After this, it was time for some research, and in the official documentation, I found that the 'official' way is to use the Keychain Access app with the Certificate Assistant to create and manage certificates. No way of creating a decent certificate (CA or SSL) through that interface. Using the 'override defaults' setting results in nothing but disappointments. So creating a CA and creating an SSL certificate after that renders the SSL certificate basically useless. Strange setting, since an issued certificate may NOT expire after its issuer (just check the PKI RFC's). Using this interface has the following problems Ĭreating a CA through the wizard creates a CA which expires in 1 year. This interface offers you the possibility to import and create certificates. Selecting the server in the left pane shows a certificate button in the right pane. The first GUI I discovered is in the (crappy) Server Admin tool. All this in a nice GUI with even a wizard. There is the possibility to create a CA and create certificates signed by that CA.
#APPLE SERVER ADMIN TOOLS 10.6 MAC#
When I did some research wether I should buy a Mac mini server I didn't research the PKI capabilities of the system.
#APPLE SERVER ADMIN TOOLS 10.6 WINDOWS#
This OS X server is just like the older Windows operating systems Reboot for the changes to take effect. After a second reboot (?) everything worked oke? Turned out that the allowed everything isn't really allowing everything. None of them seemed to be able to get an IP address from the DHCP server. until I rebooted my computers/mobile devices on the local network. This should enable the automatic blocking of those who try to get in.Īfter restarting (and rebooting the servers, since the Server Admin tool lost all connections to the localhost) everything looked oke. So I made sure that internal hosts were allowed to communicate with the server without restrictions, and that the sources on the Internet could connect only to those ports I had opened on my router (mail, web, ssh). The OS X firewall differentiates based on defined networks. Since I hadn't enabled the firewall, I thought that this might be a good idea, since I didn't the DenyHosts add-on to realize such a feature. Jul 11 16:35:36 zeus afctl: Firewall not running or managed by another entity, rule not added When I browsed through the logging of the server with Splunk I saw that the SSHd can work with the OS X firewall to automatically block IP address that are trying to get in (bruteforce attacks). I can't image how a sysadmin with dozens of users would feel. Thankfully, I only run a small home network. SoftTerra LDAP Administrator) could connect just fine across the network. And the 'fun' part is that a generic LDAP tool (e.g. Just to avoid any DNS or networking issues. The GUI access the Open Directory server on the localhost. The Workgroup Manager is fast one time, and other times it takes about 3 minutes just to show the users. So no resolving problems one should think. Also, the tooling connects to the localhost. So network-wise this shouldn't be a problem. This means that when I launch the app, it can't connect to the server. I'm talking about the Server Admin tool and the Workgroup Manager.įor some reason the communication between the tool and the actual services/daemons fails regularly. Server AdminThe problem is that the tooling for managing these services is crappy to say the least. So there is no inheritance of older applications or OS related settings. The installation is/was clean and default. The following experiences are with a Mac mini (mid-2010 edition) server with a legal OS X server edition.
0 kommentar(er)
