Software is Preventing Firefox From Safely Connecting to this Site
KB ID 0001727 Problem I was setting up some HTTPS/SSL inspection this week and while testing it, I ran into this problem; Firefox Certificate Settings So the machine I’m using DOES trust the CA that issued that certificate, (it’s a FortiGate firewall) But the BROWSER does not. (Firefox maintains its own list of certificates, and more importantly which CA certificates it will trust). Essentially the browser is trying to...
AnyConnect ‘Management VPN Tunnel’ Configuration
KB ID 0001503 Problem With the newest version of AnyConnect (4.7) there’s an added feature called ‘Management VPN’. It’s there, so that if you have remote users who don’t VPN in very often, then you may struggle to mange them, e.g. put software updates, AV updates, SCCM packages etc. down to them. Before version 4.7 you could configure ‘Automatically Connect’, or ‘Start before...
VMware ESXi6 – Replacing the Default Certificates
KB ID 0001195 Problem This is pretty much part two of the last article I wrote, so make sure you have the vCenter CA setup as a Sub CA of your Microsoft Certificate Services Deployment. See the following article; vSphere 6 vCenter Appliance – Replacing Certificates Now we take the next step, and replace the certificates on the ESXi hosts. Solution Note: Joining the ESXi Hosts to the domain is not essential, it just makes things a...
Event ID 53 – ‘The public key does not meet the minimum size required by the specified certificate template’
KB ID 0000967 Problem I’ve been doing a lot of PKI work over the last few days, testing device enrollment and NDES etc, and came across this problem being logged on my issuing/subordinate CA server; Log Name: Application Source: Microsoft-Windows-CertificationAuthority Event ID: 53 Task Category: None Level: Warning Keywords: User: SYSTEM Description: Active Directory Certificate Services denied request 35 because The public...
NDES – Fails to Issue Certificates (Signature Algorithm)
KB ID 0001021 Problem I was trying to enroll some ASA firewalls to NDES to get some certificates. Each time the process failed with the following error. % Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0 That’s a pretty generic error, and does not give me a lot to go on. So I thought I would try from another network device, (a Cisco Catalyst switch). It’s a little easier to...