The
Ultimate
Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo








Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

The Ultimate Business Machine - Archives

List of Categories : Database * Technology * Commentary * Singapore * Travel *

Sun 17 Jul 2005

WebMon, SSL, Mail, and Digital Certificates

Category : Technology/sslUpdates.txt

Just some updates about WebMon and SSL.

I'm almost done with the interface. I'm able to get WebMon to generate a certificate request (a CSR in SSL parlance) and display the block of text containing that CSR, so that the user can paste that into his application at one of the certification authorities.

I enjoyed the fluidity of the process at freessl.com, or rapidssl.com as they're now known, and I'm going to recommend it.

I just need to wrap it up by providing an interface for the user to paste the returned certificate, so that WebMon can copy that to the right location and restart the server.

I've been experimenting Apple's very excellent Certificate Assistant (that comes with Tiger's new Keychain Access application), but I think that serves a more mail client-centric need.

If you use WebMon's SSL-enabler, you should be able to set the web server up for SSL, and get the certs and keys stashed into all the right places in one fell swoop. Or at least that's what I hope I could do.

But, back to the Certificate Assistant. I think it's very well thought out. I've used something similar in Windows 2000 (I haven't thought about Windows in ages) but Apple's implementation is better.

"Better" because, if good design is about stripping things down to the barest minimum that the user needs to touch to get something done, then Certificate Assistant has succeeded in this respect.

I now know how the process works, both via Certificate Assistant, as well as manually via the OpenSSL commands. But I still haven't found the answer to the question : if I have a valid live SSL cert, can I use it to sign other certificates so that other mail clients don't complain when they receive mail from all of us here at cutedgesystems.com? (- because currently I could only use a self-signed cert, and that is not linked to the so-called "chain of trust" - unless I know how to bring the live cert into the equation).

Currently, Certificate Assistant works with self-signed certs. If I make myself a Certification Authority, I can't issue a cert for Hai Hwee, say, and link that all the way back to the root certificate used by freessl.com, even though I, as the sub-level Certification Authority, has a valid certificate from freessl.com.

I've been banging my head over this the last couple of days. Sending mail without signing and encrypting it is, like someone said, sending business information using postcards, for everyone to read who handles its delivery. We really need to get to this next stage of e-mail usage. And the process has got to be simpler and cheaper than it is now.

Posted at 1:57AM UTC | permalink

Mac@Work
Put your Mac to Work

Sivasothi.com? Now how would you do something like that?
Weblogs. Download and start a weblog of your own.
A Mac Business Toolbox
A survey of the possibilities
A Business Scenario
How we could use Macs in businesses
VPN Enabler for Mavericks
MailServe for Mavericks
DNS Enabler for Mavericks
DNS Agent for Mavericks
WebMon for Mavericks
Luca for Mavericks
Liya for Mountain Lion & Mavericks
Postfix Enabler for Tiger and Panther
Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.