How to verify that an SSL key, certificate and CSR match

These commands will output a short string of characters.
If the characters match, then they belong together.

openssl x509 -noout -modulus -in mydomain.crt | openssl md5
openssl rsa -noout -modulus -in mydomain.key | openssl md5
openssl req -noout -modulus -in mydomain.csr | openssl md5

How to to decrypt an SSL Key

When you setup SSL in Server Admin, the ‘key’ is stored RSA encrypted.

If you want to use your certificate outside of Server Admin, you’ll need the passphrase or a non-encrypted copy of the key.

There are a few approaches, here’s one:

The certificates are stored in /etc/certificates, so lets go there:

cd /etc/certficates

Take a look at all the keys/certs in this directory:


For every cert you created, you will see several files [cert key concat & chain] You might even see more than one set for your certificate. Each set has a unique ID in the name of each file in the set.

If you want to decrypt the key for, and you see more than one set, you can see which is the latest by viewing the list sorted by date.

ls -alt

Now you know which key you would like to decrypt. We’ll need the passphrase, here’s how we get it:

  • Copy the unique ID to your clipboard.
  • Open the Keychain Access application from your Utilities folder.
  • Search for the unique ID, and double-click it to view the details.
  • Click the Show password button (enter your credentials)
  • Copy the password to your clipboard, this is the RSA passphrase

Now lets make a non-encrypted copy of the key.

sudo openssl rsa -in -out ~/Desktop/

When asked, paste the passphrase you copied to your clipboard earlier.

Thats it.
The non-encrypted key is now on your desktop now.

How to enable/disable greylisting [10.7 – 10.8]

Click here to learn more about greylisting

To disable greylisting

sudo serveradmin settings mail:postfix:greylist_disable = yes

sudo postfix reload

To enable greylisting

sudo serveradmin settings mail:postfix:greylist_disable = no

sudo postfix reload

How to lookup a user GUID

You can lookup a users’s GUID using WorkGroup Manager, but what fun is that?

Here are just a few ways you can lookup a GUID

Lookup a single user: 10.7 & 10.8 Only:

sudo /Applications/ -i bobsmith

How handy it would be to have a list of all users and their GUID?

dscl /Search -list /Users GeneratedUID

Above returns all of the sytem users, its cleaner if we omit them:

dscl /Search -list /Users GeneratedUID | grep -v '^_'

Is spamtrainer compatible with OS X 10.8.x Mountain Lion Server?

Yes, starting with version 1.9.8, spamtrainer is compatible with OS X 10.8.x Mountain Lion Server.