Digital Certificates Explained
Jan04

Digital Certificates Explained

Digital Certificates Explained KB ID 0001846 Problem From setting up PKI environments, to migrating them, and a myriad of errors and problems in between, we have a lot of content on PNL referring to digital certificates and PKI. I’ve dealt with these technologies a lot over the past 20+ years and I’m always surprised how frightened of digital certificates people are. So in the space of a few minutes I’ll try and give...

Read More
FortiGate Certificate Import Errors
Jun27

FortiGate Certificate Import Errors

FortiGate Certificate KB ID 0001791 Problem A colleague messaged me last week because he could not import a certificate on a FortiGate (that had been exported from a Cisco ASA). He was seeing this error; Incorrect certificate file format for CA/LOCAL/CRL/REMOTE cert. FortiGate Certificate Problems A brief Google led me to ask “Is the FortGate licensed or on a Free/Trial license?” As that can produce this error...

Read More
ADFS: Changing the Certificate
Jan06

ADFS: Changing the Certificate

KB ID 0001634 Problem I needed to change the certificate used by an ADFS server today. I’d used a temporary self signed wildcard cert to get me up and running now I needed to replace it with a new publicly signed one. I found a number of ways of doing this INCORRECTLY, so hopefully I will save you making the same mistakes! Solution Firstly you need to import your certificate, here from a PFX file, (if you want a PFX file import...

Read More
Linux (CentOS 7) Generating CSR (Certificate Signing Requests)
Jun21

Linux (CentOS 7) Generating CSR (Certificate Signing Requests)

KB ID 0001206  Problem If you want to use digital certificates on your CentOS server, then you will need to generate a CSR. It does not matter if you want to purchase a publicly signed certificate, or even if you are going to sign your own. Below is how to generate a CSR for a single web host. Note: Most cert vendors now require a minimum key length of 2048 so thats what I’m going to use. And I’m assuming you have openSSL...

Read More
Active Directory Federation Services – Certificate Error ‘CNG Key’
Jan12

Active Directory Federation Services – Certificate Error ‘CNG Key’

KB ID 0001129 Problem When installing the Active Directory Federation Services Role, you need to supply a certificate. I was running this up using a self signed wildcard certificate when this happened; The certificate with the specified thumbprint {thumbprint} has a Cryptographic Next Generation (CNG) private key. The certificates with the CNG private key are not supported. Use a certificate based on a key pair generated by a legacy...

Read More