Add https (ssl) support to your osx mac development machine with signed certificate

It became apparent that getting mod_ssl working correctly without browser warnings when developing sites that take payments is a bit of pain. Mainly because there is no free way to have a root authority sign your Certificate Signing Request (CSR).

There is how ever a short cut, given that you are using Apache, mod_ssl, openssl and Firefox.

We’re going to generate our own Certificate Authority (CA), this is CA is only going to work for us so if your generating a certificate for production, you’ll need to send your CSR to a proper CA such as VeriSign

Step1, Make a temporary folder we can work in.

cd ~/Desktop/ssltemp

Step2, generate our private key

openssl genrsa -des3 -out server.key 1024

You will be asked for a passphrase in the creation of this key. (just use 12345) or anything butdo not forget this passphrase! You’ll have to do this all over if you forget the passphrase. You will need this passphrase later on in the process.

Step3, generate a CSR from our private key

openssl req -new -key server.key -out server.csr

you’ll be asked for the following information:

Country Name (2 letter code) [AU]: (enter your country code here)
State or Province Name (full name) [Some-State]: (Enter your state here)
Locality Name (eg, city) []: (enter your city here)
Organization Name (eg, company) [Internet Widgits Pty Ltd]: (enter something here)
Organizational Unit Name (eg, section) []: (enter something here)
Common Name (eg, YOUR name) []: (this is the important one)
Email Address []: (your e-mail address)

Make sure you fill in `Common Name` with your domain you want this certificate for, this should match your apache vhost `ServerName` setting

Now, looking at the directory we’re working in, you should have the following:

[rob:~/Desktop/ssltemp] ls -la
total 12
drwxr-xr-x    5 rob      staff         126 Nov 14 17:01 .
drwx------   38 rob      staff       1248 Nov 14 16:57 ..
-rw-r--r--    1 rob      staff         729 Nov 14 17:01 server.csr
-rw-r--r--    1 rob      staff         963 Nov 14 16:59 server.key

Step4, create the private key for our CA

openssl genrsa -des3 -out ca.key 1024

Again, you’ll be asked for a passphrase, which, again, you should not forget.

Step5, create CA certificate using the key we just made

openssl req -new -x509 -days 365 -key ca.key -out ca.crt

You will be asked for similar information you were asked for when we make the web server certificate earlier; this information should be about you, enter something like the following

Country Name (2 letter code) [AU]:GB
State or Province Name (full name) [Some-State]:Cheshire
Locality Name (eg, city) []:Stockport
Organization Name (eg, company) [Internet Widgits Pty Ltd]:My CA
Organizational Unit Name (eg, section) []:My CA for Dev
Common Name (eg, YOUR name) []:Rob Aldred
Email Address []

Now you will have 4 files your directory; server.key, server.csr, ca.key, ca.crt
Next is the important park, signing our certificate request.

The easiest way to do this is to use the script contained in the mod_ssl source,
or you can get it here:
copy the script to the working directory

Step6, make executable and sign our CSR

chmod +x
./ server.csr

you should get something like the following:

CA signing: server.csr -> server.crt:
Using configuration from ca.config
Enter PEM pass phrase:
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:'GB'
stateOrProvinceName   :PRINTABLE:'Cheshire'
localityName          :PRINTABLE:'Stockport'
organizationName      :PRINTABLE:'Testing'
commonName            :PRINTABLE:'localhost'
emailAddress          :IA5STRING:''
Certificate is to be certified until Nov 14 23:09:20 2010 GMT (365 days)
Sign the certificate? [y/n]:y

1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
CA verifying: server.crt <-> CA cert
server.crt: OK

Answer ‘y’ to the question asking to Sign the certificate [y/n]

Step7, remove password requirement from server key

cp server.key server.key.original
openssl rsa -in server.key.original -out server.key

you be asked for the passphase

Step8, copy files to our webserver

sudo mkdir /etc/apache2/certs
sudo cp -r * /etc/apache2/certs/

Step9, add the configuration to your VirtualHost block listening on the SSL port 443

SSLEngine on
SSLCertificateFile "/etc/apache2/certs/server.crt"
SSLCertificateKeyFile "/etc/apache2/certs/server.key"
SSLCACertificateFile "/etc/apache2/certs/ca.crt"

Step10, Tell apache to listen on 443
By default there is a file in /etc/apache2/extras called httpd-ssl.conf
this needs to edited and included in /etc/apache2/httpd.conf its commented out initially.

Depending where you are defining your VirtualHost blocks
Comment out or remove the _default_ virtualHost block in httpd-ssl.conf, this will cause errors when starting apache because we have no configured certificate for the example apache provites

Edit your httpd.conf to include the etc/httpd-ssl.conf file, scroll to the bottom the file, you’ll notice its commented out at around line #476

# Secure (SSL/TLS) connections
# Include /private/etc/apache2/extra/httpd-ssl.conf

Just remove the # and move onto the next step

I use a seperate vhosts folder in extra, containing individual conf files for each virtualhost, they are included in the extra/httpd-vhosts.conf files using the following:

Include /private/etc/apache2/extra/vhosts/*.conf

Step10, restart apache

sudo apachectl restart

Step11, (a few steps in itself) Add our CA to Firefox so it think its a trusted authority
Go to Preferences (Cmd + ,)
Go to Advanced
Go to Encryption
Click ‘View Certificates’
Choose the ‘Authorities’ tab
Click ‘Import’
Hit Shift + Cmd + g to open the go to folder window
Enter ‘/etc/apache2/certs’ (You might be asked to authenticate with your system password)
Select the ca.crt file we generated earlier and click ‘Open’
Firefox will ask you:
Do you want to trust “My CA” for the following purposes?
Just select Trust this CA to identify websites
Click ‘OK’
Restart your browser

If you’ve followed everything correctly when you go to https://localhost (or whatever CommonName you specified)
You will get a ssl encrypted site and no warnings about the certificate not being trusted.

Example showing a local vhost with a verified cert
Example showing a local vhost with a verified cert

If apache doesn’t come backup then apache’s config checks program is your best friend.

/usr/sbin/httpd -S

Cucumber pretty html formatter for textmate

I’ve been using cucumber a lot recently along with the textmate bundle for it.
The HTML output cucumber creates is fine, but not all that pretty.

I’ve created a new formatter for cucumber to generate HTML enhanced with some javascript.
My inspiration came from the textmate bundle for rspec.

You can grap it off my github.
Here’s some screenshots:

UPDATE: I replaced the original html formatter in cucumber; as of 19th November my fork has been merged into Aslak’s cucumber/master upgrade to the cucumber 0.4.5 release.
View the commit history

Dell Latitude D430 OSx86 working install guide using iPC PPF5 Final

I had an iMac for a while now and have been thinking of getting a Macbook aswell.

Just recently I’ve been given a Dell D430 I’ve heard a lot about OSx86 and tried to do it once before with a kalyway install but failed miserably. This Dell D430 has a good spec match to the macbooks and seems to be supported a bit so thought i’d give it a whirl.

It took about 6 hours, 2 of them spent downloading the 4.3gb iPC DVD from Rapidshare (btw, jDownloader + Rapidshare premium ftw)

I burnt the ISO to a Blank 4.7 DVD, popped it into my Lenovo USB DVD Combo drive (No DVD/CD on the D430)
to my amazement the OSX installer booted up straight away.

Note: You’ll need a USB KB + Mouse for the first boot, the installer works with the D430’s kb + trackpad but after install it needs little more work.

Install done using iPC OSX 10.5.6 PPF5 Universal Final – Base
Use the following options when installing:

– Kernel: Voodoo 9.5.0
– Video: Intel GMA950
– Chipset: LegacyAppleIntelPIIXATA
– Audio: Sigmatel 9200 (Might not work, if not fix later with Apple HDA Patcher instructions below)
– Ethernet: Intel 82566MM/DC (Not tested, I use Wifi)
– Wireless: Intel PROSet/Wireless 3945
– Fixes & Patches: ACPI Fix
Time Machine Patch
IOPCIFamily.kext patched
Seatbelt.kext 10.5.5
USB Mount Fix
PS/2 Device Support (Both KB + Mouse)
DSDT Patch
– All Applications

Restart remember to use “-f” flag when starting up for the first time.


1. Download Package PS2 FixPS2Fix1054.
2. Right Click on the Package -> Open With -> Pacifist
3. After 15 Seconds, Click on Not Yet (Support Charles if you use this App)
4. Expand contents of “Choice0”
5. Expand contents of “appleps2controller.pkg”
6. Right Click “ApplePS2Controller.kext” and select the option “Install to default location”

To solve the kernel panics when mounting dmg’s
Install this seatbelt.kext from 10.5.5 over the one from 10.5.6, use osx86tools for install
Remember to fix permissions.

Audio Fix:
Download AppleHDA.kext

Extract them both and drop them into /System/Libary/Extensions

Battery Monitor: (Source:

You’ll need the following Kext collection,
Kexts for battery monitor
We only need PowerManagement.bundle + AppleACPIBatteryManager.kext

First is PowerManagement.bundle, that goes into to /System/Library/SystemConfiguration folder
Then there’s AppleACPIBatteryManager.kext, that goes into the /System/Libary/Extensions directory.

Fix the extension permissions with osx86tools, reboot with -f


There is only 1 thing I cannot get working (Which I’m still working on finding a fix) the SD Card reader, it seems to freeze the laptop when a card is inserted.

If everything goes smoothly you should have OSX up and running on your Dell within an hour.
Winner Winner!

Thanks for reading & good luck

Thanks to Insanely Mac for being an invaluable resource for me 🙂

There are tons of extensions available from if you have slightly different hardware you may need different files

Restarting syslog process on Mac OSX

I’ve been working on a project which uses syslog.
In order for the changes I made to syslog.conf to take effect I needed to restart the syslogd process

Yes I could restart my computer but that’s just too much effort.
I found a simple solution using the built in Mac Launch Daemons

~#: launchctl unload /System/Library/LaunchDaemons/
~#: launchctl load /System/Library/LaunchDaemons/

syslogd will now have reloaded with any config changes you made.

How to Sync iPhone with multiple computers from tinyfish

Nice and simple method to flawlessly enable syncing your iphone + iPods to multiple machines, works on Mac + Windows!
I used, now I have my iPhone syncing to both my home + work iMac’s with iTunes 8.1

How to Sync iPhone with multiple computers


In order to sync your iPhone with multiple computers you always had to “erase” one iTunes library and sync with another, no longer! Thanks to Andrew Grant at Shiny Things who create a step by step instruction for syncing your iPhone with multiple computers and giving you full manual control on how you want to organize your iPhone music between multiple iTunes libraries.

This is NOT for the faint hearted as it does involve tweaking of files, please proceed with caution and BACKUP everything, especially your “iTunes Library” and “iTunes Music Library.xml” files before proceeding. I have performed this and it works flawlessly but if for any reason your iTunes or your iPhone or your data becomes destroyed, I am NOT responsible. Now that we have gotten the disclaimer aside, let’s proceed with the fun stuff.


Adding Avi’s and other movie files to iTunes

I’ve recently moved to Mac from Ubuntu.
I tend to watch alot of TV from my computer, I’ve been wondering how to add all the shows to my iTunes library without having to convert them to MOV, because that would just take forever!

I came across this little program called Movie2iTunes, it’s a little Freeware app that does just what it says!
It allows you to add any type of movie that Quicktime can play to iTunes, so with the relivant plugins Xvid/Divx and many more.

Drp the app onto your dock or somewhere handy and simply drag and drop your Movie files or Folders containing movie files onto the Movie2iTunes app.

It works by creating QuickTime media links to your movies, it then adds these links to the iTunes library.
It also tries to guess if your movie is infact a TV show, it will correctly set the media type and even try to guess the

season and episode from the file names…

eg. Prison.Break.s01e12.avi

It will automatically match the ‘s’ and ‘e’ if followed by numbers as season and episode 🙂 nice!

You can download the latest version from:

Avi TV shows in iTunes