I recently got a new Asus RT-N66U Dark Knight. One of my main reasons for selecting this router was its ability to run the DD-WRT custom firmware. DD-WRT offers a host of cool features, among these is the ability to do web based administration on the router’s WAN interface. Basically you can fire up your …
Category Archives: Security
Understanding X.509 digital certificate thumbprints
Introduction I got an interesting question about X.509 certificate thumbprints today from a colleague. Specifically, he wanted to know if you could renew a certificate and keep the thumbprint. The answer is no, unfortunately. So I thought I would explain why you can’t. Certificate storage The X.509 standard was first issued in 1988 and is …
Continue reading “Understanding X.509 digital certificate thumbprints”
Decoding some certificate enrollment client events
The Events Windows clients can request certificates on their own (autoenrollment) or with the help of a user. When enrolling for a certificate you may find this pair of events in your Application log: Source: Microsoft-Windows-CertificateServicesClient-CertEnroll Event ID: 64 Level: Information User: S-1-5-18 User Name: NT AUTHORITYSYSTEM Computer: <servername> Description: Certificate enrollment for Local system …
Continue reading “Decoding some certificate enrollment client events”
“A certificate cloud not be found that can be used with this Extensible Authentication Protocol” error in IAS
After issuing a new certificate for a Windows Server 2003 running IAS this error presented itself in the IAS console when trying to configure EAP with the new certificate: “A certificate could not be found that can be used with this Extensibel Authentication Protocol.” This was accompanied by these two events in the System Log: …
Trusting self-signed certificates
If you import a self-signed certificate into the Trusted Root Certificate Authorities store you will not get certificate warnings for that certificate. Nice to know when you are working with servers that generate self-signed certificates.
PGP
A PGP clone that works on Windows: GPG4Win Display GPG info: gpg.exe –version Importing your old PGP keys Open a DOS Window (run CMD.EXE) cd to the directory where your PGP keyrings (pubring.pkr & secring.skr) live. Import your PGP keys to GnuPG: gpg –import secring.skr gpg –import pubring.pkr You’ll need to go in and assign …
What are the security benefits of running a service as the Local System Account as opposed to a user account?
With the release of Windows 2000 products from Microsoft, most prominently Exchange 2000, started running their services under the Local System1 account instead of using a dedicated Active Directory User account, or what is commonly known as a service account2. The reason for this was security. As time passed more and more products adapted this …