VMware – Replace the ESX Certificate
ESX Certificate KB ID 0000974 Problem ESXi comes with a self-signed certificate, and for most people that’s fine, but some clients want to have a ‘Trusted’ certificate on theirs, and have their own PKI infrastructure for issuing them. Below I will generate a new certificate for my ESXi server using the Active Directory Certificate Services role on Windows Server 2012. Then replace the self-signed certificate with my new...
Google Chrome Browser – ‘Your connection is not private’
Connection is not private KB ID 0000992 Problem Just went to open a secure web page, and got this message. Solution : Connection is not private Turns out that this is the new default behaviour for Chrome when accessing https (secure web) sites. My Chrome bowser auto updates, and has updated to Version 37.0.2062.103 m. 1. Select Advanced > Proceed to {URL you are trying to access}. 2. The next time you visit THIS URL it will...
AnyConnect: Unauthorized Connection Mechanism
KB ID 0001699 Problem I was assisting a colleague to setup some AnyConnect for a client this afternoon, when all of a sudden I was met with this; VPN Logon denied, unauthorised connection mechanism, contact your administrator Solution This was a confusing one, I replicated the problem on my own test firewall. All I had done was change the AAA method from LOCAL to LDAP? It took me a while to figure out what was going on? The reason why...
Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1
KB ID 0001675 What are these protocols? Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’....
Duo: Migrate from LDAP to LDAPS
KB ID 0001647 Problem With the impending ‘turning off’ of cleartext LDAP queries to Windows Server, I wanted to make sure my new Duo deployments were already using LDAPS. I got LDAP deployed very quickly and easily, but making the ‘swap’ to LDAPS proved to be massively problematic. Normally I find Duo a pleasure to deploy, but their technical documentation just confused me for this and I went running up some...