ADFS: Changing the Certificate
KB ID 0001634 Problem I needed to change the certificate used by an ADFS server today. I’d used a temporary self signed wildcard cert to get me up and running now I needed to replace it with a new publicly signed one. I found a number of ways of doing this INCORRECTLY, so hopefully I will save you making the same mistakes! Solution Firstly you need to import your certificate, here from a PFX file, (if you want a PFX file import...
Citrix NetScaler – ‘Certificate is not a server certificate’
KB ID 0001191 Problem While attempting to bind a certificate to a Virtual Server on my NetScaler this happened; Error Certificate is not a server certificate Solution Before you proceed, delete the problem certificate to avoid confusion! I had generated this certificate with Microsoft Certificate Services, and I had made a wildcard certificate like so; Certificate Services – Create a ‘Wildcard Certificate’ Remember if you use the...
Why Securing Your VPN Solution With Computer Certificates ‘Only’ Is A BAD Idea
KB ID 0001055 Problem After a large AnyConnect 4 roll-out, I had the following conversation with a client; Client: Can we change the way the clients authenticate? Me: Yes, no problem what do you need? Client: Well instead of user based certificate authentication, we want to use computer certificates only. Me: Really why? Client: So when we roll out a lot of imaged new machines we don’t need to get the users to log onto them and...
Migrate Exchange 2010 to Exchange 2016 (& 2013)
Part 3 Migrating Certificates and Decommissioning Exchange 2010 KB ID 0000816 Problem Continued from Migration From Exchange 2010 to Exchange 2016 Part 2 Solution Exchange 2013/2016 Migration Step 8 Migrating Certificates from 2010 to 2016 Only consider doing this if you have a purchased (i.e. NOT using a self signed) certificate on your Exchange 2010 server. Bear in mind if you have the internal FQDN of your Exchange 2010 server as a...