Linux SSH Key Login
Linux SSH Key KB ID 0001928 Problem Having a comms background, SSH connecting to something is a procedure I’m very familiar with. You SSH to something, it asks you for a username and password, and providing that they are correct, you’re connected. Also, because the client and server negotiate the encryption of the password, the information sent over SSH is protected from being sniffed or captured. Which is great until an...
Digital Certificates Explained
Digital Certificates Explained KB ID 0001846 Problem From setting up PKI environments, to migrating them, and a myriad of errors and problems in between, we have a lot of content on PNL referring to digital certificates and PKI. I’ve dealt with these technologies a lot over the past 20+ years and I’m always surprised how frightened of digital certificates people are. So in the space of a few minutes I’ll try and give...
FortiGate Certificate Import Errors
FortiGate Certificate KB ID 0001791 Problem A colleague messaged me last week because he could not import a certificate on a FortiGate (that had been exported from a Cisco ASA). He was seeing this error; Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert. FortiGate Certificate Problems A brief Google led me to ask “Is the FortGate licensed or on a Free/Trial license?” As that can produce this error...
ADFS: Changing the Certificate
KB ID 0001634 Problem I needed to change the certificate used by an ADFS server today. I’d used a temporary self signed wildcard cert to get me up and running now I needed to replace it with a new publicly signed one. I found a number of ways of doing this INCORRECTLY, so hopefully I will save you making the same mistakes! Solution Firstly you need to import your certificate, here from a PFX file, (if you want a PFX file import...
Linux (CentOS 7) Generating CSR (Certificate Signing Requests)
KB ID 0001206 Problem If you want to use digital certificates on your CentOS server, then you will need to generate a CSR. It does not matter if you want to purchase a publicly signed certificate, or even if you are going to sign your own. Below is how to generate a CSR for a single web host. Note: Most cert vendors now require a minimum key length of 2048 so thats what I’m going to use. And I’m assuming you have openSSL...