I was following these instructions here using CERTREQ to create my certificate request, and everything worked fine up to step 6. In step 6 is states that I should have a CER file. I wrote some articles about creating a certificate here and here, where there is a CER file created, however, when I downloaded […]
Read More →Tags: Security
Using TLS 1.2 with WCF
NOTE: Security is a very serious topic and you should always engage an IT security expert before deploying an application that needs to be secure. This article is intended to share my experience versus being an article to use as a guideline. With all the news about the different vulnerabilities like heartbleed and poodle, developers […]
Read More →Renew an IIS 7, IIS 7.5, IIS 8.0 or IIS 8.5 … SSL Certificate (PKCS #10 vs. PKCS #7)
I will confess to not being a security expert. So this article is not about how the process works, instead about a change that I had a hard time finding when working with a customer some months ago. Security is serious business, so I like to leave those kinds of things to the experts and […]
Read More →Configure Application Request Routing (ARR) with Client Certificates
The kind of Client Certificate I use most is stored electronically on a chip located on the back of my id badge. There is a card reader in my PC that can access these certificates, which are protected by a pin and requested when I attempt to access a web site that is configured to […]
Read More →HTTP 404 after installing an SSL Certificate
I was configuring an SSL certificate and once complete, when I attempted to access the website using https://localhost I started receiving a 404 error as shown in Figure 1. Figure 1, 404 HTTP Status after installing an SSL Certificate I tried some shots at troubleshooting the issue using Failed Request Tracing and LogParser to view […]
Read More →Make your own SSL Certificate for testing and learning
Like many technologies, they seem very complicated when you begin to work with it, but once you get into it you start to hit the boundaries of its capabilities and features. Once you use a tool for some time you learn what it can and cannot do, and therefore when there is a problem you […]
Read More →Enable CAPI2 event logging to troubleshoot PKI and SSL Certificate Issues
The CryptoAPI 2.0 Diagnostics is a feature available on Windows Server 2008+ that supports the trouble shooting of issues concerned with, for example: Certificate Chain Validation Certificate Store Operations Signature Verification This article describes how to enable the CAPI2 Diagnostic, but for an in depth review of the capability, check here. Enable CAPI2 logging by […]
Read More →Secure channel compatibility support with SSL and TLS
I wrote 2 previous blogs about NTLM and Negotiate/Kerberos which discussed briefly about how those authentication packages work within the context of Integrated Windows Authentication. Another authentication package supported in Windows is called Secure Channel, also known as Schannel. This blog will not discuss the details of Schannel because the detail can be found here. […]
Read More →Kerberos authPersistNonNTLM authentication, request based vs. session based authentication
Kerberos is a request based authentication protocol. That means with each request, there is a resulting authentication step. See the following figure 1 where you notice a Ticket request for each GET Http Command. Figure 1, Network Monitor log for request based authentication This article covers the implementation of the authPersistNonNTLM attribute, that when set […]
Read More →Integrated Windows Authentication with NTLM
IIS provides a number of different authentication techniques. One of which is Integrated Windows Authentication. Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. The preceding image shows a standard communication flow between Internet Explorer and IIS version 6+. The initial request […]
Read More →