Business Machine

Technology, business
and innovation.

And, not least, about
the Mac.

Weblog Archive Cutedge

by: Bernard Teo

Creative Commons License

Copyright © 2003-2012
Bernard Teo
Some Rights Reserved.

The Ultimate Business Machine - Archives

List of Categories : Database * Technology * Commentary * Singapore * Travel *

Sun 17 Jul 2005

WebMon, SSL, Mail, and Digital Certificates

Category : Technology/sslUpdates.txt

Just some updates about WebMon and SSL.

I'm almost done with the interface. I'm able to get WebMon to generate a certificate request (a CSR in SSL parlance) and display the block of text containing that CSR, so that the user can paste that into his application at one of the certification authorities.

I enjoyed the fluidity of the process at, or as they're now known, and I'm going to recommend it.

I just need to wrap it up by providing an interface for the user to paste the returned certificate, so that WebMon can copy that to the right location and restart the server.

I've been experimenting Apple's very excellent Certificate Assistant (that comes with Tiger's new Keychain Access application), but I think that serves a more mail client-centric need.

If you use WebMon's SSL-enabler, you should be able to set the web server up for SSL, and get the certs and keys stashed into all the right places in one fell swoop. Or at least that's what I hope I could do.

But, back to the Certificate Assistant. I think it's very well thought out. I've used something similar in Windows 2000 (I haven't thought about Windows in ages) but Apple's implementation is better.

"Better" because, if good design is about stripping things down to the barest minimum that the user needs to touch to get something done, then Certificate Assistant has succeeded in this respect.

I now know how the process works, both via Certificate Assistant, as well as manually via the OpenSSL commands. But I still haven't found the answer to the question : if I have a valid live SSL cert, can I use it to sign other certificates so that other mail clients don't complain when they receive mail from all of us here at (- because currently I could only use a self-signed cert, and that is not linked to the so-called "chain of trust" - unless I know how to bring the live cert into the equation).

Currently, Certificate Assistant works with self-signed certs. If I make myself a Certification Authority, I can't issue a cert for Hai Hwee, say, and link that all the way back to the root certificate used by, even though I, as the sub-level Certification Authority, has a valid certificate from

I've been banging my head over this the last couple of days. Sending mail without signing and encrypting it is, like someone said, sending business information using postcards, for everyone to read who handles its delivery. We really need to get to this next stage of e-mail usage. And the process has got to be simpler and cheaper than it is now.

Posted at 1:57AM UTC | permalink

Put your Mac to Work Now how would you do something like that?

Weblogs. Download and start a weblog of your own.

A Mac Business Toolbox
A survey of the possibilities

A Business Scenario
How we could use Macs in businesses

VPN Enabler for Mavericks

MailServe for Mavericks

DNS Enabler for Mavericks

DNS Agent for Mavericks

WebMon for Mavericks

Luca for Mavericks

Liya for Mountain Lion & Mavericks

Postfix Enabler for Tiger and Panther

Sendmail Enabler for Jaguar

Services running on this server, a Mac Mini running Mac OS X 10.9.2 Mavericks:

  • Apache 2 Web Server
  • Postfix Mail Server
  • Dovecot IMAP Server
  • Fetchmail
  • SpamBayes Spam Filter
  • Procmail
  • BIND DNS Server
  • DNS Agent
  • WebDAV Server
  • VPN Server
  • PHP-based weblog
  • MySQL database
  • PostgreSQL database

all set up using MailServe, WebMon, DNS Enabler, DNS Agent, VPN Enabler, Liya and our SQL installers, all on Mavericks.