How to Edit Text Configuration Files on OS X Server

Managing OS X Server, quite often requires one to manually edit text based configuration files. As do many of our tutorials and FAQs.

There are many ways of doing this. You can use a Terminal based editor or one with a fancy GUI. What is paramount though, is that you use a Plain Text Editor like TextWrangler, Textastic or BBEdit. Rich Text Editors like Microsoft Word or Pages can severely damage your configuration files. Keeping above in mind, the rest comes down to personal preference.

On OS X I prefer to either use PICO, a Terminal based editor or TextWrangler which has a simple but powerful GUI and good syntax highlighting.

On iOS, PICO – accessed through an SSH session with Prompt – or TextWrangler with its built in SFTP client are my tools of choice.

Whether I use a Terminal based editor or one with a GUI mainly depends on the task at hand. For quick edits of a few lines, PICO works well and is the fastest way to go. If I need to make lots of changes or need a good overview of the file I am editing, a GUI editor is way more comfortable.

Let’s have a quick look at how these work.

Assuming we want to modify Postfix’, we would issue:

sudo pico /Library/Server/Mail/Config/postfix/

And be presented with a view like this:

Now we can use our cursor keys to move around, the backspace key to delete characters or simply type what we need. When we are done editing, we need to save and exit. The commands for this are at the bottom of the window.

In order to save and exit, we would hit CTRL-O (to write the file) and CTRL-X to exit PICO. Alternatively we can just hit CTRL-X and enter y when asked to save.

Have a good look at the available commands as there are more options like cutting text and page scrolling.

While it may need a bit of time to get adjusted to, mastering a Terminal based text editor can be a very useful item in your tool chest.

Using the GUI instead of Terminal

If you don’t like using Terminal, you can always use a Plain Text Editor like TextWrangler which would look something like this

and behave like any other GUI Plain Text Editor.
The choice is yours, just make sure you avoid Rich Text Editors like Microsoft Word or Pages. There are plenty to choose from, like TextWrangler, Textastic, BBEdit, SubEthaEdit, SublimeText and many more. The choice on iOS is equally large.

For this tutorial, let’s look at TextWrangler which is a powerful (yet free) plain text editor

TextWrangler allows you to navigate hidden directories (/etc /Library etc) and edit files even when they are owned by root.

IMPORTANT: Don’t use the App Store version
Due to app store rules, the version from the app store is not able to unlock/edit files.
Download the application directly from the publisher:

These steps walk you through editing a hidden/privileged (root) file. We’ll use /etc/php.ini as our example.

In TextWrangler, use the Open File by Name option in the File menu.
This allows you to simply paste the path/name: /etc/php.ini


Another way to open /etc/php.ini is with the more familiar Open Dialog from TextWrangler.
Be sure to choose the Show Hidden Files option.


ALWAYS backup a file before you make changes
Save a backup to your Desktop using the Save a Copy option from the File menu.
Because the file is owned by root, you’ll need to authenticate.

Screen Shot 2016-02-10 at 11.45.44 AM

We need to be careful editing this file, one out of place character could effect your system.
You did backup first, right ?

Let’s make a safe change.
In the php.ini file, comments start with a semi-colon.
Simply add a space at the end of one of the commented lines:

; About php.ini   ;  <<--- add a space at the end of this line

When you attempt to edit the file, you’ll be asked to authenticate again.
Once you authenticate, you can edit, then save the file.

That is all there is. Happy editing!

What is virtual mail hosting or are virtual mail domains

A quote from Apple’s documentation:

Virtual hosting is a method you can use to host more than one domain name on the same computer and IP address, with overlapping mail user names.

For example, a mail server can receive mail transfer requests for two domains, and, both of which resolve to the same IP address. For, the server delivers mail to “” to a user mailbox for “bob,” while it also delivers mail to “” to a different user mailbox. Virtual hosts are essentially the converse of local host aliases.

So when do you need to use virtual domains?

If you host mail for many organizations, and you need to be a different mailbox than, then you need to use virtual domains for your mail service.

The typical small business with a few domains, does usually not need to enable virtual domains. and are the same person and use the same mailbox.

How to flush local dns cache

10.7 – 10.8

sudo killall -HUP mDNSResponder

10.5 – 10.6

sudo dscacheutil -flushcache


lookupd -flushcache

How to verify that an SSL key, certificate and CSR match

These commands will output a short string of characters.
If the characters match, then they belong together.

openssl x509 -noout -modulus -in mydomain.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.key | openssl md5
openssl req -noout -modulus -in mydomain.csr | openssl md5

How to to decrypt an SSL Key

When you setup SSL in Server Admin, the ‘key’ is stored RSA encrypted.

If you want to use your certificate outside of Server Admin, you’ll need the passphrase or a non-encrypted copy of the key.

There are a few approaches, here’s one:

The certificates are stored in /etc/certificates, so lets go there:

cd /etc/certficates

Take a look at all the keys/certs in this directory:


For every cert you created, you will see several files [cert key concat & chain] You might even see more than one set for your certificate. Each set has a unique ID in the name of each file in the set.

If you want to decrypt the key for, and you see more than one set, you can see which is the latest by viewing the list sorted by date.

ls -alt

Now you know which key you would like to decrypt. We’ll need the passphrase, here’s how we get it:

  • Copy the unique ID to your clipboard.
  • Open the Keychain Access application from your Utilities folder.
  • Search for the unique ID, and double-click it to view the details.
  • Click the Show password button (enter your credentials)
  • Copy the password to your clipboard, this is the RSA passphrase

Now lets make a non-encrypted copy of the key.

sudo openssl rsa -in -out ~/Desktop/

When asked, paste the passphrase you copied to your clipboard earlier.

Thats it.
The non-encrypted key is now on your desktop now.