My Favorite OSX Utilities

OSX is a capable operating system out of the box, but there are a few tools that I like to add to every new system I get.  I’ve been asked for the list a few times, so in no particular order,  here goes:

Keka is a free file archiver for Mac OS X. The main compression core is p7zip (7-zip port). Compression formats supported: 7z, Zip, Tar, Gzip, Bzip2, DMG, ISO.  Extraction formats supported: RAR, 7z, Lzma, Zip, Tar, Gzip, Bzip2, ISO, EXE, CAB, PAX, ACE (PPC).

Chicken of the VNC
Chicken is a VNC client for Mac OS X. A VNC client allows remote access to another computer over the network. Chicken is based on Chicken of the VNC.

Remote Desktop (RDP) software that saves sessions and preferences.  A must have if you’re using Terminal Services/RDP.

Airconsole Driver
The Airconsole is device that provides bluetooth & wifi access to serial devices (no more serial to USB).  This driver maps the wireless port to a local serial port that your terminal programs can reference.

A fine note taking program with cloud sync, ability to import for physical notes and a nice web-clipping tool to import sections of content.

Scans target folders/drives for duplicate files and folders.

LimeChat is an IRC client for Mac OS X

Wireless discovery tool that will show networks & devices discovered (and signal strength) on Wifi and Bluetooth. 

Text Wrangler
TextWrangler is a very capable text editor. 

VMWare Fusion
Virtualize all the things.  Virtualbox and Parellels also work well here, but VMWare remains my preference for compatibility and functionality.

A damn fine console program, albeit a little pricey at around $100 per user.

Console into things for free if SecureCRT isn’t in the budget.

Zenmap is the official Nmap Security Scanner GUI. It is a multi-platform (Linux, Windows, Mac OS X, BSD, etc.)

Password Management.

Vienna is an RSS/ATOM reader for OSX.

HandBrake is a tool for converting video from nearly any format to a selection of modern, widely supported codecs.

The gold standard for packet analysis.  Don’t forget to update X11 as well.

A Linux command to continuously execute a program and monitor output.

Did I miss anything?  Let me know!


Posted in OSX

Create A Windows Certificate Signing Request Without IIS

Before we can install a certificate, a certificate signing request (CSR) must be generated and sent to the certificate authority (CA).  The CSR should be generated from the device that will install the certificate, as the private key will need to match.  Microsoft has simple instructions to create a CSR when IIS is installed, but what if we want to implement SSL over LDAP?  or SQL? IIS is not always available to generate the CSR.

Microsoft has a command line utility called certreq.exe to help us out.  From the technet article:

“Certreq can be used to request certificates from a certification authority (CA), to retrieve a response to a previous request from a CA, to create a new request from an .inf file, to accept and install a response to a request, to construct a cross-certification or qualified subordination request from an existing CA certificate or request, and to sign a cross-certification or qualified subordination request.”

Certreq is installed by default on: Vista, Windows 7, 8, Server 2008, and Server 2012.  The syntax has changed a little between versions, but it essentially takes an action and an inf file as parameters.  The inf file contains information that will appear in the certificate, so we want to populate it carefully.

We are going to focus on generating a new CSR, using the command:

certreq -new myrequest.inf mycsr.req

If you are exceptionally lazy, you can omit the filenames and certreq will open a file open dialog box and a file save dialog box for your lackadaisical self.

Here is the contents of the myrequest.inf file:

;—————– myrequest.inf —————–


Signature=”$Windows NT$


Subject = “, E=[email protected],, L=SLC, S=Utah, C=US” ; replace with your FQDN
KeySpec = 1
KeyLength = 2048
; Can be 1024, 2048, 4096, 8192, or 16384.
; Larger key sizes are more secure, but have
; a greater impact on performance.
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = “Microsoft RSA SChannel Cryptographic Provider”
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0


OID= ; this is for Server Authentication


Please populate the subject field with your device/server specific information.  Make sure the FQDN matches the hostname that your users are going to use to connect to your encrypted service.  Here is the template:

Subject = “CN=FQDN, OU=Organizational_Unit_Name, O=Organization_Name, L=City_Name, S=State_Name, C=Country_Name

The output of the tool will be the CSR that you submit to your certificate authority.  Similar to this:


Posted in Operating Systems