Chapter 5. Securing Power Manager

Table of Contents

Using Your Own SSL Certificates
Keychain and Your SSL Certificate
Self-Signed Certificates

Using Your Own SSL Certificates

Power Manager supports secure communications through the industry standard Secure Sockets Layer (SSL) protocol. Both third party and self-signed certificates are supported.

SSL provides a combination of authentication and encryption for your Power Manager network traffic. SSL is used to confirm the network connection is established with the computer you expect, and that the traffic between you and the destination is private.

SSL is used for all connections and can not be disabled. If no certificate is provided, Power Manager creates a self-signed certificate. Self-signed certificates ensure connections are secure, but can not be used for authentication purposes.

Keychain and Your SSL Certificate

Power Manager accesses SSL certificates and passwords through Mac OS X's Keychain framework.

Self-Signed Certificates

Power Manager will automatically create a suitable self-signed certificate. Self-signed certificates provide encryption but not authentication. For most environments, this is acceptable. Self-signed certificates are free and can be created using the tools included on your Mac.

The following guide is provided to help explain how you can create your own self-signed certificate embedded in a Keychain suitable for use with Power Manager. This process can be adapted to embed authenticated certificates - those signed by a third party Certificate Authority (CA) - in a Keychain.

[Note] Why certtool?

There are many ways to create a Keychain containing a certificate, private key, and identity on Mac OS X. We have chosen to use certtool in this guide because certtool is included with Mac OS X and reasonably straight forward.

Other tools such as OpenSSL and Certificate Assistant can be used to create your certificate.

Procedure 5.1. Creating a Self-Signed SSL Certificate

  1. Launch Terminal.Applications/Utilities/Terminal.app

  2. Enter the certtool command in Example 5.1, “certtool command to create a certificate and Keychain.”.

    Example 5.1. certtool command to create a certificate and Keychain.

    bash% certtool c c p=pm k=/Users/Shared/Default.keychain

    certtool command to create self-signed certificate in a new Keychain at /Users/Shared/Default.keychain. The Keychain will have the password pm.


    Walk through certtool's questions answering appropriately for your organisation. A sample session is covered in Example 5.2, “Sample certtool session: key pair.”, Example 5.3, “Sample certtool session: Relative Distinguished Name.”, and Example 5.4, “Sample certtool session: Confirmation.”.

    Example 5.2. Sample certtool session: key pair.

    Enter key and certificate label: My Power Manager Certificate

Please specify parameters for the key pair you will generate.

  r  RSA
  d  DSA
  f  FEE
  e  ECDSA

Select key algorithm by letter: r

Valid key sizes for RSA are 512..2048; default is 512
Enter key size in bits or CR for default: 

You have selected algorithm RSA, key size 512 bits.
OK (y/anything)? y

Enter cert/key usage (s=signing, b=signing AND encrypting, d(derive AND sign): b
...Generating key pair...

Please specify the algorithm with which your certificate will be signed.

  5  RSA with MD5
  s  RSA with SHA1

Select signature algorithm by letter: s

You have selected algorithm RSA with SHA1.
OK (y/anything)? y

    Example 5.3. Sample certtool session: Relative Distinguished Name.

    You will now specify the various components of the certificate's
Relative Distinguished Name (RDN). An RDN has a number of 
components, all of which are optional, but at least one of 
which must be present. 

Note that if you are creating a certificate for use in an 
SSL/TLS server, the Common Name component of the RDN must match
exactly the host name of the server. This must not be an IP
address, but the actual domain name, e.g. www.apple.com.

Entering a CR for a given RDN component results in no value for
that component.

Common Name       (e.g, www.apple.com) : localhost
Country           (e.g, US) : US
Organization      (e.g, Apple Computer, Inc.) : Your Organisation
Organization Unit (e.g, Apple Data Security) : Your Department
State/Province    (e.g, California) : Your State
Email Address     (e.g, johngalt@rand.com) : support@example.com

    Example 5.4. Sample certtool session: Confirmation.

      Common Name       : localhost
  Country           : US
  Organization      : Your Organisation
  Organization Unit : Your Department
  State/Province    : Your State
  Email Address     : support@example.com
Is this OK (y/anything)? y
..cert stored in Keychain.

  3. The new Keychain containing the certificate must now be moved to /Library/Application Support/Power Manager/Keychains/Default.keychain.

    Enter the command in Example 5.5, “Moving the Keychain into place.”.

    Example 5.5. Moving the Keychain into place.

    bash% sudo mv /Users/Shared/Default.keychain "/Library/Application Support/Power Manager/Keychains/Default.keychain"

    mv the certificate Keychain into Power Manager's Application Support folder.


  4. Power Manager will start using your new certificate Keychain after the next restart; alternatively you can use the command sudo killall pmd to immediately relaunch Power Manager.

Prev     
Chapter 4. Removing  Home  

About Power Manager

Power Manager is a complete energy saving and automation solution for Mac OS X. This guide, Power Manager: Administrator, is part of DssW Power Manager.

With Power Manager, you will save time, energy, and money.

Power Manager Guides >
Power Manager: Administrator >
Securing Power Manager

Use and Privacy Policies - support@dssw.co.uk - http://www.dssw.co.uk

Dragon Systems Software Limited, 3rd Floor Suite, 41-43 Broad Street, Hereford, HR4 9AR, United Kingdom

Copyright © 1997 – 2011 Dragon Systems Software Limited (DssW). All rights reserved.