Manualshelf

Specifications

ManualsBrandsApple ManualsComputer equipmentXserve Up Mac OS X Server
41424344454647484950
50 Chapter 3 Installing Server Software and Finishing Basic Setup
Using the serveradmin Tool
You use the serveradmin tool to administer service-related tasks. Some services must
be restarted after you change specific settings.
If you make a change using a services writeSettings tool that requires you to restart
the service, the output from the command includes the setting
<svc>:needsRecycleOrRestart with a value of yes.
Important: The needsRecycleOrRestart setting appears only if you use the
serveradmin
svc
:command = writeSettings command to change settings. You won’t
see it if you use the serveradmin settings command.
Other chapters in this guide provide information about using serveradmin to
administer specific services.
Notes on Communication Security and the servermgrd Tool
 When you run the serveradmin tool, you’re communicating with a local or remote
servermgrd process.
 By default, port 687, which allows cleartext connections with servermgrd, is disabled.
You can enable this port by changing the listenForRegularConnections parameter
or key to yes in the /Library/Preferences/com.apple.servermgrd.plist file.
 For encryption and client authentication, servermgrd uses SSL, but not for user
authentication. User authentication uses Open Directory services.
 servermgrd uses a self-signed (test) SSL certificate installed by default, located in
/etc/servermgrd/ssl.crt/. You can replace this with an actual certificate.
To create and manage certificates, use Certificate Manager in Server Admin. For more
information, see Mail Service Administration.
 The default certificate format for SSLeay/OpenSSL is PEM. PEM format can contain
private keys (RSA and DSA), public keys (RSA and DSA), and (x509) certificates. It
stores data in Base64-encoded DER format with ASCII header and footer lines, which
makes it suitable for text-made transfers between computers.
For some tools, you need the certificate in plain DER format. You can convert a PEM
file (cert.pem) into the corresponding DER file (cert.der) with the following
command:
$ openssl x509 -in cert.pem -out cert.der -outform DER