Archive for March, 2011

Retrieving your OS X Server’s serial number if you’ve lost it.

March 30, 2011 3 comments

If your OS X Server has died and you need to rebuild it, you may find that you haven’t kept good track of where your serial number is. Nathan Toups posted a solution for that in his Twitter feed.

To do this on a running system:

1. Log in with an admin account.

2. Open Terminal.

3. Type sudo cat /etc/systemserialnumbers/xsvr

Your OS X Server’s serial number and the registered name and organization should be displayed.

If you’re retrieving from backups, get the xsvr file from /etc/systemserialnumbers to retrieve the serial number.


Setting OCSP and CRL certificate settings in Keychain Access

March 24, 2011 1 comment

To help secure Safari against certificate hijacking, you can set your OCSP and CRL settings in Keychain Access, so that Safari can correctly identify certificates as being revoked and therefore untrusted.

You can set this in Keychain Access this way:

1. Open /Applications/Utilities/Keychain Access

2. Go into the Keychain Access menu and select Preferences…

3. In the Preferences window, click on the Certificates tab.

4. Set the first two options, for OCSP: and CRL: , to Best Attempt. It should be OK to leave Priority: set to the default setting.

You can also set these settings from the command line. You’ll need to run these commands on a per-user basis, as Keychain is looking to the ~/Library/Preferences/ file for these settings.

To set the CRL settings:

defaults write CRLStyle -string BestAttempt

To set the OCSP settings:

defaults write OCSPStyle -string BestAttempt

Combining Ethernet ports with link aggregation

March 21, 2011 Leave a comment

If you have a Mac with more than one Ethernet port and you’re finding that you have a need for greater network bandwidth, then you can combine them into one virtual Ethernet port. This is known as “link aggregation”. The combined Ethernet ports appear as a single IP address to your computer and applications.

Combining ports provides increased bandwidth by merging the bandwidth of the individual ports. This also provides for load-balancing your network traffic and providing for an automatic network failover in the event that you have an individual ethernet port or cable that fails (the other port/cable picks up the rerouted traffic, though your bandwidth is now reduced to what the single port or cable can bear.)

Here’s how you can set this up on your own Mac with two built-in ethernet ports :

1. Open System Preferences

2. Go to System Preferences -> Network

3. Select the small cog in the bottom left side (next to the + and ) and choose Manage Virtual Interfaces…

4. Select the + in the bottom left and choose New Link Aggregate…

5. Then you select the two Ethernet interfaces and name the new interface whatever you want. Once finished, click the Create button.

6. After that it will appear in the network list as one network interface with a bond ID.

7. Click Apply to activate the new virtual Ethernet service.

Apple also has a KBase article available on this subject:

Adding new trusted root certificates to System.keychain

March 13, 2011 19 comments

If you’re setting up a certificate authority for your organization, so that you can build and use PKI certificates in house, you need to make sure that your Macs are set to recognize that CA (and the certificates it uses) are trusted. One way to do that is to install new trusted root certificates as needed into /Library/Keychains/System.keychain, so that certificates issued by your CA are recognized and trusted by your Mac.

You can use the security command to install the trusted root into your Mac’s System.keychain (the trusted root .cer file is in this case stored in /private/tmp/certs.)

sudo security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/private/tmp/certs/certname.cer"

add-trusted-cert = Add certificate (in DER or PEM format) from certFile to per-user or local Admin Trust Settings.

-d = Add this certificate to admin certificate store; default is to store it in the user’s keychain.

-r = Specifies the result you want, in this case you want to use trustRoot (see the security man page for the other options.)

-k = Specifies the keychain to use, in this case the specified keychain is /Library/Keychains/System.keychain

You can also build this into an installer package, where you’re installing the certificate you want to use to a specified directory, then setting the following in a postflight script to automatically install the trusted certificate into System.keychain, then remove the certificate from the directory


security add-trusted-cert -d -r trustRoot -k "/Library/Keychains/System.keychain" "/private/tmp/certs/certname.cer" srm "/private/tmp/certs/certname.cer"

Fixing “Recent Address” autofill problems in Outlook 2011

March 2, 2011 37 comments

Outlook 2011, like Entourage before it, keeps track of email addresses that you’ve recently sent messages to. Outlook can run into some problems with this, where the autofill will display addresses with your name but someone else’s address. This had been fixable in Entourage by using the method below:

Outlook 2011 either removed or moved the relevant button from the Compose preferences, but it looks like there’s two ways (one non-destructive, one possibly destructive) to clear recent addresses and contacts in Outlook.

Non-destructive (recommended):

When composing a message, a number of addresses are popping up. To clear the ones you don’t want from the Recent Addresses database, click the little gray “X” at the end of the line.

For any that don’t have an “X” in the name, here’s how to check the “Me” contact that may be storing those addresses and remove any that aren’t needed:

1. Click on Contacts in the lower-left corner of the Outlook window.

2. In Contacts, click the Organize tab

3. Click the button called Me.

The Me contact stores information about the Outlook’s default main user. If it has different information than your name, email, etc, these fields can be updated with your information.

Possibly destructive (not recommended):

There is another way to clear the whole Recent Address cache file, but it could cause data loss so I don’t recommend doing it. It will definitely trigger a database rebuild, which will take some time to run.

1. Quit Outlook

2. Locate this folder in your home folder:

~/Documents/Microsoft User Data/Office 2011 Identities/Main Identity/Data Records/Recent Addresses

3. Follow the sub-folders down until you come to a single file (should be named something similar to “x19_36260.olk14Recent”.) Move the file to the Trash.

4. Launch Outlook.

When you open Outlook, it will tell you that there’s a problem with the database and will tell you that a rebuild is needed. Select to rebuild the database.

Why I don’t recommend this: I tested both methods, and the rebuild of the database did not work. It finished successfully, but then Outlook would open, display an error then shut back down again. However, it does clear out everything in one shot so I’m including it. Maybe you’ll have better luck than me.

%d bloggers like this: