In OSX Server, in the log file for imapd, you will see a log entry along the lines of:

imapd TLS server engine: No CA file specified. Client side certs may not work

several times per hour. This happens for all versions of OSX Server up to and including 10.5.5.

Firstly, it’s not an important error. It’s a warning. What it is saying is that IMAP authentication using client-side certificates over SSL will not work. That’s OK, you have plenty of other ways to authenticate to IMAP. However, it’s annoying (to me, at least) that this warning clutters up the logs.

The way to remove this is to to add a new line into /etc/imapd.conf - one that actually specifies a root certificate for client-side certificates. Do this by adding the line to /etc/imapd.conf:

tls_ca_file: /etc/certificates/Default.crt

And stop and restart the mail services.

This assumes you haven’t changed the name or location of the default certificate OSX Server generates. Change the certificate you choose to use if so.

This will stop the warning being written to the logs, and won’t cause any problems: people won’t be able to log in based on this because you won’t have generated any user certificates off the default certificate. However, if you’re feeling particularly paranoid, generate a fresh certificate using Server Manager, and use that.

Technorati Tags:
OSX, TLS, imap, imapd, certificate

Posted: September 30th, 2008 under Tips.
Comments: none

These little wireless broadband adaptors are very common in the UK right now. Several of the mobile phone carriers - Three and Vodaphone at least - use them. The trouble is, the supplied application crashes out under the current Leopard build, 10.5.3, when trying to make a connection.

There is a trick to get it working, though. Do the following:

Firstly, run the “Mobile Connect” Make sure under “settings” there is a profile: I called mine “3 USB Modem”, with Access Point name of 3internet and Telephone number of *99#. You only need to do this once.

Secondly, go into System Preferences. In the Network pane, select the HUAWEI mobile device in the left pane. Now, in the right pane, under Configuration, select “Add Configuration”. I caled mine “Three”. Add *99# as the telephone number, make sure “Show modem status in menu bar” is ticked (for convenience) and you’re all set.

Each time you need to make a connection, firstly run the mobile connect application from the usb modem key. I don’t get reliable connections unless I do this. Then go to your menu bar, locate the little phone icon, and choose “Connect HUAWEI mobile.”

That’s it. That will make a connection to your wireless broadband service provider.

Huawei have recognised the problem and are expected to bring out a replacement application soon, but this will keep you working until they do so. I’d keep an eye on their forums for the announcement of the new app.

Technorati Tags:
leopard, Huawei, E169G, 10.5.3

Posted: June 20th, 2008 under Stuff We Use, Tips.
Comments: none

Clearing your DNS cache is a trick you need to know, especially because OSX has a slightly annoying habit of caching negative results. That is, if for some reason you get a “not known” result back from a DNS server, OSX will hold onto it for some time, unless you clear the cache.

Irritatingly the way to do this has changed between OSX 10.4 and 10.5. In OSX 10.4 Tiger, you type in a terminal window:

lookupd -flushcache

Whereas in OSX 10.5 Leopard the command is now:

dscacheutil -flushcache

Posted: December 31st, 2007 under Tips.
Comments: none