David Sirr's ...stuff

When i went searching for info on generating CSRs (certificate signing requests) to get an SSL cert to use in apache+openSSL i was met with a sea of confusion, i think mostly surrounding the fact there wasn't a pre-compiled offical win32 binary of apache installer with openSSL baked in, requiring a lot of manual fudging. After a bit of research the process is now really quite trivial: Download the apache 2.2.9 with openSSL (mod_ssl) from apache Now the regular command you'd use to generate a non-passphrase private key and CSR will not work the same in windows as it's looking for a config in a unix path /usr/ so you need to specify the full path to the openssl.cnf file (found in the apache conf dir) Open up a cmd window and cd to your apache bin folder then enter the following (changing the url and company details):

openssl req -new -nodes -keyout www_mysite_com_au.key -out www_mysite_com_au.csr -subj "/C=AU/ST=New South Wales/L=Sydney/O=My Company/OU=IT/CN=www.mysite.com.au" -config "C:/Program Files/Apache Software Foundation/Apache2.2/conf/openssl.cnf"

This should leave two new files www_mysite_com_au.key and www_mysite_com_au.csr which you copy to your conf folder for referencing in your ssl configs as noted in the docs and ssl sample conf To get your key signed, go to a certificate issuer and cut and paste the contents of the .csr file Too easy!

Creating the new coldFusion instance

• login to the main coldfusion administrator (e.g. http://localhost/cfide/administrator)
• go to enterprise manager / instance manager
• select 'add new instance'
• enter a server name (e.g. 'newcfusion')
• leave server directory as default (/Applications/JRun4/servers)
• leave create from EAR/WAR blank
• submit form and wait for everything to finish
• the link you are provided to continue will probably be broken so ignore and click on 'instance manager' again
• open the /Applications/JRun4/ColdFusionLauncher.app and select your instance and click start if it is not running already
• click the button next to your instance name to launch the adminstrator and configure your instance (e.g.http://localhost:8301/cfide/administrator)

Hooking the new instance into a specific apache website

For and apache website to talk to a specific jrun (CF) instance you need to bind an apache virtual host to a jrun proxyport for your coldfusion instance

• make sure the admin jrun instance is started
• browse to http://localhost:8000 and login with admin and the administrator password you gave when installing coldfusion
• click the new instance from the left nav, and click services
• you then need to note down the proxyPort (e.g. 51000) and click the green play button to start the proxyService
• open up the httpd.conf or the apache vhost site config file and inside your <virtualHost> add:

<ifModule mod_jrun22.c>
# override the default bootstrap in the httpd.conf to bind to my new coldfusion instance
JRunConfig Bootstrap 127.0.0.1:51000
</ifModule>

• restart apache after the cfinstance is running and it should now be using the new instance

Autostarting your new instance at system boot

You need to use a program like smultron to edit the file ColdFusion8Multi in /Library/StartupItems/ColdFusion8Multi and add: su $RUNTIME_USER -c "$CF_DIR/bin/jrun -stop newcfusion" under the line su $RUNTIME_USER -c "$CF_DIR/bin/jrun -stop cfusion" in the if block, and also outside the if block: su $RUNTIME_USER -c "$CF_DIR/bin/jrun -start newcfusion >& $CF_DIR/logs/newcfusion-event.log &" basically the same lines already present in ColdFusion8Multi but replace cfusion with your instance name, also make sure the log file has write permission!

This being my first attempt at setting up a leopard webserver i was getting a tad frustrated with apache and the SSL setup for one of the websites. Everytime I dropped in the site's config the server wouldn't start, giving a bad passphrase error in the console. Not being able to find an option for this in my SSL config I was going around in circles and getting scared that this would be a show-stopper for our new server, especially after reading so many forum posts saying that SSL in leopard was a nightmare requiring custom builds of apache and openSSL etc... Salvation was found in the Server Admin tool... despite the fact that once you start manually editing the virtual host site files the lovely web config panel ceases to recognise any of your sites, there is a quite useful 'Certificates' button when you select the root node of your server. I had already copied all the related cert files from the 10.4 server to /private/etc/certificates, so it was then a simple matter of choosing the import certificate option and figuring out which files to put in what box. My files ended up being:

• certificate file (*.crt)
• private key file (*.key)
• certificate authority file (*.chcrt)
• private key passphrase (this was the thing that instantly fixed it for apache)

From here it worked like a dream! I hope this will save similar worry to some of you out there...

I've just added a new section in the pages area of the blog with detail of my open source projects that will be kept up to date. So far i've only put up CFGrowl project, but more to come!

When you're the author of second-life. I've recently had to write an application  for work to manage registrations to a private island in second-life. It worked fantastically in development and interfaced  second-life's beta registration API. The problem is that when we launched it we had reports from users that it was throwing errors for hours at a time and would come back randomly, always with the same malformed response error. This is a reasonably high profile project in the education arena with many schools from all over the world participating and second-life staff were involved in the inception phase. So when we logged a support ticket to plead for assistance their staff closed it immediately with, "this is known beta product and we do not support it". Nice response guys! Examination of their API wiki shows it's been in beta for well over 2 years!! As a developer how do they expect us to even bother looking at their platform as being viable when there is no support and no endpoint in sight. A highly disappointingly experience all round...