Manuals / Apple / Computer Equipment / Server

Apple oxs manual Creating a Passphrase File, Setting Up SSL for Mail Service on a Headless Server

Models: oxs

1 175

Download 175 pages 24.88 Kb

Page 122

122

Creating a Passphrase File

To create a passphrase file, you will use TextEdit, then change the privileges of the file using the Terminal application. This file contains the passphrase you specified when you created the keychain. Mail service will automatically use the passphrase file to unlock the keychain that contains the SSL certificate. This concludes configuring Mail service for automatic SSL connections.

1Log in to the server as root (if you’re not already logged in as root).

2In TextEdit, create a new file and type the passphrase exactly as you entered it when you created the keychain.

Don’t press Return after typing the passphrase.

3Make the file plain text by choosing Make Plain Text from the Format menu.

4Save the file, naming it cerkc.pass.

5Move the file to the root keychain folder.

The path is /private/var/root/Library/Keychains/.

To see the root keychain folder in the Finder, choose Go to Folder from the Go menu, then type /private/var/root/Library/Keychains/ and click Go.

6In the Terminal application, change the access privileges to the passphrase file so only root can read and write to this file.

Do this by typing the following two commands, pressing Return after each one:

cd /private/var/root/Library/Keychains/

chmod 600 certkc.pass

Mail service of Mac OS X Server can now use SSL for secure IMAP connections.

7Log out as root.

Note: If Mail service is running, you need to stop it and start it again to make it recognize the new certificate keychain.

Setting Up SSL for Mail Service on a Headless Server

If you want to set up SSL for Mail service on a server that doesn’t have a display, first follow the instructions in the sections:

•“Generating a CSR and Creating a Keychain” on page 119

•“Obtaining an SSL Certificate” on page 121

•“Importing an SSL Certificate Into the Keychain” on page 121

•“Creating a Passphrase File” on this page

Then copy the keychain file “certkc” and the keychain passphrase file “certkc.pass” to the root keychain folder on the headless server. The path on the headless server is /private/var/root/Library/Keychains/.

Chapter 11 Working With Mail Service

Image 122

Apple oxs manual Creating a Passphrase File, Setting Up SSL for Mail Service on a Headless Server

Contents

Mac OS X Server Command-Line Administration 034-2354/10-24-03 Contents Viewing or Changing Sleep Settings Setting General System PreferencesEnergy Saver Settings Power Management SettingsMounting Volumes Working With Disks and VolumesMounting and Unmounting Volumes Unmounting VolumesStarting and Stopping AFP Service Working With File ServicesAFP Service Checking AFP Service StatusChecking the Status of Print Service Working With Print ServiceStarting and Stopping Print Service Viewing Print Service SettingsChanging Settings Using serveradmin 156 Changing Open Directory Service Settings 157 157 Configuring LdapIndex 171Notation Conventions Commands and Other Terminal TextCommand Parameters and Options SummaryDefault Settings Commands Requiring Root PrivilegesUsing Terminal To open TerminalIncluding Paths Using Drag-and-Drop Correcting Typing ErrorsRepeating Commands To type a command$ sudo serveradmin list Example ssh -l admin Sending Commands to a Remote ServerSending a Single Command To open a connection to a remote serverUpdating SSH Key Fingerprints To enable Telnet access Getting Online Help for CommandsUsing Telnet To disable Telnet accessServersetup Determining Whether a Service Needs to be RestartedPage Creating a Configuration File Template Installing Server SoftwareAutomating Server Setup To save a template configuration file during server setupInstalling Server Software and Finishing Basic Setup Installing Server Software and Finishing Basic Setup Installing Server Software and Finishing Basic Setup Storing a Configuration File in an Accessible Location Changing Server SettingsNaming Configuration Files Viewing, Validating, and Setting the Software Serial Number Updating Server SoftwareMoving a Server Page To restart the local server ExamplesAutomatic Restart To restart a remote server immediatelyTo change the startup disk Changing a Remote Server’s Startup DiskShutting Down a Server To shut down a remote server immediatelyViewing or Changing the Computer Name Computer NameDate and Time To display the server’s computer nameViewing or Changing the System Time Zone Viewing or Changing the System DateViewing or Changing the System Time Viewing or Changing Automatic Restart Settings Energy Saver SettingsViewing or Changing Sleep Settings Viewing or Changing Network Time Server UsageViewing or Changing the Startup Disk Power Management SettingsStartup Disk Settings Viewing or Changing Remote Login Settings Sharing SettingsInternational Settings Viewing or Changing Language SettingsDisabling the Restart and Shutdown Buttons Login SettingsTo view the current setting Viewing Port Names and Hardware Addresses Creating or Deleting Port Configurations Network Port ConfigurationsViewing or Changing Media Settings Activating Port ConfigurationsChanging a Server’s IP Address TCP/IP SettingsChanging Configuration Precedence To view TCP/IP settings for a particular port or device To list TCP/IP settings for a configurationTo view TCP/IP settings for port en0 To change TCP/IP settings for a particular port or deviceViewing or Changing DNS Servers Viewing or Changing FTP Proxy Settings AppleTalk SettingsProxy Settings Enabling TCP/IPViewing or Changing Streaming Proxy Settings Viewing or Changing Web Proxy SettingsViewing or Changing Secure Web Proxy Settings Viewing or Changing Gopher Proxy SettingsViewing or Changing Airport Settings AirPort SettingsViewing or Changing Socks Firewall Proxy Settings Computer, Host, and Rendezvous NameViewing or Changing the Local Host Name Viewing or Changing the Rendezvous NamePage Unmounting Volumes Checking for Disk ProblemsMounting Volumes Monitoring Disk Space Reclaiming Disk Space Using Log Rolling Scripts Managing Disk Journaling Checking to See if Journaling is EnabledTurning on Journaling for an Existing Volume ExampleErasing, Partitioning, and Formatting Disks Enabling Journaling When You Erase a DiskSetting Up a Case-Sensitive HFS+ File System Disabling JournalingTo restore a volume from an image Imaging and Cloning Volumes Using ASRTo image a boot volume Hdiutil convert -format Udzo pathtoimage -o compressedimageTo create a user with a specific UID and home directory To create a userTo create a user with a specific UID Importing Users and Groups To import users and groupsUse the shorthand StandardGroupRecord Creating a Character-Delimited User Import FileWriting a Record Description DSRecTypeStandardGroupsUsing the StandardUserRecord Shorthand Format Sample values User AttributesAttribute Attribute Format Sample values Authentication MCXSettingsAdminLimits AuthenticationHintMail Attributes in User Records MailAttribute field Description Sample valuesNotificationOff is assumed NotificationStaticIP NotificationStateKNotificationState ValueChecking a Server User’s Name, UID, or Password Creating a Group Folder Checking a User’s Administrator PrivilegesCreating a User’s Home Directory Mounting a User’s Home DirectoryPage Listing Share Points To list existing share pointsExamples Creating a Share PointTo create a share point AFP Service Changing AFP Settings List of AFP SettingsAllowRootLogin Admin31GetsSpAdminGetsSp AttemptAdminAuthDefault = afpserver GuestAccessAdminUsers LogLoginNoadminkills UnixwithclassicadminpermissionsDefault = classicpermissions SpecialAdminPrivsTo list connected users List of AFP serveradmin CommandsListing Connected Users OutputTo send a message Disconnecting AFP UsersSending a Message to AFP Users To disconnect usersValue Description Canceling a User DisconnectTo cancel a disconnect Listing AFP Service Statistics To list samplesChecking NFS Service Status NFS ServiceStarting and Stopping NFS Service Viewing NFS SettingsFTP Service Parameter ftp Changing FTP SettingsFTP Settings List of FTP serveradmin Commands Ftpcommand= DescriptionPage To list all SMB service settings Viewing SMB SettingsChanging SMB Settings Or see List of SMB Service Settings onList of SMB Service Settings Parameter smb DescriptionLog level Netbios nameLocal master Max smbd processesListing SMB Users List of SMB serveradmin CommandsSmbcommand= Description Disconnecting SMB Users Value returned by getConnectedUsersListing SMB Service Statistics Updating Share Point InformationVar/log/samba/log.smbd Viewing SMB Service LogsSmb-log Name-logPage Checking the Status of Print Service Viewing Print Service SettingsParameter print Description Changing Print Service SettingsPrint Service Settings Queue Data Array Parameter printDescriptionHere is an example of a queue array parameter block Listing Queues Print Service serveradmin CommandsPausing a Queue To pause a queueTo hold a job Listing Jobs and Job InformationHolding a Job Viewing Print Service Log Files To release the jobPage Checking NetBoot Service Status Viewing NetBoot SettingsGeneral Settings Changing NetBoot SettingsNetBoot Service Settings Parameter netboot DescriptionStorage Record Array Filters Record ArrayImage Record Array Port Record Array NetBootPortsRecordsArrayarrayindexmIsEnabledAtIndex EthernetPage Checking the Status of Mail Service Viewing Mail Service SettingsParameter mail Description Changing Mail Service SettingsMail Service Settings Postfixsmtpsaslpasswordmaps PostfixdisablevrfycommandPostfixlmtpsaslpasswordmaps PostfixsmtpsaslauthenablePostfixdefaultverpdelimiters PostfixdeliverlockdelayPostfixmailboxcommand PostfixcleanupservicenamePostfixsmtpdtimeout PostfixforkdelayPostfixdisablemimeoutputconversion PostfixsmtpderrorsleeptimePostfixrelaytransport PostfixdelaywarningtimePostfixtriggertimeout PostfixaliasmapsPostfixdefaulttransport PostfixsmtpdnoopcommandsPostfixalternateconfigdirectories PostfixsmtpddelayrejectPostfixdefaultprivs PostfixqueueservicenamePostfixipctimeout PostfixinflowdelayPostfixqmqpdtimeout PostfixshowqservicenamePostfixsmtppixworkarounddelaytime PostfixignoremxlookuperrorPostfixqmqpderrordelay PostfixbounceservicenamePostfixcontentfilter PostfixsmtpdsenderloginmapsPostfixlmtpdataxfertimeout PostfixdefaultextrarecipientlimitPostfixlmtpdatadonetimeout PostfixsmtpdatadonetimeoutImaptimeout ImappoptimeoutImapmupdateserver ImapenablepopImapenableimap ImapdefaultpartitionImapsrvtab Default = /etc/srvtab Imapimapauthlogin ImapallowanonymousloginMail serveradmin Commands CommandListing Mail Service Statistics Viewing the Mail Service Logs To display the log locationsSetting Up SSL for Mail Service Generating a CSR and Creating a Keychain120 Obtaining an SSL Certificate Importing an SSL Certificate Into the KeychainSetting Up SSL for Mail Service on a Headless Server Creating a Passphrase FileChecking Web Service Status Viewing Web SettingsChanging Settings Using serveradmin Changing Web SettingsServeradmin and Apache Settings An appropriate value for the settingListing Hosted Sites Web serveradmin CommandsViewing Service Logs To list sitesCacherequestspersecond for Viewing Service StatisticsRequestspersecond for Cachethroughput forAddsite.in File Example Script for Adding a WebsiteAddsite File Port To run the scriptIpaddress RootChecking the Status of Dhcp Service Dhcp ServiceStarting and Stopping Dhcp Service Viewing Dhcp Service SettingsParameter dhcp Description Changing Dhcp Service SettingsDhcp Service Settings Subnet Parameter Dhcp Subnet Settings ArrayAbout Subnet IDs Netmask LeasetimesecsNetaddress NetrangeendWINSscopeid Adding a Dhcp SubnetTo add a subnet WINSsecondaryserverCommand Dhcpcommand=Description List of Dhcp serveradmin CommandsViewing the Dhcp Service Log Location of the DNS service logDNS Service Starting and Stopping Firewall Service Firewall ServiceListing DNS Service Statistics Sample OutputChanging Firewall Service Settings Checking the Status of Firewall ServiceViewing Firewall Service Settings Firewall Service SettingsAdding Rules by Modifying ipfw.conf Defining Firewall RulesIPFilter Groups With Rules Array Parameter ipfilter DescriptionUnmodified ipfw.conf file Rule Adding Rules Using serveradminExample Firewall serveradmin Commands IPFilter Rules ArrayNAT Service Parameter nat Description Changing NAT Service SettingsNAT Service Settings Parameter natDescription NAT serveradmin CommandsViewing the NAT Service Log Checking the Status of VPN Service VPN ServiceStarting and Stopping VPN Service Viewing VPN Service SettingsList of VPN Service Settings Parameter vpnServers DescriptionPPPLCPEchoEnabled Com.name.ppp.l2tp PPPDSACLEnabled Com.name.ppp.l2tpPPPAuthenticatorPlugins Arrayindex n Com.name.ppp.l2tp PPPVerboseLogging Com.name.ppp.l2tpPPPLCPEchoEnabled Com.name.ppp.pptp PPPDSACLEnabled Com.name.ppp.pptpPPPAuthenticatorPlugins Arrayindexn Com.name.ppp.pptp PPPCCPEnabled Com.name.ppp.pptpVPN Service Log on this List of VPN serveradmin CommandsViewing the VPN Service Log Be restarted. See Determining Whether a Service Needs to beFailover Operation IP FailoverRequirements HardwareTo enable IP failover Enabling IP FailoverPre and Post Scripts Configuring IP FailoverNotification Only Enabling PPP Dial-In Page General Directory Tools Testing Your Open Directory ConfigurationTesting Open Directory Plugins Modifying an Open Directory NodeParameter dirserv Description Registering URLs With Service Location Protocol SLPChanging Open Directory Service Settings Program Used to Configuring LdapStandard Distribution Tools Idle Rebinding Options Delay RebindIdle Timeout Additional Information About LdapPassword Server NetInfoKerberos and Single Sign On KdcsetupKerberosautoconfig Tool in usr/sbin DescriptionStopping Qtss Service Checking Qtss Service StatusTo list all Qtss service settings Viewing Qtss SettingsChanging Qtss Settings $ sudo serveradmin settings qtssQtss parameters you might change Qtss SettingsDescriptions of Settings Parameter qtss DescriptionAuthenticate ModulesarrayidQTSSAdminModule ModulesarrayidQTSSAdminModuleAdministratorGroup ModulesarrayidQTSSAdminModule Enableremoteadmin ModulesarrayidQTSSAdminModuleEnablebroadcastpush ModulesarrayidQTSSReflectorModule Disableoverbuffering ModulesarrayidQTSSReflectorModuleEnablebroadcastannounce ModulesarrayidQTSSReflectorModule ServerdefaultauthorizationrealmQtss serveradmin Commands Listing Current ConnectionsViewing Qtss Service Statistics To force Qtss to re-read its preferences Error.logForcing Qtss to Re-Read its Preferences Library/QuickTimeStreaming/LogsCreated To set up /Sites/Streaming in older home directoriesPreparing Older Home Directories for User Streaming Page Index Kerberosautoconfig tool Installer command 21 IP addressKdcsetup utility 160 Kerberos 173 Used by ldapsearch 157 scripts 174175