Written by #xxaxxelxxFebruary 21, 2023

test remote desktop certificates for expiration date

Written by #xxaxxelxxMarch 9, 2022March 9, 2022

Elasticsearch | updating certificates

New CA stuff: Import ca.crt into truststore: New Transport certs: New http cert: Tune elasticsearch.yml: xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.truststore.path: certs/elastic-stack-ca.p12 xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: certs/http.p12 CSR? NO CA? YES ONE CERT PER NODE? YES NODE NAME? CHECK elasticsearch.yml FOR node.name REPEAT FOR EACH NODE

Written by #xxaxxelxxMarch 10, 2020May 15, 2020

SAMBA CERT RENEWAL

ATTENTION: To avoid heart attacks don’t do /etc/init.d/samba restart afterwards. Always do pkill samba && /usr/sbin/samba https://serverfault.com/questions/873615/ssl-self-signed-certificate-error-on-samba-4 https://wiki.samba.org/index.php/Configuring_LDAP_over_SSL_(LDAPS)_on_a_Samba_AD_DC#Using_the_Samba_autogenerated_self-signed_certificate_.28default.29 Wie du ganz einfach eine Certificate Authority mit Linux-Boardmitteln erstellst Samba Active Directory Server

Written by #xxaxxelxxSeptember 4, 2017

Chrome || Cert import problem

Thank you: http://casualtechs.blogspot.de/2010/06/problem-when-trying-to-import.html Download and save the certificate. Open the Certificate Manager In the “Start Search” box, type “certmgr.msc” (no quotes). The certificate manager will open. Right click on “Trusted Publishers” from the folder list on the left. In the pop-up menu, choose “All Tasks” >> “Import..” Click the “Next” button Click the “Browse” button […]

Written by #xxaxxelxxMay 4, 2017June 6, 2017

Chrome // Windows // Accept all certs from localhost

chrome.exe –allow-insecure-localhost

Written by #xxaxxelxxJune 10, 2016

Postfix | TLS | main.cf settings

##### TLS settings ###### tls_ssl_options = NO_COMPRESSION tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA tls_random_source = dev:/dev/urandom ### outgoing connections ### #smtp_tls_security_level=encrypt smtp_tls_security_level=may smtp_tls_loglevel = 1 smtp_tls_cert_file=/etc/postfix/cert.pem smtp_tls_key_file=/etc/postfix/key.pem smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_mandatory_ciphers=high smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache ### incoming connections ### #smtpd_tls_security_level=encrypt smtpd_tls_security_level=may smtpd_tls_received_header = yes smtpd_tls_loglevel = 1 smtpd_tls_cert_file=/etc/postfix/cert.pem smtpd_tls_key_file=/etc/postfix/key.pem smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtpd_tls_mandatory_ciphers=high smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache

Written by #xxaxxelxxJune 10, 2016November 13, 2019

Postfix | TLS | self-signed server certificate

# umask 077; openssl genrsa -out “${mykey}” 4096) && openssl req -new -key “${mykey}” -x509 -subj “/CN=${myfqdn}” -days 3654 -out “${mycert}”

bytes and bones

stuff that matters

Tag: cert