Category: Certificate
Howto: Enable SAN Certificates on Internal CA
Today I faced a problem where I needed to deploy two certicates for some internal use. Like many times before I used our internal Certificate Authority and requested a Web Server certificat, however due to Chrome/Edge new security, the certicate rendered unsecure, as the Webserver didn’t managed to prove it was the owner of the certificate. The reason being that now a days we rely on the Subject Alternate Name in the certificate to alsoLearn More
Secure, your secure site.
Recently i received a message, stating that my secure site wasn’t so secure. At first i thought, that maybe my certificate had expired, fortunatly that wasn’t the case. The problem was, that running a webserver on an old Windows Server 2008 std edition, older protocols are used to serve HTTPS Among them is PCT 1.0, SSLv2 and v3 and older TLS versions. what does this mean and why aren’t they secure.Well as of july 2018,Learn More
Upgrade Cartificate Authority (ROOT CA) from SHA1 to SHA2 (SHA256)
Upgrade More text to come, comment for me to speed up 😀 Linux command for Centos 5 and Centos 7 Centos 7 if convert is needed (legacy) Kopier vores mycert.cer fil til Linux (/tmp) openssl x509 -inform der -in tv2b.cer -out tv2ca.pem (konverter den til pem) cp /tmp/tv2ca.pem /etc/pki/ca-trust/source/anchors/tv2ca.pem (kopier den ind i trustet anchors for Linux) update-ca-trust (If the certificate is in OpenSSL’s extended BEGIN TRUSTED CERTIFICATE format, place it in /etc/pki/ca-trust/source) Learn More
Setup L2TP VPN with ZyXEL USG series
If you are the owner of a ZyXEL USG series firewall, you might as well benefit the L2TP feature, which work seamlessly with Windows,iOS,Android and Linux without extra software needed and still being pretty secure. The caveat is however if you have a large envoirement and many clients that you can’t control, setup can be a cumbersome task, cause there is some manual steps involved. I’ll cover the firewall setup in this articel and someLearn More
Howto disable SSL 2.0 on a Windows Server 2008 or 2008 R2
There is a severe security breach in the old SSL 2.0, which enables people with bad intend to perform man-in-the-middel attacks among other. Fortunatly all newer Browsers and clients use SSL 3.0 or TLS 1.0 which avoids the use of SSL 2.0. But to make sure your servers dosn’t even present the opportunity of SSL 2.0 (or older protocols) you have to disable them on the servers manually (if you have many servers you couldLearn More
Unable to request certificate on Windows XP from your own CA (Certificate Authority)
If you’re installing a new Certificate Authority based on Windows Server 2008 or Windows Server 2008 R2 your might encounter a problem related where your computeres running Windows XP aren’t able to request nor auto-enroll a certificate from your CA. When you try to manually request the certificate you get an error saying: “Unable to complete the request”, “Cannot find the requested object.” Similar message can be found in the Eventviewer. If you look inLearn More