year's WWDC, but it didn't post to blogger, so that was problem #1. Next I tried out MarsEdit which I do really like, but as I'm such a infrequent blogger it seemed a bit overkill, that and I'm superbly cheap, so after my free 30 days, I went looking for something lean mean and well, free... I came across Ecto which while not free, is *cheaper*, but still a bit overkill for me, I mean honestly, I only blog maybe 2-3 times a month? So that's where Flock comes along, bonus #1 is it's free, #2, it's already on my system as my alternative browser, and #3, uh, well, I'm writing this in it, which means it works and it's simple. So, 3 cheers for Flock!
Blogged with Flock
Monday, December 3, 2007
So, Macworld is getting even more community-fied this year, and have created a Ning network for all the attendees. (Ning being the next brain-child of ex-Netscape founder Marc Andreessen) So, as IronGate have a booth at Macworld this year, and I'm speaking in the IT Conference again, oh, and I believe the Mac Communities are also hosting a booth, of which the MacEnterprise.org group is a member, all in all I'm going to be a busy girl! So, with all that, a bit of promotion - and a new badge over on the right hand side. Oh, I can hardly contain the excitement!
Well, there's the Chinese sorted...
There are two things that I tend to search for when moving to a new city - one is a fabulous Indian take-out - this gets qualified with a range of dishes, but usually on the quality of their Chicken Korma, and a good chinese delivery - and this one is measured on the quality of their General Tao/Tso/T** Chicken.
Now, a bit of background, as for these qualifications... it's not so much of a "you make the best" it's more of a "I've had the best elsewhere, now try and live up to that" mentality. So, for the Indian, the standard comes from when I was living in the UK, I lived in the East end of London in an area called Ilford. It was a significantly large Indian immigrant community, and as a result had a wde range of Indian take-out to choose from. So, the place I found there managed to make a korma that was crave-worthy - to the extent that people used to come and visit me solely so that we could order from my local Indian! Sadly, the last time I looked for this particular Indian they appeared to no longer exist, and so my constant has vanished - not that ordering from the UK is the most practical thing from Toronto!
Moving on, the Chinese qualification... I was introduced to "Hot N' Spicy'" (I can't believe they don't have a website, but here's a link to the location) in Montreal in my 2nd year of university there - they have a few restaurants, but the one that I know best is the one in the Faubourg on Ste. Catherine at Bay. It's a small take-out and delivery that I used to live almost across the street from, and as such was quite a regular treat to get their general Tao chicken. I moved a bit further across town, closer to McGill, the year after that and would step up to pay their delivery fee, even as a student, simply for their chicken! In more recent times, I've taken my husband to Montreal to show him my student haunts, and of course had to visit Hot N' Spicy', well, wouldn't you know it, he's no addicted also! To the extent that the last time we were in Montreal we ended up bringing home about 4 ordered of General Tao Chicken to put in the fridge... no, we're not obsessed...
So, back to where I started this, finding local take-out. We moved to Toronto about 5 years ago now, and have lived in 3 parts of town, so have had a wide range of places to order from across the city. Indian is a tricky one to find, there is an Indian area of Toronto, but it's significantly further East than we have ever lived, so we haven't really managed to fully qualify all of those places, but generally, we've settled on a place that was close to our previous house called Siddhartha (http://www.thesiddhartha.com). We tend to work around that area sometimes, so still manage to pick up take-out on occasion - they're still not quite up to par on my take-out from the UK, but I'm beginning to accept that I won't be able to make the trans-atlantic comparison there.
The Chinese you'd think would be easy, it's only a few hours down the road afterall... but we've found there's a huge variation (almost as much as the spelling) on the old General and his chicken... but as of last night, the search is over. While they don't have their own website, the Wok Terminal (http://www.restaurantica.com/restaurants/7099/) has won us over. Not only was our dinner less than $20 delivered, but the General Tao could have been mistaken for Hot N' Spicy's version any day - oh, and they sent free mini-spring rolls, as well as fortune cookies - no more searching for us!
Subscribe to:
Posts (Atom)
