Tag Archives: Snow Leopard

Snow Leopard Apache Web Server SSL Pass phrase Error

Posted on by

If you are getting errors “Pass phrase incorrect” in your apache logs on Snow Leopard server, it is because the key is protected by a password.  I found the answer here.

The password for the key is stored in the System Keychain.  It is a password entry called “Mac OS X Server certificate management”.  You can open the entry and select “Show Password”.  You may also use the security command line tool to dump the password.

security find-generic-password -l "Mac OS X Server certificate management" -g

or

security dump-keychain -d # look in data for password which will look like a GUID

Once you have the password, you can create a copy of the key without the password using openssl:

openssl rsa -in /etc/certificates/server.domain.com.uniqueid.key.pem \
 -out /etc/certificates/server.domain.com.uniqueid.passwordlesskey.pem

You can then replace the password protected key with the passwordless key or point apache to the passwordless key in your /etc/apache2/sites/sitename.conf file.

Customizing the Cisco or IPSec VPN client in Snow Leopard

Posted on by

The Snow Leopard VPN is not very configurable from the GUI, but behind the scenes it is using a racoon configuration.

To grab the configuration it is generating, configure the VPN in the System Preferences GUI, then rename /usr/sbin/racoon and try connecting. The config file will be written in /var/run/racoon/. Grap a copy of that file and customize it to your needs. Once you have the config file, rename racoon back to its original name.

Then to make the GUI use your custom config file instead of the one it generates, edit /etc/racoon/racoon.conf to include your custom config file and comment out the line:
include "/var/run/racoon/*.conf" ;

By making a few changes I was able to get a successful connection to our Cisco VPN Concentrators.

I’m hoping there is a less hacky way to accomplish this. If you know of one, let me know. Otherwise file a bug with Apple.