Windows Certificate Services – Setup a CRL
Setup a CRL KB ID 0000957 Problem One of the often-overlooked tasks in a Public Key Infrastructure (PKI) deployment is configuring your Certificate Services Certificate Revocation List (CRL). For smaller deployments with only one server, you don’t need to worry about complex design considerations (though a CRL doesn’t have to be hosted on a Certificate Services server). In my test environment, I have only one PKI server,...
RSA SecurID Error – ‘106: The Web server is busy. Please try again later’
RSA SecurID Error KB ID 0000975 Problem Not the most descriptive of errors! In fact this has got nothing to do with the busyness of the web server at all. Solution : RSA SecurID Error What’s actually happening is the RSA agent on this machine (in this case a web server) cannot communicate with the RSA Authentication Manager. In my case the web server was in a DMZ, and the RSA Authentication Manager Appliance was in another DMZ....
Free Certificate for IIS with Let’s Encrypt
KB ID 0001736 Problem I’ve been aware of Let’s Encrypt for a while, they are a non profit Certification Authority, who will provide you with a free certificate, and you can use them for most things you want to secure with a digital certificate. The only reason I’ve never used them in the past is, their certificates have a short (3 month) lifespan, and I see enough things breaking when people forget to renew 12 month...
The Web Site for the CA Must be Configured to use HTTPS
KB ID 0000838 Problem When attempting to contact a server running the Certification Authority Web Enrolment role, you may see the following error. In order to complete certificate enrolment, the Web site for the CA must be configured to use HTTPS authentication Solution The correct fix is to set the web server (IIS) to serve the certificate website securely using https, though you can just set Internet explorer to ‘work’...
Load Balance IIS with Microsoft ARR
KB ID 0001573 Problem If you have a lot of IIS servers, and want to load balance between them, then you can either buy a load balancer, or use Microsoft ARR (Application Request Routing). Note: ARR does a lot more than simply load balancing, e.g. it can perform caching, and complex web routing, and even SSL offloading. Here we are just looking at load balancing. I’m going to deploy TWO ARR servers in my DMZ, here I’ve got...