rob aldred

It became apparent that getting mod_ssl working correctly without browser warnings when developing sites that take payments is a bit of pain. Mainly because there is no free way to have a root authority sign your Certificate Signing Request (CSR).

There is how ever a short cut, given that you are using Apache, mod_ssl, openssl and Firefox.

We’re going to generate our own Certificate Authority (CA), this is CA is only going to work for us so if your generating a certificate for production, you’ll need to send your CSR to a proper CA such as VeriSign

Step1, Make a temporary folder we can work in.

Step2, generate our private key

You will be asked for a passphrase in the creation of this key. (just use 12345) or anything butdo not forget this passphrase! You’ll have to do this all over if you forget the passphrase. You will need this passphrase later on in the process.

Step3, generate a CSR from our private key

you’ll be asked for the following information:

Make sure you fill in `Common Name` with your domain you want this certificate for, this should match your apache vhost `ServerName` setting

Now, looking at the directory we’re working in, you should have the following:

Step4, create the private key for our CA

Again, you’ll be asked for a passphrase, which, again, you should not forget.

Step5, create CA certificate using the key we just made

You will be asked for similar information you were asked for when we make the web server certificate earlier; this information should be about you, enter something like the following

Now you will have 4 files your directory; server.key, server.csr, ca.key, ca.crt
Next is the important park, signing our certificate request.

The easiest way to do this is to use the sign.sh script contained in the mod_ssl source,
or you can get it here: sign.sh
copy the script to the working directory

Step6, make sign.sh executable and sign our CSR

you should get something like the following:

Answer ‘y’ to the question asking to Sign the certificate [y/n]

Step7, remove password requirement from server key

you be asked for the passphase

Step8, copy files to our webserver

Step9, add the configuration to your VirtualHost block listening on the SSL port 443

Step10, Tell apache to listen on 443
By default there is a file in /etc/apache2/extras called httpd-ssl.conf
this needs to edited and included in /etc/apache2/httpd.conf its commented out initially.

Depending where you are defining your VirtualHost blocks
Comment out or remove the _default_ virtualHost block in httpd-ssl.conf, this will cause errors when starting apache because we have no configured certificate for the example apache provites

Edit your httpd.conf to include the etc/httpd-ssl.conf file, scroll to the bottom the file, you’ll notice its commented out at around line #476

Just remove the # and move onto the next step

I use a seperate vhosts folder in extra, containing individual conf files for each virtualhost, they are included in the extra/httpd-vhosts.conf files using the following:

Include /private/etc/apache2/extra/vhosts/*.conf

Step10, restart apache

Step11, (a few steps in itself) Add our CA to Firefox so it think its a trusted authority
Go to Preferences (Cmd + ,)
Go to Advanced
Go to Encryption
Click ‘View Certificates’
Choose the ‘Authorities’ tab
Click ‘Import’
Hit Shift + Cmd + g to open the go to folder window
Enter ‘/etc/apache2/certs’ (You might be asked to authenticate with your system password)
Select the ca.crt file we generated earlier and click ‘Open’
Firefox will ask you:
Do you want to trust “My CA” for the following purposes?
Just select Trust this CA to identify websites
Click ‘OK’
Restart your browser

If you’ve followed everything correctly when you go to https://localhost (or whatever CommonName you specified)
You will get a ssl encrypted site and no warnings about the certificate not being trusted.

Example showing a local vhost with a verified cert

If apache doesn’t come backup then apache’s config checks program is your best friend.

I’ve been using cucumber a lot recently along with the textmate bundle for it.
The HTML output cucumber creates is fine, but not all that pretty.

I’ve created a new formatter for cucumber to generate HTML enhanced with some javascript.
My inspiration came from the textmate bundle for rspec.

You can grap it off my github.
Here’s some screenshots:

UPDATE: I replaced the original html formatter in cucumber; as of 19th November my fork has been merged into Aslak’s cucumber/master upgrade to the cucumber 0.4.5 release.
View the commit history

I had an iMac for a while now and have been thinking of getting a Macbook aswell.

Just recently I’ve been given a Dell D430 I’ve heard a lot about OSx86 and tried to do it once before with a kalyway install but failed miserably. This Dell D430 has a good spec match to the macbooks and seems to be supported a bit so thought i’d give it a whirl.

It took about 6 hours, 2 of them spent downloading the 4.3gb iPC DVD from Rapidshare (btw, jDownloader + Rapidshare premium ftw)

I burnt the ISO to a Blank 4.7 DVD, popped it into my Lenovo USB DVD Combo drive (No DVD/CD on the D430)
to my amazement the OSX installer booted up straight away.

Note: You’ll need a USB KB + Mouse for the first boot, the installer works with the D430’s kb + trackpad but after install it needs little more work.

Install done using iPC OSX 10.5.6 PPF5 Universal Final – Base
Use the following options when installing:

- Kernel: Voodoo 9.5.0
- Video: Intel GMA950
- Chipset: LegacyAppleIntelPIIXATA
- Audio: Sigmatel 9200 (Might not work, if not fix later with Apple HDA Patcher instructions below)
- Ethernet: Intel 82566MM/DC (Not tested, I use Wifi)
- Wireless: Intel PROSet/Wireless 3945
- USB: Patched USB + PCGenUSBEHCI
- Fixes & Patches: ACPI Fix
Time Machine Patch
IOPCIFamily.kext patched
Seatbelt.kext 10.5.5
USB Mount Fix
PS/2 Device Support (Both KB + Mouse)
DSDT Patch
- All Applications

Restart remember to use “-f” flag when starting up for the first time.

KEYBOARD AND MOUSE Install

1. Download Package PS2Fix1054.
2. Right Click on the Package -> Open With -> Pacifist
3. After 15 Seconds, Click on Not Yet (Support Charles if you use this App)
4. Expand contents of “Choice0″
5. Expand contents of “appleps2controller.pkg”
6. Right Click “ApplePS2Controller.kext” and select the option “Install to default location”

To solve the kernel panics when mounting dmg’s
Install this seatbelt.kext from 10.5.5 over the one from 10.5.6, use osx86tools for install
Remember to fix permissions.

Audio Fix:
Download Apple HDA Patcher 1.20
and the correctly patch file for the Sigmatel 9200 audio

Battery Monitor: (Source: http://mydellmini.com/forum/mac-os-x/871-battery-monitor.html)

You’ll need the following Kext collection,
Kexts for battery monitor
We only need PowerManagement.bundle + AppleACPIBatteryManager.kext

First is PowerManagement.bundle, that goes into to /System/Library/SystemConfiguration folder
Then there’s AppleACPIBatteryManager.kext, that goes into the /System/Libary/Extensions directory. Fix the extension permissions with osx86tools, reboot with -f

Summary

There is only 1 thing I cannot get working (Which I’m still working on finding a fix) the SD Card reader, it seems to freeze the laptop when a card is inserted.

If everything goes smoothly you should have OSX up and running on your Dell within an hour.
Winner Winner!

Thanks for reading & good luck
Rob

Thanks to Insanely Mac for being an invaluable resource for me

I’ve been working on a project which uses syslog.
In order for the changes I made to syslog.conf to take effect I needed to restart the syslogd process

Yes I could restart my computer but that’s just too much effort.
I found a simple solution using the built in Mac Launch Daemons

~#: launchctl unload /System/Library/LaunchDaemons/com.apple.syslogd.plist
~#: launchctl load /System/Library/LaunchDaemons/com.apple.syslogd.plist

syslogd will now have reloaded with any config changes you made.