VMware – Replace the ESX Certificate
ESX Certificate KB ID 0000974 Problem ESXi comes with a self-signed certificate, and for most people that’s fine, but some clients want to have a ‘Trusted’ certificate on theirs, and have their own PKI infrastructure for issuing them. Below I will generate a new certificate for my ESXi server using the Active Directory Certificate Services role on Windows Server 2012. Then replace the self-signed certificate with my new...
Windows Server – Enable LDAPS
KB ID 0000962 Problem Note: Starting with Windows Server 2019, LDAPS (LDAP over SSL/TLS) is enabled by default, assuming a Server Authentication certificate is installed on the Domain Controller. Active Directory is built on LDAP, I’ve known this for a long time, but other than it’s a directory protocol that’s about all I did know. Like any directory, if you want information when you query the directory it returns a...
Google Chrome Browser – ‘Your connection is not private’
Connection is not private KB ID 0000992 Problem Just went to open a secure web page, and got this message. Solution : Connection is not private Turns out that this is the new default behaviour for Chrome when accessing https (secure web) sites. My Chrome bowser auto updates, and has updated to Version 37.0.2062.103 m. 1. Select Advanced > Proceed to {URL you are trying to access}. 2. The next time you visit THIS URL it will...
AnyConnect: Unauthorized Connection Mechanism
KB ID 0001699 Problem I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this; VPN Logon denied, unauthorised connection mechanism, contact your administrator Solution This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on? The reason why...
Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1
KB ID 0001675 What are these protocols? Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’....