Warnings sent by server

Similar Messages

• Client certificate authentication fails when the CA list sent by server is big and the list goes in 2 encrypted messages.

  I checked with IE browser(on windows and MAC) and MAC safari packet capture. The CA certificate list is sent by server in 2 messages as the list is too big. I compared packet by packet exchanges in both the browsers. It is same till TLSv1 handshake is done for the ldap certificate authentication. It works fine in IE without any issues though the certificate list is divided into 2 messages.
  In case of safari, after the TLSv1 handshake is done successfully, it again sends a SSLv3 'Client Hello' message and initiates the whole handshake process again and the server responds to it too till the handshake is complete. But it brakes after that with the server showing 'Cant establish secure connection' at the browser.
  The issue occurs only in case of MAC safari for big list of CA certs >150(where it crosses the max limit) from server. It is not clear why safari alone is switching from TLSv1 to SSLv3 in this scenario.
  NOTE: With shorter list of CA certs at server when it goes in one message, safari works fine and all messages are only TLSv1 and does not repeat the handshake process.
  I have checked on safari version 5 and 6.0.3 on OS X mountain lion.
  Is there any specific reason why MAC safari behaves like this or somethings needs to be done at server?
  Any help would be appreciated.

  I checked with IE browser(on windows and MAC) and MAC safari packet capture. The CA certificate list is sent by server in 2 messages as the list is too big. I compared packet by packet exchanges in both the browsers. It is same till TLSv1 handshake is done for the ldap certificate authentication. It works fine in IE without any issues though the certificate list is divided into 2 messages.
  In case of safari, after the TLSv1 handshake is done successfully, it again sends a SSLv3 'Client Hello' message and initiates the whole handshake process again and the server responds to it too till the handshake is complete. But it brakes after that with the server showing 'Cant establish secure connection' at the browser.
  The issue occurs only in case of MAC safari for big list of CA certs >150(where it crosses the max limit) from server. It is not clear why safari alone is switching from TLSv1 to SSLv3 in this scenario.
  NOTE: With shorter list of CA certs at server when it goes in one message, safari works fine and all messages are only TLSv1 and does not repeat the handshake process.
  I have checked on safari version 5 and 6.0.3 on OS X mountain lion.
  Is there any specific reason why MAC safari behaves like this or somethings needs to be done at server?
  Any help would be appreciated.

• Which components of jsp are worked right before the page sent to server

  hello
  In a jsf application
  I want to know in java bean which components of jsp are worked right before the page sent to server.
  how can I do that ?
  regards

  So you want to know which component was activated to cause the request to be submitted. If you use an action listener, you will have the ActionEvent which contains the source component.

• Customize email alert sent from server admin.

  We have deployed a number of MacMini Servers at different client locations and need a way to customize the alert e-mail sent from server admin.
  The alert simply states the name of the server but we need to add to it the location or client name as well so we have a way of differentiating between similar named servers at different sites.
  No amount of google has helped here.
  Anyone know how to customize the text being sent out by server admin to the alert e-mail address?

  I'm referring to changes made only in the receiver, and within the Postfix server associated with the automated receiving processing.
  Your proposed solution requires changes to the automated system on the receiving computer, and whether you choose to look at the subject line or at the target email address in the arriving mail seems (to me) not a significant difference in the receiving processing.
  The automated processing would have to look at the subject line in your case.  It would have to look at the arriving address (for itself!) in the
  Since I can infer some unfamiliarity with Postfix and SMTP, I'll put this a different way...  Configure the sending processing at the monitored site named FOO to send these messages to the email address  [email protected], where [email protected] is the email address of your automated receiver.  The same set-up over at site BAR is configured to send to [email protected], and (because you've tweaked the receiving Postfix server at EXAMPLE.COM to process the + sign as the same mailbox, it all arrives at the same mailbox.  Your automated server then looks at the address used, and sorts the messages accordingly.
  This is very similar to your use of the subject line, save it requires no changes to the sender, and what are likely to be equivalent changes to the receiving processing.   If you can't change the receiving processing (at all) and you have only the subject line available to you, then you can use this scheme and put some simple custom SMTP message processing "in front of" the automated processing to rejigger the subject line.  That's all in-house, and it'll get you to the subject line.  Again, all of this without changes to the sending code, and the resulting maintenance headaches.  This custom-processing is all in-house and entirely within your shop.
  (This same +-based message processing can be used within he Apple Mail client and its rules, for instance; it's a fairly common technique to identify the source of the mail message.  Directly, in this case, or potentially who leaked your email address in the case of unsolicited third-party mail.  FWIW.)

• Cannot retrieve my e-mail "browser sent request server could not understand. Size of request header field exceeds server limit"

  Upgraded to Firefox 5.0.1 yesterday. No, after logging on to firefox, which takes me to my comcast page and when I try to get
  my e-mail I get this message "your browser sent a request this server could not understand. Size of request header field exceeds server limit" Then it says something about "cookies" I also tried to connect to other sites and get similar messages. Just to let you know I am not a guru, and 80 years old, but I did not have this problem with the previous version. Question, why are the headers repeated? Could that be the problem???

  This issue can be caused by corrupted cookies.
  Clear the cache and the cookies from sites (e.g. comcast) that cause problems.
  "Clear the Cache":
  * Firefox > Preferences > Advanced > Network > Offline Storage (Cache): "Clear Now"
  "Remove Cookies" from sites causing problems:
  * Firefox > Preferences > Privacy > Cookies: "Show Cookies"

• PDF binary sent to server each roundtrip?!

  Hi all,
  I'm on NW CE 7.11, integrating WDJ with SIFbA.
  I would really appreciate some help on the following problem:
  in my application we have 2 views, accessed in sequence by users.
  View 1 displays ("usepdf" mode) a PDF retrieved from db.
  View 2 allows users to perform search on backend and so on.
  The problem is that at each server roundtrip the binary is sent to the server, even when View 1 is no longer visible.
  As a consequence, when in view 2 a very simple interaction has to take place, the whole binary from view 1 is sent to the server as well.
  This is a major performance issue with large binaries (~1mb).
  I would like to tell the framework to send the PDF to server only when really necessary
  How can this be done?
  Thanks regards
  Vincenzo

  Hi Vincenzo,
  If you haven't tried it already you can use the setting "Allow Form Rendering to be Cached on Server". This is found on the form properties on the Performance tab. This will improve performance as the form does not need to be rendered for each round trip, however I don't believe that it prevent the round trip altogether. You may want to post this on the WDJ forum as well.
  Let us know how you go.
  Regards,
  Ben.

• Unwrap not unwraping all  data sent from server

  java client server NIO ssl
  At server end send about 50 packets are written using this method:
  sendPacket(String packet)
  writeBuffer = charSet.encode(packet);
  c.ssl.outNetBB.clear();
  c.ssl.engine.wrap(writeBuffer, c.ssl.outNetBB);
  c.ssl.outNetBB.flip();
  //write message to socket channel
  while (c.ssl.outNetBB.hasRemaining())
  socketChannel.write(c.ssl.outNetBB);
  At the client end I read all these packets:
  inNetBB.clear();
  int bytesread = socketChannel.read(inNetBB);
  inNetBB.flip();
  requestBB.clear();
  res = engine.unwrap(inNetBB, requestBB);
  It seems like all the 50 packets are read into inNetBB 6000 bytes
  But the unwrap only consumes 70 bytes and produces 100
  This first 100 bytes is unencrypted correctly and corresponds exactly to one write of the 50 from the server. I dont know why.
  Why am I getting only the first packet of the 50 sent??
  [  Ive tried : while inNtBB.hasRemaining for repeated unwraps
  but only the first packet is output still ]
  TIA
  pbutler

  If I'm reading this right, you're writing (wrapping) about 50 separate SSL packets, and then unwrapping just one.
  Recall:
  The SSLEngine produces/consumes complete SSL/TLS packets only, and
  does not store application data internally between calls to wrap()/unwrap().So it looks to me like you need to keep unwrapping the rest of your 5930 bytes to get the remainder of the application data.
  [ Ive tried : while inNtBB.hasRemaining for repeated unwraps
  but only the first packet is output still ]Are you inadvertantly clearing the inNtBB before you call your additional unwraps?
  If you have lots of small packets, you might want to consider buffering them up and wrapping them to the SSLEngine/SocketChannel all at once. You'll pay less in overhead.

• When uploading large file from network, all other requests are not being sent to server

  In our application we are facing a weird scenario in which when we try to upload a huge file(600+ MB) from network, all other requests(AJAX) are getting blocked. But when the same file is being uploaded from local location(E drive) then everything works fine.

  How are you uploading the file via network?
  If you are troubleshooting the network bandwidth? or the threads where one process takes precedent over the other you will have to troubleshoot the QoS of the network you see this on.
  To give a better visual please use Firebug or the Web Developer tool called Network to analyze the requests. The "XMLHttpRequest" will give better clues for Ajax. Reference [http://ajaxian.com/archives/ajax-debugging-with-firebug]
  There may be a about:config option that allows mutithreading or max persistent connections per server you can check.

• Encoding of data sent to server

  hello, i have problem with encoding of czech chars, all source code is utf-8 encoded, in each page i have <%@ page contentType="text/html; charset=UTF-8"%>, chars shown in page are shown correctly but if i fill some text field and send data to server so the data are not correct, it means in struts action i get not correct data from form bean
  thanks a lot

  There are multiple ways...Temporarily, you can turn on the RFC trace function for the RFC destination in question then view the RFC log file.  You can use a log point in your custom program and switch it on or off as needed and view the log point file which contains each individual table or variable with values.  Or simply, you can write the data to the spool (or an additional spool) based on a trace parameter on the selection screen.

• Searching specific arguments in context sent to server in Servlet Filter

  hi,
  I would like to build a filter, that recieves the html content, searches for specific words (for example: "taste"=shoo) and according to that sets the expires or content type of the response.
  I understand that I have to build a Wrapper, but how do I extract the request context from the server?

  would you send the trace of error/exceptions for the case in 10.1.3?

• FTP in CS3 - no data sent to server

  Hi, I am no nearer solving my earlier problem, but this is
  just a plea to see in anyone out there has had a similar
  experience...
  Since Tuesday, when I uploaded some updates, things stopped
  working, in strange ways, on the site. Suddenly, sometimes the
  stylesheets were disregarded, pages went blank, images disappeared,
  the flash stopped reading files. Today I worked out that this was
  because FTP was not working - well not well anyway - it setup a
  filename for every item on the server, but some items were left
  with no data, though the progress bar reported things happening and
  obviously the remote file list looked fine.
  I have just transferred the site with an old version of
  AceFTP - which all went over first time no problem... is this an
  ISP problem or do I have a bug on both my laptop and my desktop -
  or somewhere... This has cost me three days so far, I really need
  to get things working reliably.
  Any suggestion welcome.

  Try posting at the Web Development / Standards Evangelism forum at MozillaZine. The helpers over there are more knowledgeable about web page development issues with Firefox. <br />
  http://forums.mozillazine.org/viewforum.php?f=25 <br />
  You'll need to register and login to be able to post in that forum.

• Where can i find an email that couldn't be sent to server?

  the email i wanted to send was to big. mail told me it couldn't be sent. where can i find it now. there is an autosave function, isn't it? please help! must send in 30 min....

  now i wrote it new and sent it again. guess what, mail sent two emails. the new one first and then i stopped sending the old version. now the new one is in the sentbox and the old one is in the outbox (before it wasn't there)!  ???
  thank you for your help anyway!!! 

• TS3899 The email arrives with no problem, but when making a rely, the message pops up stating "The server does not allow relaying" and the reply is not sent.

  Received an iPad for Father's Day; during email setup, not able to send a reply to an email as a message appears stateing "Message not sent as server does not allow relaying." Can receive emails with no problem. Whoes server, theirs or mine.

  iOS: Unable to send or receive email
  http://support.apple.com/kb/TS3899
  Can’t Send Emails on iPad – Troubleshooting Steps
  http://ipadhelp.com/ipad-help/ipad-cant-send-emails-troubleshooting-steps/
  Setting up and troubleshooting Mail
  http://www.apple.com/support/ipad/assistant/mail/
  Server does not allow relaying email error, fix
  http://appletoolbox.com/2012/01/server-does-not-allow-relaying-email-error-fix/
  Why Does My iPad Say "Cannot Connect to Server"?
  http://www.ehow.co.uk/info_8693415_ipad-say-cannot-connect-server.html
  iOS: 'Mailbox Locked', account is in use on another device, or prompt to re-enter POP3 password
  http://support.apple.com/kb/ts2621
  iPad Mail
  http://www.apple.com/support/ipad/mail/
  Try this first - Reset the iPad by holding down on the Sleep and Home buttons at the same time for about 10-15 seconds until the Apple Logo appears - ignore the red slider - let go of the buttons. (This is equivalent to rebooting your computer.)
  Or this - Delete the account in Mail and then set it up again. Settings->Mail, Contacts, Calendars -> Accounts   Tap on the Account, then on the red button that says Remove Account.
   Cheers, Tom

• How To Install A (Almost) Working Lion Server With Profile Management/SSL/OD/Mail/iCal/Address Book/VNC/Web/etc.

  I recently installed a fresh version of Lion Server after attempting to fix a broken upgrade. With some help from others, I've managed to get all the new features working and have kept notes, having found that many or most of the necessary installation steps for both the OS and its services are almost entirely undocumented. When you get them working, they work great, but the entire process is very fragile, with simple setup steps causing breaks or even malicious behaviors. In case this is useful to others, here are my notes.
  Start with an erased, virgin, single guid partitioned drive. Not an upgrade. Not simply a repartitioned drive. Erased. Clean. Anything else can and probably will break the Lion Server install, as I discovered myself more than once. Before erasing my drive, I already had Lion and made a Lion install DVD from instructions widely available on the web. I suppose you could also boot into the Lion recovery partition and use disk utility to erase the OS X partition then install a new partition, but I cut a DVD. The bottom line is to erase any old OS partitions. And of course to have multiple, independent backups: I use both Time Machine with a modified StdExclusions.plist and Carbon Copy Cloner.
  Also, if you will be running your own personal cloud, you will want to know your domain name ahead of time, as this will be propagated everywhere throughout server, and changing anything related to SSL on Lion Server is a nightmare that I haven't figured out. If you don't yet have a domain name, go drop ten dollars at namecheap.com or wherever and reserve one before you start. Soemday someone will document how to change this stuff without breaking Lion Server, but we're not there yet. I'll assume the top-level domain name "domain.com" here.
  Given good backups, a Lion Install DVD (or Recovery Partition), and a domain name, here are the steps, apparently all of which must be more-or-less strictly followed in this order.
  DVD>Disk Utility>Erase Disk  [or Recovery Partition>Disk Utility>Erase Partition]
  DVD>Install Lion
  Reboot, hopefully Lion install kicks in
  Update, update, update Lion (NOT Lion Server yet) until no more updates
  System Preferences>Network>Static IP on the LAN (say 10.0.1.2) and Computer name ("server" is a good standbye)
  Terminal>$ sudo scutil --set HostName server.domain.com
  App Store>Install Lion Server and run through the Setup
  Download install Server Admin Tools, then update, update, update until no more updates
  Server Admin>DNS>Zones [IF THIS WASN'T AUTOMAGICALLY CREATED (mine wasn't): Add zone domain.com with Nameserver "server.domain.com." (that's a FQDN terminated with a period) and a Mail Exchanger (MX record) "server.domain.com." with priority 10. Add Record>Add Machine (A record) server.domain.com pointing to the server's static IP. You can add fancier DNS aliases and a simpler MX record below after you get through the crucial steps.]
  System Prefs>Network>Advanced>Set your DNS server to 127.0.0.1
  A few DNS set-up steps and these most important steps:
  A. Check that the Unix command "hostname" returns the correct hostname and you can see this hostname in Server.app>Hardware>Network
  B. Check that DNS works: the unix commands "host server.domain.com" and "host 10.0.1.2" (assuming that that's your static IP) should point to each other. Do not proceed until DNS works.
  C. Get Apple Push Notification Services CA via Server.app>Hardware>Settings><Click toggle, Edit... get a new cert ...>
  D. Server.app>Profile Manager>Configure... [Magic script should create OD Master, signed SSL cert]
  E. Server.app>Hardware>Settings>SSL Certificate> [Check to make sure it's set to the one just created]
  F. Using Server.app, turn on the web, then Server.app>Profile Manager> [Click on hyperlink to get to web page, e.g. server.domain.com/profilemanager] Upper RHS pull-down, install Trust Profile
  G. Keychain Access>System>Certificates [Find the automatically generated cert "Domain", the one that is a "Root certificate authority", Highlight and Export as .cer, email to all iOS devices, and click on the authority on the device. It should be entered as a trusted CA on all iOS devices. While you're at it, highlight and Export... as a .cer the certificate "IntermediateCA_SERVER.DOMAIN.COM_1", which is listed an an "Intermediate CA" -- you will use this to establish secure SSL connections with remote browsers hitting your server.]
  H. iOS on LAN: browse to server.domain.com/mydevices> [click on LHS Install trust cert, then RHS Enroll device.
  I. Test from web browser server.domain.com/mydevices: Lock Device to test
  J. ??? Profit
  12. Server Admin>DNS>Zones> Add convenient DNS alias records if necessary, e.g., mail.domain.com, smtp.domain.com, www.domain.com. If you want to refer to your box using the convenient shorthand "domain.com", you must enter the A record (NOT alias) "domain.com." FQDN pointing to the server's fixed IP. You can also enter the convenient short MX record "domain.com." with priority 11. This will all work on the LAN -- all these settings must be mirrored on the outside internet using the service from which you registered domain.com.
  You are now ready to begin turning on your services. Here are a few important details and gotchas setting up cloud services.
  Firewall
  Server Admin>Firewall>Services> Open up all ports needed by whichever services you want to run and set up your router (assuming that your server sits behind a router) to port forward these ports to your router's LAN IP. This is most a straightforward exercise in grepping for the correct ports on this page, but there are several jaw-droppingly undocumented omissions of crucial ports for Push Services and Device Enrollment. If you want to enroll your iOS devices, make sure port 1640 is open. If you want Push Notifications to work (you do), then ports 2195, 2196, 5218, and 5223 must be open. The Unix commands "lsof -i :5218" and "nmap -p 5218 server.domain.com" (nmap available from Macports after installing Xcode from the App Store) help show which ports are open.
  SSH
  Do this with strong security. Server.app to turn on remote logins (open port 22), but edit /etc/sshd_config to turn off root and password logins.
  PermitRootLogin no
  PasswordAuthentication no
  ChallengeResponseAuthentication no
  I'm note sure if toggling the Allow remote logins will load this config file or, run "sudo launchctl unload -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist ; sudo launchctl load -w /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist" to restart the server's ssh daemon.
  Then use ssh-keygen on remote client to generate public/private keys that can be used to remotely login to the server.
  client$ ssh-keygen -t rsa -b 2048 -C client_name
  [Securely copy ~/.ssh/id_rsa.pub from client to server.]
  server$ cat id_rsa.pub > ~/.ssh/known_hosts
  I also like DenyHosts, which emails detected ssh attacks to [email protected]. It's amazing how many ssh attacks there are on any open port 22. Not really an added security feature if you've turned off password logins, but good to monitor. Here's a Lion Server diff for the config file /usr/share/denyhosts:
  $ diff denyhosts.cfg-dist denyhosts.cfg
  12c12
  < SECURE_LOG = /var/log/secure
  > #SECURE_LOG = /var/log/secure
  22a23
  > SECURE_LOG = /var/log/secure.log
  34c35
  < HOSTS_DENY = /etc/hosts.deny
  > #HOSTS_DENY = /etc/hosts.deny
  40a42,44
  > #
  > # Mac OS X Lion Server
  > HOSTS_DENY = /private/etc/hosts.deny
  195c199
  < LOCK_FILE = /var/lock/subsys/denyhosts
  > #LOCK_FILE = /var/lock/subsys/denyhosts
  202a207,208
  > LOCK_FILE = /var/denyhosts/denyhosts.pid
  > #
  219c225
  < ADMIN_EMAIL =
  > ADMIN_EMAIL = [email protected]
  286c292
  < #SYSLOG_REPORT=YES
  > SYSLOG_REPORT=YES
  Network Accounts
  User Server.app to create your network accounts; do not use Workgroup Manager. If you use Workgroup Manager, as I did, then your accounts will not have email addresses specified and iCal Server WILL NOT COMPLETELY WORK. Well, at least collaboration through network accounts will be handled clunkily through email, not automatically as they should. If you create a network account using Workgroup Manager, then edit that account using Server.app to specify the email to which iCal invitations may be sent. Server.app doesn't say anything about this, but that's one thing that email address entry is used for. This still isn't quite solid on Lion Server, as my Open Directory logs on a freshly installed Lion Server are filled with errors that read:
  2011-12-12 15:05:52.425 EST - Module: SystemCache - Misconfiguration detected in hash 'Kerberos':
       User 'uname' (/LDAPv3/127.0.0.1) - ID 1031 - UUID 98B4DF30-09CF-42F1-6C31-9D55FE4A0812 - SID S-0-8-83-8930552043-0845248631-7065481045-9092
  Oh well.
  Email
  Email aliases are handled with the file /private/etc/postfix/aliases. Do something like this
  root:           myname
  admin:          myname
  sysadmin:       myname
  certadmin:      myname
  webmaster:      myname
  my_alternate:   myname
  Then run "sudo newaliases". If your ISP is Comcast or some other large provider, you probably must proxy your outgoing mail through their SMTP servers to avoid being blocked as a spammer (a lot of SMTP servers will block email from Comcast/whatever IP addresses that isn't sent by Comcast). Use Server.app>Mail to enter your account information. Even then, the Lion Server default setup may fail using this proxy. I had to do this with the file /private/etc/postfix/main.cf:
  cd /etc/postfix
  sudo cp ./main.cf ./main.cf.no_smtp_sasl_security_options
  sudo echo 'smtp_sasl_security_options = noanonymous' >> ./main.cf
  sudo serveradmin stop mail
  sudo serveradmin start mail
  Finally, make sure that you're running a blacklisting srevice yourself! Server Admin>Mail>Filter> Use spamhaus.org as a blacklister. Finally, set up mail to use strong Kerberos/MD5 settings under on Server Admin>Mail>Advanced. Turn off password and clear logins. The settings should be set to "Use" your SSL cert, NOT "Require". "Require" consistently breaks things for me.
  If you already installed the server's Trust Certificate as described above (and opened up the correct ports), email to your account should be pushed out to all clients.
  iCal Server
  Server.app>Calendar>Turn ON and Allow Email Invitations, Edit... . Whatever you do, do NOT enter your own email account information in this GUI. You must enter the account information for local user com.apple.calendarserver, and the password for this account, which is stored in the System keychain: Keychain Access>System> Item com.apple.servermgr_calendar. Double-click and Show Password, copy and paste into Server.app dialog. This is all described in depth here. If you enter your own account information here (DO NOT!), the iCal Server will delete all Emails in your Inbox just as soon as it reads them, exactly like it works for user com.apple.calendarserver. Believe me, you don't want to discover this "feature", which I expect will be more tightly controlled in some future update.
  Web
  The functionality of Server.app's Web management is pretty limited and awful, but a few changes to the file /etc/apache2/httpd.conf will give you a pretty capable and flexible web server, just one that you must manage by hand. Here's a diff for httpd.conf:
  $ diff httpd.conf.default httpd.conf
  95c95
  < #LoadModule ssl_module libexec/apache2/mod_ssl.so
  > LoadModule ssl_module libexec/apache2/mod_ssl.so
  111c111
  < #LoadModule php5_module libexec/apache2/libphp5.so
  > LoadModule php5_module libexec/apache2/libphp5.so
  139,140c139,140
  < #LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  < #LoadModule encoding_module libexec/apache2/mod_encoding.so
  > LoadModule auth_digest_apple_module libexec/apache2/mod_auth_digest_apple.so
  > LoadModule encoding_module libexec/apache2/mod_encoding.so
  146c146
  < #LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  > LoadModule xsendfile_module libexec/apache2/mod_xsendfile.so
  177c177
  < ServerAdmin [email protected]
  > ServerAdmin [email protected]
  186c186
  < #ServerName www.example.com:80
  > ServerName domain.com:443
  677a678,680
  > # Server-specific configuration
  > # sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart
  > Include /etc/apache2/mydomain/*.conf
  I did "sudo mkdir /etc/apache2/mydomain" and add specific config files for various web pages to host. For example, here's a config file that will host the entire contents of an EyeTV DVR, all password controlled with htdigest ("htdigest ~uname/.htdigest EyeTV uname"). Browsing to https://server.domain.com/eyetv points to /Users/uname/Sites/EyeTV, in which there's an index.php script that can read and display the EyeTV archive at https://server.domain.com/eyetv_archive. If you want Apache username accounts with twiddles as in https://server.domain.com/~uname, specify "UserDir Sites" in the configuration file.
  Alias /eyetv /Users/uname/Sites/EyeTV
  <Directory "/Users/uname/Sites/EyeTV">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  Alias /eyetv_archive "/Volumes/Macintosh HD2/Documents/EyeTV Archive"
  <Directory "/Volumes/Macintosh HD2/Documents/EyeTV Archive">
      AuthType Digest
      AuthName "EyeTV"
      AuthUserFile /Users/uname/.htdigest
      AuthGroupFile /dev/null
      Require user uname
      Options Indexes MultiViews
      AllowOverride All
      Order allow,deny
      Allow from all
  </Directory>
  I think you can turn Web off/on in Server.app to relaunch apached, or simply "sudo apachectl -D WEBSERVICE_ON -D MACOSXSERVER -k restart".
  Securely copy to all desired remote clients the file IntermediateCA_SERVER.DOMAIN.COM_1.cer, which you exported from System Keychain above. Add this certificate to your remote keychain and trust it, allowing secure connections between remote clients and your server. Also on remote clients: Firefox>Advanced>Encryption>View Certificates>Authorities>Import...> Import this certificate into your browser. Now there should be a secure connection to https://server.domain.com without any SSL warnings.
  One caveat is that there should be a nice way to establish secure SSL to https://domain.com and https://www.domain.com, but the automagically created SSL certificate only knows about server.domain.com. I attempted to follow this advice when I originally created the cert and add these additional domains (under "Subject Alternate Name Extension"), but the cert creation UI failed when I did this, so I just gave up. I hope that by the time these certs expire, someone posts some documentation on how to manage and change Lion Server SSL scripts AFTER the server has been promoted to an Open Directory Master. In the meantime, it would be much appreciated if anyone can post either how to add these additional domain names to the existing cert, or generate and/or sign a cert with a self-created Keychain Access root certificate authority. In my experience, any attempt to mess with the SSL certs automatically generated just breaks Lion Server.
  Finally, if you don't want a little Apple logo as your web page icon, create your own 16×16 PNG and copy it to the file /Library/Server/Web/Data/Sites/Default/favicon.ico. And request that all web-crawling robots go away with the file /Library/Server/Web/Data/Sites/Default/robots.txt:
  User-agent: *
  Disallow: /
  Misc
  VNC easily works with iOS devices -- use a good passphrase. Edit /System/Library/LaunchDaemons/org.postgresql.postgres.plist and set "listen_addresses=127.0.0.1" to allow PostgreSQL connections over localhost. I've also downloaded snort/base/swatch to build an intrusion detection system, and used Macports's squid+privoxy to build a privacy-enhanced ad-blocking proxy server.

  Privacy Enhancing Filtering Proxy and SSH Tunnel
  Lion Server comes with its own web proxy, but chaining Squid and Privoxy together provides a capable and effective web proxy that can block ads and malicious scripts, and conceal information used to track you around the web. I've posted a simple way to build and use a privacy enhancing web proxy here. While you're at it, configure your OS and browsers to block Adobe Flash cookies and block Flash access to your camera, microphone, and peer networks. Read this WSJ article series to understand how this impacts your privacy. If you configure it to allow use for anyone on your LAN, be sure to open up ports 3128, 8118, and 8123 on your firewall.
  If you've set up ssh and/or VPN as above, you can securely tunnel in to your proxy from anywhere. The syntax for ssh tunnels is a little obscure, so I wrote a little ssh tunnel script with a simpler flexible syntax. This script also allows secure tunnels to other services like VNC (port 5900). If you save this to a file ./ssht (and chmod a+x ./ssht), example syntax to establish an ssh tunnel through localhost:8080 (or, e.g., localhost:5901 for secure VNC Screen Sharing connects) looks like:
  $ ./ssht 8080:[email protected]:3128
  $ ./ssht 8080:alice@:
  $ ./ssht 8080:
  $ ./ssht 8018::8123
  $ ./ssht 5901::5900  [Use the address localhost:5901 for secure VNC connects using OS X's Screen Sharing or Chicken of the VNC (sudo port install cotvnc)]
  $ vi ./ssht
  #!/bin/sh
  # SSH tunnel to squid/whatever proxy: ssht [-p ssh_port] [localhost_port:][user_name@][ip_address][:remotehost][:remote_port]
  USERNAME_DEFAULT=username
  HOSTNAME_DEFAULT=domain.com
  SSHPORT_DEFAULT=22
  # SSH port forwarding specs, e.g. 8080:localhost:3128
  LOCALHOSTPORT_DEFAULT=8080      # Default is http proxy 8080
  REMOTEHOST_DEFAULT=localhost    # Default is localhost
  REMOTEPORT_DEFAULT=3128         # Default is Squid port
  # Parse ssh port and tunnel details if specified
  SSHPORT=$SSHPORT_DEFAULT
  TUNNEL_DETAILS=$LOCALHOSTPORT_DEFAULT:$USERNAME_DEFAULT@$HOSTNAME_DEFAULT:$REMOT EHOST_DEFAULT:$REMOTEPORT_DEFAULT
  while [ "$1" != "" ]
  do
    case $1
    in
      -p) shift;                  # -p option
          SSHPORT=$1;
          shift;;
       *) TUNNEL_DETAILS=$1;      # 1st argument option
          shift;;
    esac
  done
  # Get local and remote ports, username, and hostname from the command line argument: localhost_port:user_name@ip_address:remote_host:remote_port
  shopt -s extglob                        # needed for +(pattern) syntax; man sh
  LOCALHOSTPORT=$LOCALHOSTPORT_DEFAULT
  USERNAME=$USERNAME_DEFAULT
  HOSTNAME=$HOSTNAME_DEFAULT
  REMOTEHOST=$REMOTEHOST_DEFAULT
  REMOTEPORT=$REMOTEPORT_DEFAULT
  # LOCALHOSTPORT
  CDR=${TUNNEL_DETAILS#+([0-9]):}         # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      LOCALHOSTPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEPORT
  CDR=${TUNNEL_DETAILS%:+([0-9])}         # delete shortest trailing :+([0-9])
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEPORT=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # REMOTEHOST
  CDR=${TUNNEL_DETAILS%:*}                # delete shortest trailing :*
  CAR=${TUNNEL_DETAILS##$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR#:}                            # delete :
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      REMOTEHOST=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # USERNAME
  CDR=${TUNNEL_DETAILS#*@}                # delete shortest leading +([0-9]):
  CAR=${TUNNEL_DETAILS%%$CDR}             # cut this string from TUNNEL_DETAILS
  CAR=${CAR%@}                            # delete @
  if [ "$CAR" != "" ]                     # leading or trailing port specified
  then
      USERNAME=$CAR
  fi
  TUNNEL_DETAILS=$CDR
  # HOSTNAME
  HOSTNAME=$TUNNEL_DETAILS
  if [ "$HOSTNAME" == "" ]                # no hostname given
  then
      HOSTNAME=$HOSTNAME_DEFAULT
  fi
  ssh -p $SSHPORT -L $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT -l $USERNAME $HOSTNAME -f -C -q -N \
      && echo "SSH tunnel established via $LOCALHOSTPORT:$REMOTEHOST:$REMOTEPORT\n\tto $USERNAME@$HOSTNAME:$SSHPORT." \
      || echo "SSH tunnel FAIL."

• ICloud emails sent from apple mail or iPhone 3gs never arrives, works fine when sent from iCloud website

  The ony place I have been able to send and receive email since the launch of iCloud has been the icloud website. I wasn't able to send email from my iphone 3gs or apple mail at all until today, now it finally appears to let me send email but it never arrives to its destination.
  I can send an email from the icloud website without issue, and email sent from my icloud account using my iphone 3gs and apple mail seems to send fine and without error but who knows where it goes.
  Has anyone else experienced this issue?
  Thanks!
  Charles

  I figured out how to fix it... if anyone else has this problem, go to Outlook > Preferences > Accounts > select the IMAP account > Advanced > Folders and for "Store Sent Messages in this Folder:" select "Sent Messages (Server)."