SSL_ERROR_UNSUPPORTED_VERSION

SSL_ERROR_UNSUPPORTED_VERSION KB ID 0001856

Problem

I get it, older versions of TLS and SSL are insecure and we should not be using them. However I needed to get on an HPE Server iLO management interface last week and I

was met with this.

Firefox Error: SSL_ERROR_UNSUPPORTED_VERSION
Microsoft Edge, Chrome, and Opera Error: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Microsoft Internet Explorer Error:
This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner. Your TLS security settings aren’t set to the defaults, which could also be causing this error.

Firefox Solution : SSL_ERROR_UNSUPPORTED_VERSION

I advise you just do this to get to the page you need to and set it back afterwards. In your browser windows enter about:config, Type TLS into the search bar and locate security.tls.version.min and change its value to 1, Then tick to save.

And now, I can get to where I want to go.

IE Solution : SSL_ERROR_UNSUPPORTED_VERSION

Yeah, I know Internet Explorer is supposed to be dead, but it’s still there and you can utilise it to solve this problem, from your internet options in IE > Advanced  > you can then enable TLS 1.1. and 1.2.

You will still get a warning but now you can click past it.

Related Articles, References, Credits, or External Links

ERR_CERT_WEAK_SIGNATURE_ALGORITHM

ERR_CERT_COMMON_NAME_INVALID

 

Fortigate Blank Web Page?

KB ID 0001713

Problem

I’ve been trying to deploy a Fortigate into EVE-NG (article to follow) this week. I could get the appliance running fine but when I tried to access the web management console all I got was the following.

Note: I have a couple of management VMs in EVE-G (Windows 7 and Server 2012), they had a mixture of IE, Chrome and Firefox on them but still I could not get in?

Solution

All forums yielded no more info other than ‘Check you have allowed access for http“. But as you can see (above) for Fortinet Logo is on the windows I was hitting the firewall and http was allowed? (Also the http daemon was running inside the appliance.

Just for fun I connected the outside interface to my test network, allowed http, and tried from there, it worked perfectly? So I deployed another Fortigate and connected the ‘inside’ interface to my test network, again it worked fine? At this point it was becoming obvious that my management machines browsers were probably the problem. Is I deployed a new Kali Linux VM fired up Firefox and;

That took a LOT longer than it needed to!

Related Articles, References, Credits, or External Links

NA

 

Microsoft Edge (macOS) Migrate Bookmarks from Safari

KB ID 0001641

Problem

So now theres a version of Microsoft Edge for macOS! Normally I would not bother, but I spend a lot of time in SharePoint and Azure so I thought, rather than my usual approach of playing ‘Browser Roulette’ I’d try Microsoft Edge and see what it was like.

My usual browser of choice is Safari, but the install wizard defaults to wanting to import bookmarks / favourites* from Chrome. (I do also have Chrome, but I don’t use it often!)

*Note: Wow! Microsoft have spelled Favourites correctly for once!

So how to get my Safari Bookmarks?

Solution

Firstly Edge needs full disk access to get the bookmarks > Apple Logo > System Preferences > Security & Privacy > Privacy > Full Disk Access > ‘UNLOCK’ > Tick Microsoft edge.

Launch Edge > {ellipses} > Settings > Import Browser Data > Select ‘Safari’ > Import.

So now they are there, but they look like a ‘bag of spanners’ all my neat folders have been moved into another folder called ‘Imported from Safari”.

From ‘Manage Favourites’, you can drag everything to where you want it.

Related Articles, References, Credits, or External Links

NA

Chrome Browser – Show Sites SSL / HTTPS Certificate?

KB ID 0001300 

Problem

I used to use Chrome all the time back in the dark ages before I saw the light and bought a mac. Since then I’ve persevered with Safari and never felt the need to go back.

This afternoon someone in the office asked, ‘How do you see site certificates in Chrome?’ Which I thought was a little odd as it’s easy to do in IE, Firefox, and Safari. So I jumped on a remote machine for a look. Sure enough it’s well hidden?

Solution

With the site loaded  > {Three Dots} or Ellipses  > More Tools > Developer Tools.

Security Tab (might be hidden, use the ‘more’ arrows) > View Certificate.

Related Articles, References, Credits, or External Links

NA

Deploying Applications with VMware ThinApp

KB ID 0000612

Problem

ThinApp is an “Odd” VMware product, insofar as it’s got nothing to do with virtual machines or virtual technology. It’s a product that turns applications into “Stand alone” thin applications, that can be sent to a user and ran without the need for that user to have administrative access, or the need to install anything.

ThinApp was a product called Thinstall that VMware purchased and “re-badged”, you get a free copy with VMware View 5 (Premier Edition). And it ships with a copy of VMware workstation. (Not because it needs a copy, but VMware recommends you use a clean virtual machine to create your ThinApps on).

If you’ve ever used sysdiff in the past or Novell Zenworks for Desktops, you will be familiar with the process, take a ‘scan’ of a clean machine, then install application(s), then carry out another ‘scan’. The software then works out the ‘difference’ and uses that information to build a software package.

In the example below I’m going to create a stand alone version of Google Chrome, that is pre configured, and has Java already installed, and finally deploy that as a single executable file.

Solution

1. It’s recommended that you create your ThinApp on the oldest operating system that it might be deployed on, so here I’m creating a virtual machine in VMware workstation that’s running Windows XP.

2. When built remove any hardware that will not be needed, like the floppy drive, and the USB Controller (Edit > Settings).

3. Installing ThinApp is pretty straightforward, simply run the executable and follow the on screen prompts the only thing to note is; when you enter your licence key, be aware the name you enter will display on the “splash screen” as your ThinApp loads (as shown).

4. Once your reference machine is setup, take a snapshot of it, so you can roll back to this point to create further ThinApps on this clean machine (VM > Snapshot > Take Snapshot).

5. Run the ThinApp Setup Capture > Next > Prescan > This will take a few minutes > When finished simply minimise the window you are finished with it for now. Note: Don’t worry if the application you are installing requires a reboot, ThinApp is clever enough to cope with that.

6. Now install and configure the application you require, in this case Google Chrome. I’m also installing Java, and setting the default homepage to the Google search page.

7. When the application is installed to your liking, maximise (or open the capture if you’ve rebooted) and select ‘Postscan’ > OK.

Note: Before running Postscan make sure you delete any installer files downloaded, any icons from the desktop you do not want deployed in the ThinApp, and empty the recycle bin (you don’t want all that stuff captured, when creating your ThinApp).

8. Make sure only the executable you require is ticked as an entry point > Next > At the Horizon App Manage Page > Next.

9. In a domain environment you can restrict ThinApp access to particular users or groups > Next.

10. Set the isolation mode as required, for most cases it will be ‘Full’ > Next.

11. Select the option to store the sandbox in the user profile > Next > Select whether you want to provide statistics to VMware > Next.

12. You will see this screen ONLY of you are capturing a browser. This is used if you have a particular website that will only run in IE6, or Firefox etc. So that only when URL’s enters listed here are accessed (either directly or from a hyper link) the ThinApp browser will open them, all other URL’s will be opened by the default browser. It’s a cool feature but not one I’m using > Next.

13. Give your ThinApp a name > Next.

14. I’m choosing the option to embed everything into my executable, selecting this may cause a warning about icons, but I ignored and deployed with no problems > Save.

Note: You can use this page to create an MSI file to deploy via group policy if you wish.

15. After ThinApp generates the files it needs > Build.

16. Finish

17. Heres my ThinApp executable file.

18. To test I’ve copied it to a Windows 7 machine.

19. While it’s loading this is what you will see.

20. And here is my ThinApp version of Google Chrome running and pre configured.

Related Articles, References, Credits, or External Links

NA

Creating and Deploying USB Portable Applications with VMware ThinApp

KB ID 0000616 

Problem

The last time I wrote about deploying applications with ThinApp, it was geared towards getting standalone applications onto client PC’s for non admins to run, or putting them in a network share. But if you have a portable application the advantage is you can run it from portable media (Like a USB drive).

Like before I’ll convert Google Chrome to a ThinApp, but the difference is I will set the applications ‘sandbox’ to live in the same location (on the USB). Then I’ll try it out on a different machine.

Solution

1.  It’s recommended that you create your ThinApp on the oldest operating system that it might be deployed on, so here I’m creating a virtual machine in VMware workstation that’s running Windows XP.

2.  When built remove any hardware that will not be needed, like the floppy drive, and the USB Controller (Edit > Settings).

3. Installing ThinApp is pretty straightforward, simply run the executable and follow the on screen prompts the only thing to note is; when you enter your licence key, be aware that the name you enter will display on the “splash screen” as your ThinApp loads.

4. Once your reference machine is setup, take a snapshot of it, so you can roll back to this point to create further ThinApps on this clean machine (VM > Snapshot > Take Snapshot).

5. Run the ThinApp Setup Capture > Next.

6. Prescan > This will take a few minutes > When finished simply minimise the window you are finished with it for now. Note: Don’t worry if the application you are installing requires a reboot, ThinApp is clever enough to cope with that.

7. Now install and configure the application you require, in this case Google Chrome. I’m also installing Java, and setting the default homepage to the Google search page.

8. When the application is installed to your liking, maximise (or open the capture if you’ve rebooted) and select ‘Postscan’ > OK.

Note: Before running Postscan make sure you delete any installer files downloaded, any icons from the desktop you do not want deployed in the ThinApp, and empty the recycle bin (you don’t want all that stuff captured, when creating your ThinApp).

9. Make sure only the executable you require is ticked as an entry point > Next.

10. At the Horizon App Manage Page > Next.

11. In a domain environment you can restrict ThinApp access to particular users or groups > Next.

12. Set the isolation mode as required, for most cases it will be ‘Full’ > Next.

13. As you are storing the App on USB I’d suggest (though you don’t have to) set the application to save its sandbox in the same directory.

14. Select whether you want to provide statistics to VMware > Next.

15. You will see this screen ONLY if you are capturing a browser. This is used if you have a particular website that will only run in IE6, or Firefox etc. So that only when URL’s entered, listed here, are accessed (either directly or from a hyper link) the ThinApp browser will open them, all other URL’s will be opened by the default browser. It’s a cool feature but not one I’m using > Next.

16. Give your ThinApp a name > Next.

17. I’m choosing the option to embed everything into my executable, selecting this may cause a warning about icons, but I ignored and deployed with no problems > Save.

18. After ThinApp generates the files it needs > Build.

19. Finish.

20. Heres my ThinApp executable file.

21. Which I’ve copied to my USB Drive.

22. So when use the drive in another machine.

23. You can simply run the executable.

24. While the app loads it will show a splash screen like this.

25. And should load pre-configured.

 

Related Articles, References, Credits, or External Links

NA

vSphere Web Client – Options Greyed Out (Cannot install Client Integration Plug-in)

KB ID 0001064

Problem

While working on the vSphere Web Client in Google Chrome, I was unable to ‘Open Console’, the option was on the right click menu, but disappeared and was then greyed out after a second or so.

Essentially this happens because the plug-in has either not been installed, (from the login page) or a pop-up blocker is stopping the plug-in working.

Solution

1. With Chrome there’s an extra hoop to jump though, the plug-in uses NPAPI, and Chrome disabled that beginning with version 42. To enable it open a new tab and navigate to;

[box]chrome://flags/#enable-npapi[/box]

In the NPAPI section select ‘Enable’.

2. Click ‘Relaunch Now’.

3. At this point you will be able to install the Client Integration Plug-in.

4. Now you need to make sure the plug-in will run, click the plug-in warning and select ‘Always allow plug-ins on localhost’, refresh the page.

5. You can now tick the box to login with Windows session authentication.

6. The first time you try and launch something the pop-up blocker will suppress it you will need to disable the pop-up blocker for this site.

7. The vSphere Web Client should now perform correctly in Google Chrome.

 

Related Articles, References, Credits, or External Links

NA

Ubuntu – Installing Java

KB ID 0000395 

Problem

Did you know you can install Java and Flash with the Ubuntu Restricted extras pack? click here

Im not a big fan of Java, In the past I’ve either had the wrong version, or it’s made something run like a dog, but I need it for the Cisco management stuff I need to do. (Guess what the next article is going to be 🙂 Like Adobe Flash, there seems to be a lot of different info out on the web about how to do this, so it took me a while to do something that was painfully easy in the end.

Solution

1. Click Applications > Ubuntu Software Centre > Type “java” in the search terms > Locate OpenJDK Java 6 Runtime.

2. Hit install.

3. You may be asked to authenticate, do so. My netbook is a little slow so at this point it appeared to hand for a while (Go and have a brew! It will be finished by the time you come back.

 

Related Articles, References, Credits, or External Links

Also See Ubuntu (Chrome) Installing Adobe Flash

Cisco ASDM – Accessing with Ubuntu

KB ID 0000396 Dtd 11/02/11

Problem

Even though I prefer to use command line, there are times I need to manage Cisco firewalls from the ASDM. To do this from my Netbook running Ubuntu 10.10 it was not as straight forward as I was used to.

Solution

In my scenario I’m using Ubuntu 10.10 Desktop Edition, Chrome as my browser, and the ASDM is running version 6.3(1).

1. Before we start I’m assuming you know what the ASDM is and how to connect to to it and configure it for access. Also you will need Java Installed.

2. Connect to the web console of the firewall using its configured IP Address, Chrome by default will download the Java file (which I’ve written about before). Normally this is annoying, but here it’s a good thing, by default it will drop the file in your home folder in the downloads directory, for simplicity I moved it to the root of my home folder. Then open a terminal window (Applications > Accessories > Terminal), and execute the following command.

[box]javaws asdm.jnlp[/box]

3. After a little while, you will be prompted to accept the certificate (The self signed certificate on the server will not be trusted that’s OK).

4. After entering your password (User name will be blank, unless you have enabled AAA). the ASDM will open.

5. Thankfully, you only need to do this the first time you connect, the next time you try it will open the ASDM password prompt and run correctly.

 

Related Articles, References, Credits, or External Links

Cisco Serial – Accessing with Ubuntu

Google Chrome – Cannot play embedded .wmw or .mpg/.mpeg

KB ID 0000184 

Problem

I’m a big fan of Google Chrome, i’ts fast, and clean, and it does exactly what it says on the tin! I had noticed, I had a problem playing embedded video though.

As I use this format on PeteNetLive it was my only gripe, (well that and syncing bookmarks, but I cured that with Xmarks). Took me a bit of searching but I got it fixed in the end.

Solution

1. Download THIS (Yes I know it says Firefox – trust me!).

2. Close all your browser windows.

3. Run the file you downloaded above.

4. Now you can play embedded video.

 

Related Articles, References, Credits, or External Links

NA